Wyllys Ingersoll wrote: > Scott Rotondo wrote: >> Wyllys Ingersoll wrote: >>> >>> I exchanged email with the lead engineer for the Tor project and he >>> told me that >>> Tor will use whatever it considers reasonable defaults if it doesn't >>> find a config file (/etc/torrc). So, instead of delivering a sample >>> config file, I think it is better to deliver a working config file in >>> /etc/torrc with 2 ports enabled by default - 9050 for socks, and 9001 >>> for the standard Tor relay connections. I will not deliver the >>> sample file. Also, Tor may be configured to listen on privileged >>> ports such as 443 if it is set up as a bridge relay, so it will need >>> the priv_net_privaddr privilege in addition to the "basic" set, I >>> will add this to the /usr/lib/tor entry in /etc/security/exec_attr. >>> >> >> I'm confused. Isn't /usr/lib/tor started by an SMF service? I would >> think you'd need to specify the privilege in the service manifest >> rather than exec_attr. >> >> Scott > > Yes, correct, it needs to be added there as well.
Or the SMF service can specific the name of the RBAC profile to use for the method credential. -- Darren J Moffat
