Opened 5 years ago

Closed 5 years ago

#10700 closed defect (implemented)

tell users about tor-arm on the tor-relay-debian page

Reported by: arma Owned by:
Priority: Medium Milestone:
Component: Webpages/Website Version:
Severity: Keywords:
Cc: atagar Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We should tell people about arm on
https://www.torproject.org/docs/tor-relay-debian.html.en

What's the right way to run arm with the deb?

sssheep on irc suggested "sudo -u debian-tor arm". Is that indeed the recommended best practice? Or should we recommend that users add themselves to the debian-tor group, and run arm as themselves? Does arm know how to talk to the control socket in the Tor deb? Does the tor-arm package auto build arm knowing where to look?

Child Tickets

Change History (3)

comment:1 Changed 5 years ago by arma

apparently the arm package tells people to "sudo -u debian-tor arm", and that is very unwise because it gives arm access to (e.g.) tor's keys. That's probably a good bug to file for arm.

Better is to have users "sudo adduser $USER debian-tor" as the user that will be running arm, and then logout/login again and run arm. It will automatically look for both the control port (not configured by default) and the control socket (configured by default in the deb), and "should just work".

comment:2 in reply to:  1 Changed 5 years ago by arma

Replying to arma:

apparently the arm package tells people to "sudo -u debian-tor arm", and that is very unwise because it gives arm access to (e.g.) tor's keys. That's probably a good bug to file for arm.

Filed as #10702.

comment:3 Changed 5 years ago by arma

Resolution: implemented
Status: newclosed

Done in r26560

Note: See TracTickets for help on using tickets.