[Tor-BSD] FreeBSD permissions issues

Fabian Keil freebsd-listen at fabiankeil.de
Wed Nov 18 10:01:18 EST 2015


Vinícius Zavam <egypcio at googlemail.com> wrote:

> 2015-11-18 7:18 GMT-03:00, Fabian Keil <freebsd-listen at fabiankeil.de>:
> > "N.J. Thomas" <njt at ayvali.org> wrote:

> >> Ugh, serves me right for ignoring this during installation.
> >>
> >> I guess my next question is, if is this something that can be automated?  
> >
> > Yes. The port's ElectroBSD version does it in the rc script like this (patch
> > 4):
> > https://www.fabiankeil.de/sourcecode/electrobsd/tor-devel-0.2.7.4-rc.diff  
> 
> The line/information about randomizing IP ID was removed by this
> patch. Why? This can be worst than "pre-setting" directories, I think.

Quoting the commit description:
|Subject: [PATCH 3/5] security/tor-devel: Remove recommendation to set
| net.inet.ip.random_id=1 as it's the ElectroBSD default

> >> Is there any particular reason this is a manual step?  
> >
> > That's a question you should probably ask the maintainer.  
> 
> Well, I am not the maintainer, but... "pkg-message.in" provides the
> user a warning and gives it some settings/commands to follow within
> certain conditions. If the user can't (do not want to) read that...
> I'm (not) sorry.

For some users following these steps is hard, others may not
even notice them because they get lost in the pkg noise.

> > The PR history of the tor ports suggests that you may have to
> > wait a while for a response, though.

> IMHO, there's no need to automate every single piece of code or
> configuration to give the users/admins even less responsibilities to
> setup a relay or use tor. // Yes; less responsibilities. That's my
> point of view.

My point of view is that having to create those directories is
a completely unnecessary barrier (and a waste of time).

> PS: Keeping up backups for your relay(s) key(s) is a MUST. Do you
> think the port should do that for you too?

I don't consider backing up relay keys a MUST. Having said that,
I would not mind if the port would make this (and thus migrating
relays) more convenient.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20151118/a50c9fb1/attachment.bin>


More information about the Tor-BSD mailing list