> On Mon, 2021-03-15 at 11:15 +0000, raid5atemyhomework via Guix-patches via wrote: > > > Currently, if you set DataDirectoryGroupReadable 1 in your torrc, > > What are the reasons for setting DataDirectoryGroupReadable 1? > When using cookie-based authentication, the cookie file is traditionally placed in the data directory. If the directory is not accessible from group, then only the `tor` user can access the cookie and control `tor`. With this option, the cookie can be accessed by members of the `tor` group. > > it will be respected only if tor is started up. > > IIUC, tor will adjust the permissions of the directory to make it > group readable (while Guix' activation code creates the directory > group-unreadable). Correct. However, when doing a `guix system reconfigure`, the activation code will be called again, which changes the directory back to group unreadable, without restarting tor. `tor` itself will only set the permissions when it starts up, and will ignore the permissions while running. > > > If you reconfigure your OS without restarting the tor service, > > the directory permissions are reset due to the activation code being > > re-run and resetting the directory permissions. > > This change simply does not chmod if the directory already exists. > > I believe it would be more transparent to introduce a > (data-directory-group-readable? #t/#f), with #f as default, > to tor-configuration (adjusting tor-configuration->torrc) > and change the permission bits passed to chmod appropriately. > > (Documentation & reproducible system configuration & one integrated > system (in the software sense) and all that) Possibly. Thanks raid5atemyhomework