Bug 205651

Summary: security/tor: pid file location
Product: Ports & Packages Reporter: Sir l33tname <sirl33tname>
Component: Individual Port(s)Assignee: Dmitry Marakasov <amdmi3>
Status: Closed FIXED    
Severity: Affects Many People CC: rodrigo.freebsd, woodsb02
Priority: --- Flags: amdmi3: maintainer-feedback-
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Create pid folder with rc script none

Description Sir l33tname 2015-12-27 20:53:47 UTC 
The tor package does not create the /var/run/tor folder. 

so it's this line: ${tor_pidfile="/var/run/tor/tor.pid"} in
http://svnweb.freebsd.org/ports/head/security/tor/files/tor.in?view=markup

I personally would like if it would be just /var/run/tor.pid. 
Or is there a reason that the pid file is in /var/run/tor?

I didn't add a patch because it's probably easier to change it 
than to apply a patch.
Comment 1 Ben Woods freebsd_committer freebsd_triage 2015-12-28 15:09:43 UTC 
This is typically because tor runs as the unprivileged user "_tor" and does not have permissions to create a file within the /var/run/ folder. Creating the folder /var/run/tor which is owned by the _tor user is one way to solve this.

Another way to solve it, is to get the rc.d script (which is executed as root) to manage the creation and deletion of the pid file and datadir folder. Something like this:

start_precmd=%%RC_NAME%%_precmd
%%RC_NAME%%_precmd()
{
        if [ ! -e "${pidfile}" ]; then
                install -g ${%%RC_NAME%%_group} -o ${%%RC_NAME%%_user} -- /dev/null "${pidfile}";
        fi

        if [ ! -d "${%%RC_NAME%%_datadir}" ]; then
                install -d -g ${%%RC_NAME%%_group} -o ${%%RC_NAME%%_user} -- "${%%RC_NAME%%_datadir}";
        fi
}

stop_postcmd=%%RC_NAME%%_postcmd
%%RC_NAME%%_postcmd()
{
        rm -f -- "${pidfile}"
}
Comment 2 Rodrigo N. Hernandez freebsd_triage 2015-12-28 22:19:48 UTC 
(In reply to Sir l33tname from comment #0)

Hi Sir l33tname. Technically your issue is covered already by the package post installation message:

Message from tor-0.2.6.9:
================================================================================
To enable the tor server, set tor_enable="YES" in your /etc/rc.conf
and edit /usr/local/etc/tor/torrc as desired. (However, note that the
/usr/local/etc/rc.d/tor rc.subr script can override some torrc
options: see that script for details.) To use the torify script, install
the net/torsocks port. After installing tor for the first time, or after
a major update of tor, you should:

rm -r /var/db/tor /var/run/tor
mkdir -p /var/db/tor/data /var/run/tor
touch /var/log/tor
chown -R _tor:_tor /var/db/tor /var/log/tor /var/run/tor
chmod -R 700 /var/db/tor

before starting the tor server. Tor users are strongly advised to prevent traffic
analysis that exploits sequential IP IDs by setting:

sysctl net.inet.ip.random_id=1

(see sysctl.conf(5)).
================================================================================
Comment 3 Sir l33tname 2015-12-30 15:43:32 UTC 
Created attachment 164867 [details]
Create pid folder with rc script
Comment 4 Sir l33tname 2015-12-30 15:44:58 UTC 
Comment on attachment 164867 [details]
Create pid folder with rc script

maybe something like this? (I hope I created the patch the right way)
Comment 5 Dmitry Marakasov freebsd_committer freebsd_triage 2016-01-12 18:46:04 UTC 
I'm working on this. It _should_ be a folder for tor, running under _tor user, to be able to create its pidfile (only root can create files in /var/run). Port should also create log directory, same reasons.
Comment 6 Dmitry Marakasov freebsd_committer freebsd_triage 2016-01-14 13:16:47 UTC 
See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206235