-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/10/2011 12:38 PM, Erinn Clark wrote: > Yes, you could just remove that. But do you need to change the group > for all of the people who already have a _tor group created upon > upgrade? Should you delete the group from existing systems > altogether? Is it as simple as just removing all of the other > torgroup mentions from the .spec (and there are quite a lot of them)? > Does it do the right thing when it gets installed for a new user as > well? I think the best solution is to just remove the configure entry and keep creating the _tor (or tor) user and assigning it the _tor (or tor) group. I can't see why there shouldn't be a _tor group for the _tor user: you will need a group for the application user anyway and changing it from its standalone one to a shared one like "proxy" is a system upgrade nightmare as you correctly said and a security weakness as well (a broken application could leverage its belonging to the shared group to try to modify Tor configuration files).
Just my 2 cents, obviously! - -- Marco Bonetti Tor research and other stuff: http://sid77.slackware.it/ Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My GnuPG key id: 0x0B60BC5F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk14wHAACgkQTYvJ9gtgvF+vdQCfUyWjOEkLsI889ZA37BFImhOY ncAAnivvVGuY7cvppGbHSQBjhhTm4krm =ybNp -----END PGP SIGNATURE----- _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
