[Tor-BSD] FreeBSD permissions issues
George Rosamond
george at ceetonetechnology.com
Wed Nov 18 10:04:41 EST 2015
Vinícius Zavam:
> 2015-11-18 7:18 GMT-03:00, Fabian Keil <freebsd-listen at fabiankeil.de>:
>> "N.J. Thomas" <njt at ayvali.org> wrote:
>>
>>> * Pete Wright <pete at nomadlogic.org> [2015-11-17 14:23:13-0800]:
>>>>> Has anyone else noticed the same? Am I doing something wrong with my
>>>>> install, or does this need to be fixed?
>>>>>
>
> I think that https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203014
> updates that. No?
... too much snipping...
Without going through the diffs, I think the log issue is critical.
>
>>>> on my end this info is already included in the pkg-message.in file
>>>> which
>>>> should get printed to stdout when installing the pkg.
>
> Some of the details and small typos related to "files/pkg-message.in"
> and "files/tor.in" were patched, for both versions available at the
> FreeBSD Ports Collection on that bug report.
>
>>> Ugh, serves me right for ignoring this during installation.
>>>
>>> I guess my next question is, if is this something that can be automated?
>>
>> Yes. The port's ElectroBSD version does it in the rc script like this (patch
>> 4):
>> https://www.fabiankeil.de/sourcecode/electrobsd/tor-devel-0.2.7.4-rc.diff
>
> The line/information about randomizing IP ID was removed by this
> patch. Why? This can be worst than "pre-setting" directories, I think.
Yeah, so I submitted that originally... it was unclear if it *really*
mattered to be honest, but I still find it perplexing that FreeBSD
doesn't enable random IP IDs by default. I know it has some relevance
to NFS/UDP, but every other OS figured it out.
>
>>> Is there any particular reason this is a manual step?
>>
>> That's a question you should probably ask the maintainer.
>
> Well, I am not the maintainer, but... "pkg-message.in" provides the
> user a warning and gives it some settings/commands to follow within
> certain conditions. If the user can't (do not want to) read that...
> I'm (not) sorry.
>
>> The PR history of the tor ports suggests that you may have to
>> wait a while for a response, though.
>>
>> Fabian
>>
>
> IMHO, there's no need to automate every single piece of code or
> configuration to give the users/admins even less responsibilities to
> setup a relay or use tor. // Yes; less responsibilities. That's my
> point of view.
>
> PS: Keeping up backups for your relay(s) key(s) is a MUST. Do you
> think the port should do that for you too?
To me the keys issue matters, but I think correction configuration and
working out of the box (therefore creating a correctly permissioned log
file) matters even more.
if it doesn't work on startup without the installing user setting up the
log file, it's broken IMHO.
g
More information about the Tor-BSD
mailing list