Introduce DataDirectoryGroupReadable boolean

ec4ef682 · Jamie Nguyen · Nick Mathewson · 08c7ceb5 · ec4ef682 · ec4ef682
Commit ec4ef682 authored Nov 13, 2015 by Jamie Nguyen Committed by Nick Mathewson Dec 10, 2015
--- a/changes/bug17562-DataDirectoryGroupReadable
+++ b/changes/bug17562-DataDirectoryGroupReadable
+  o Minor bug fixes:
+    - Introduce DataDirectoryGroupReadable boolean. If set to 1, the
+      DataDirectory will be made readable by the default GID.
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -353,6 +353,11 @@ GENERAL OPTIONS
 [[DataDirectory]] **DataDirectory** __DIR__::
    Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)

+[[DataDirectoryGroupReadable]] **DataDirectoryGroupReadable** **0**|**1**::
+    If this option is set to 0, don't allow the filesystem group to read the
+    DataDirectory. If the option is set to 1, make the DataDirectory readable
+    by the default GID. (Default: 0)
+
 [[FallbackDir]] **FallbackDir** __address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__]::
    When we're unable to connect to any directory cache for directory info
    (usually because we don't know about any yet) we try a FallbackDir.

--- a/src/or/config.c
+++ b/src/or/config.c
@@ -212,6 +212,7 @@ static config_var_t option_vars_[] = {
  V(CookieAuthFile,              STRING,   NULL),
  V(CountPrivateBandwidth,       BOOL,     "0"),
  V(DataDirectory,               FILENAME, NULL),
+  V(DataDirectoryGroupReadable,  BOOL,     "0"),
  V(DisableNetwork,              BOOL,     "0"),
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
@@ -1186,16 +1187,30 @@ options_act_reversible(const or_options_t *old_options, char **msg)
  }

  /* Ensure data directory is private; create if possible. */
+  cpd_check_t cpd_group_opts = CPD_NONE;
+  if (options->DataDirectoryGroupReadable)
+      cpd_group_opts = CPD_GROUP_READ;
  if (check_private_dir(options->DataDirectory,
-                        running_tor ? CPD_CREATE : CPD_CHECK,
+                        running_tor ?
+                        CPD_CREATE|cpd_group_opts : CPD_CHECK|cpd_group_opts,
                        options->User)<0) {
    tor_asprintf(msg,
              "Couldn't access/create private data directory \"%s\"",
              options->DataDirectory);
+
    goto done;
    /* No need to roll back, since you can't change the value. */
  }

+#ifndef _WIN32
+  if (options->DataDirectoryGroupReadable) {
+    /* Only new dirs created get new opts, also enforce group read. */
+    if (chmod(options->DataDirectory, 0750)) {
+      log_warn(LD_FS,"Unable to make %s group-readable.", options->DataDirectory);
+    }
+  }
+#endif
+
  /* Bail out at this point if we're not going to be a client or server:
   * we don't run Tor itself. */
  if (!running_tor)

--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3436,6 +3436,7 @@ typedef struct {

  char *DebugLogFile; /**< Where to send verbose log messages. */
  char *DataDirectory; /**< OR only: where to store long-term data. */
+  int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */
  char *Nickname; /**< OR only: nickname of this onion router. */
  char *Address; /**< OR only: configured address for this onion router. */
  char *PidFile; /**< Where to store PID of Tor process. */