[Tor-BSD] FreeBSD permissions issues
Vinícius Zavam
egypcio at googlemail.com
Wed Nov 18 10:34:26 EST 2015
2015-11-18 12:04 GMT-03:00, George Rosamond <george at ceetonetechnology.com>:
> Vinícius Zavam:
>> 2015-11-18 7:18 GMT-03:00, Fabian Keil <freebsd-listen at fabiankeil.de>:
>>> "N.J. Thomas" <njt at ayvali.org> wrote:
>>>
>>>> * Pete Wright <pete at nomadlogic.org> [2015-11-17 14:23:13-0800]:
>>>>>> Has anyone else noticed the same? Am I doing something wrong with my
>>>>>> install, or does this need to be fixed?
>>>>>>
>>
>> I think that https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203014
>> updates that. No?
>
> ... too much snipping...
>
> Without going through the diffs, I think the log issue is critical.
>
>>
>>>>> on my end this info is already included in the pkg-message.in file
>>>>> which
>>>>> should get printed to stdout when installing the pkg.
>>
>> Some of the details and small typos related to "files/pkg-message.in"
>> and "files/tor.in" were patched, for both versions available at the
>> FreeBSD Ports Collection on that bug report.
>>
>>>> Ugh, serves me right for ignoring this during installation.
>>>>
>>>> I guess my next question is, if is this something that can be automated?
>>>
>>> Yes. The port's ElectroBSD version does it in the rc script like this
>>> (patch
>>> 4):
>>> https://www.fabiankeil.de/sourcecode/electrobsd/tor-devel-0.2.7.4-rc.diff
>>
>> The line/information about randomizing IP ID was removed by this
>> patch. Why? This can be worst than "pre-setting" directories, I think.
>
> Yeah, so I submitted that originally... it was unclear if it *really*
> mattered to be honest, but I still find it perplexing that FreeBSD
> doesn't enable random IP IDs by default. I know it has some relevance
> to NFS/UDP, but every other OS figured it out.
>
>>
>>>> Is there any particular reason this is a manual step?
>>>
>>> That's a question you should probably ask the maintainer.
>>
>> Well, I am not the maintainer, but... "pkg-message.in" provides the
>> user a warning and gives it some settings/commands to follow within
>> certain conditions. If the user can't (do not want to) read that...
>> I'm (not) sorry.
>>
>>> The PR history of the tor ports suggests that you may have to
>>> wait a while for a response, though.
>>>
>>> Fabian
>>>
>>
>> IMHO, there's no need to automate every single piece of code or
>> configuration to give the users/admins even less responsibilities to
>> setup a relay or use tor. // Yes; less responsibilities. That's my
>> point of view.
>>
>> PS: Keeping up backups for your relay(s) key(s) is a MUST. Do you
>> think the port should do that for you too?
>
> To me the keys issue matters, but I think correction configuration and
> working out of the box (therefore creating a correctly permissioned log
> file) matters even more.
If I am not wrong, the last patches, pointed at the FreeBSD's
Bugzilla, are doing that. You can start the daemon and it will be
logging to file /var/log/tor.
> if it doesn't work on startup without the installing user setting up the
> log file, it's broken IMHO.
Works out of the box.
But... if someone follows the TDP's how-to to setup a FreeBSD relay,
the defaults on https://torbsd.github.io/torrc.txt will point
/var/log/tor.log as log file (we will be writing the same info into
two different files). Again, here the user should interact with the
relay's config file.
--
Vinícius Zavam
keybase.io/egypcio/key.asc
More information about the Tor-BSD
mailing list