[Tor-BSD] FreeBSD permissions issues

Tim Wilson-Brown - teor teor2345 at gmail.com
Tue Nov 17 19:18:34 EST 2015 

> On 18 Nov 2015, at 11:16, George Rosamond <george at ceetonetechnology.com> wrote:
> 
> 
> 
> Tim Wilson-Brown - teor:
>> 
>>> On 18 Nov 2015, at 10:45, George Rosamond
>>> <george at ceetonetechnology.com> wrote:
>>> 
>>> 
>>> 
>>> Pete Wright:
>>>> 
>>>> 
>>>> On 11/17/15 14:41, N.J. Thomas wrote:
>>>>> * Pete Wright <pete at nomadlogic.org> [2015-11-17
>>>>> 14:23:13-0800]:
>>>>>>> Has anyone else noticed the same? Am I doing something
>>>>>>> wrong with my install, or does this need to be fixed?
>>>>>>> 
>>>>>> 
>>>>>> on my end this info is already included in the pkg-message.in
>>>>>> file which should get printed to stdout when installing the
>>>>>> pkg.
>>>>> 
>>>>> Ugh, serves me right for ignoring this during installation.
>>>>> 
>>>>> I guess my next question is, if is this something that can be
>>>>> automated? Is there any particular reason this is a manual
>>>>> step?
>>>>> 
>>>>> 
>>>> 
>>>> hrm - this is usually something i offload to my configuration
>>>> mgmt tool of choice but it got me thinking.  i re-read the
>>>> porter's handbook for freebsd and sure enough it looks like this
>>>> could be scripted.  i think if we drop a file named
>>>> "post-install" in /usr/ports/security/tor-devel/files/ we could
>>>> script this stuff.  i am thinking this is akin to %post
>>>> directives in RPM spec files (if you've ever had the misfortune
>>>> of working with RPM's).
>>>> 
>>>> the question though is this something that is frowned upon or
>>>> not.  i don't see too many instances of post-* scripts in the
>>>> ports tree, so either this isn't a common requirement or is
>>>> something that is avoided for other reasons.  would love to have
>>>> the time to dig into this myself but unfortunately i'm
>>>> oversubscribed as-is already :/
>>> 
>>> I don't think it's frowned on, and it's something that I should
>>> have submitted as a PR a long time ago.
>>> 
>>> IMHO, it should be simple enough to provide "post-install"
>>> instructions…
>> 
>> This step will delete any previous keys for a relay, so please don't
>> automate it:
>> 
>>> rm -r /var/db/tor /var/run/tor
>> 
>> When the relay starts up with no keys, it will generate a new key at
>> random. Any clients using the relay as a guard will then pick another
>> guard. All the Tor consensus flags on the relay will be reset, and
>> the flags that depend on stability may take a week or so to come
>> back.
> 
> Yes.  Very true.  I thought we were just referring to the creation and
> setting permissions for the tor log file?

I couldn't tell from the email trail which steps were being automated.

The mkdir -p of those directories should be ok to automate on every install.
Automating the chmod/chown could annoy people with custom setups.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20151118/da2d13c1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20151118/da2d13c1/attachment.bin>

More information about the Tor-BSD mailing list