[BUG] remove su_cmd

Question

[BUG] remove su_cmd

nyxnor opened this issue 3 years ago · 4 comments

nyxnor commented 3 years ago

Describe the bug

131 occurences on the cli, instead, just call the script as root

check readability and writability of tor_conf and tor_data_dir

To Reproduce

Expected behavior

Terminal output

Screenshots

Please complete the following specifications:

Additional context

Answer 1 · 2022-02-12T00:33:09.000Z

just to be clear, it is still used to tor -u $tor_user --verify-config tor as its user in case the "User" option was not set on the file, which is the case for debian, as the user option is set on /usr/share/tor/tor-service-defaults-torrc, not in /etc/tor/torrc as many others.

Answer 2 · 2022-02-12T13:47:37.000Z

backup dir is home/.onionjuggler/backup
but as the script must be run as root now, it is defaulting to /root/.onionjuggler/backup

Answer 3 · 2022-02-17T01:24:56.000Z

I don't have any other idea where to save backups beside /var/lib/onionjuggler (directory that will be created).

Answer 4 · 2022-02-23T01:13:03.000Z

currently, su_cmd is being used to signal tor as its user if the User option is not set on the configuration file. This is what happens on debian defaul if using /etc/tor/torrc to edit, where the user option is set on /usr/share/tor/tor-service-defaults-torrc. But this also can happen on any system that uses the %include option, where multiple confs are used.

It is hard to remove this dependency because most systems don't even have a defaults-torrc being read by default (in fact, anything non debian afaik), happens on every bsd, arch, gentoo, etc.

Take debian for example:

Works:

sudo -u debian-tor tor --verify-config -f /etc/tor/torrc

Works:

sudo tor --verify-config -f /etc/tor/torrc --defaults-torrc /usr/share/tor/tor-service-defaults-torrc

Fails:

sudo tor --verify-config -f /etc/tor/torrc --User debian-tor

[warn] Directory /root/.tor cannot be read: Permission denied
[warn] Failed to parse/validate config: Couldn't access private data directory "/root/.tor"

Why does this last one fails? Cause it is also needed to specify the DataDirectory.

Works:

sudo tor --verify-config -f /etc/tor/torrc --User debian-tor --DataDirectory

As onionjuggler-scripts must be called as roots because most of the operations requires privilege, and onionjuggler.conf has your tor_data_dir and tor_user, it is possible to remove the dependency on sudo or doas.