[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] seeking someone to fix a Tor rpm bug

Hash: SHA1

On 03/10/2011 12:38 PM, Erinn Clark wrote:
> Yes, you could just remove that. But do you need to change the group
> for all of the people who already have a _tor group created upon
> upgrade? Should you delete the group from existing systems
> altogether? Is it as simple as just removing all of the other
> torgroup mentions from the .spec (and there are quite a lot of them)?
> Does it do the right thing when it gets installed for a new user as
> well?
I think the best solution is to just remove the configure entry and keep
creating the _tor (or tor) user and assigning it the _tor (or tor) group.
I can't see why there shouldn't be a _tor group for the _tor user: you
will need a group for the application user anyway and changing it from
its standalone one to a shared one like "proxy" is a system upgrade
nightmare as you correctly said and a security weakness as well (a
broken application could leverage its belonging to the shared group to
try to modify Tor configuration files).

Just my 2 cents, obviously!

- -- 
Marco Bonetti
Tor research and other stuff: http://sid77.slackware.it/
Slackintosh Linux Project Developer: http://workaround.ch/
Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/

My GnuPG key id: 0x0B60BC5F
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

tor-talk mailing list