[tor-bugs] #27334 [Core Tor/Tor]: RelaxDirModeCheck on ControlSocket still requires group to m
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 27 12:07:04 UTC 2018
#27334: RelaxDirModeCheck on ControlSocket still requires group to m
--------------------------+----------------------------------
Reporter: a_p | Owner: (none)
Type: defect | Status: reopened
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: easy, doc | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+----------------------------------
Comment (by a_p):
Replying to [comment:4 teor]:
> Replying to [comment:2 a_p]:
> > Isn't that the point of RelaxDirModeCheck to give operators the
freedom to allow a group to access the control socket files (of all
instances)?
>
> No, the point of RelaxDirModeCheck is to allow more than one *user* to
access the control socket files.
>
> Normally, tor makes sure that the group has no permissions to the
directory containing the tor socket.
> RelaxDirModeCheck allows the directory to be readable and searchable by
the group as well.
The important bit to add to the man page is: "The group of the folder
containing the controlsocket file must match the primary group of the user
used to run tor - even with RelaxDirModeCheck. If they do not match, tor
will refuse to create the control socket file."
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27334#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list