tor services permissions problem

New to Debian (Or Linux in general)? Ask your questions here!

tor services permissions problem

Postby PsySc0rpi0n » 2019-08-24 12:42

Hello. Here I am again.

I'm setting up an hidden Tor service and according to the service docs I have all set up, however, I'm getting an error message about one of the settings I have in one of the config files of Tor.

For security purposes I'll use different names and port numbers to describe the issue.

In /var/log/tor/log, I keep getting this warn:
Code: Select all
Aug 24 11:23:51.000 [warn] Unable to make /var/lib/tor group-readable: Permission denied


My /etc/tor/torrc file is this:

Code: Select all
SOCKSPort 1000
ControlPort 1001

HiddenServiceDir /var/lib/tor/test-service/
HiddenServicePort 1010 127.0.0.1:1010
HiddenServiceVersion 2


In file /usr/share/tor/tor-service-defaults-torrc I have
Code: Select all
DataDirectory /var/lib/tor
 PidFile /var/run/tor/tor.pid
 RunAsDaemon 1
 User debian-tor

 ControlSocket /var/run/tor/control GroupWritable RelaxDirModeCheck
 ControlSocketsGroupWritable 1
 DataDirectoryGroupReadable  1 # Added from https://wiki.archlinux.org/inex.php/tor by me on 17/0/2019
 SocksPort unix:/var/run/tor/socks WorldWritable
 SocksPort 1000 # Changed by me from 9050 to 1000 by me on 17/08/2019

 CookieAuthentication 1
 CookieAuthFileGroupReadable 1
 CookieAuthFile /var/run/tor/control.authcookie

 Log notice file /var/log/tor/log


User running tor:
Code: Select all
debian-tor  1339  0.3  0.2  91652 40128 ?        Ss   ago23   4:04 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0


Permissions in folders of interest:
Code: Select all
$ ls -lah /var/lib/tor
total 6,3M
drwxr-x---  3 debian-tor debian-tor 4,0K ago 24 14:22 .
drwxr-xr-x 81 root       root       4,0K ago 15 09:21 ..
drwx--S---  2 debian-tor debian-tor 4,0K ago 24 11:23 test-service
-rw-------  1 debian-tor debian-tor  20K ago 15 09:21 cached-certs
-rw-------  1 debian-tor debian-tor 2,1M ago 24 13:15 cached-microdesc-consensus
-rw-------  1 debian-tor debian-tor 4,0M ago 23 21:27 cached-microdescs
-rw-------  1 debian-tor debian-tor 293K ago 24 13:36 cached-microdescs.new
-rw-r-----  1 debian-tor debian-tor   32 ago 17 17:31 control_auth_cookie
-rw-------  1 debian-tor debian-tor    0 ago 23 20:57 lock
-rw-------  1 debian-tor debian-tor 3,7K ago 24 14:22 state




So, if I'm not mistaken, user running tor is "debian-tor" and as ownership of /var/lib/tor is "debian-tor:debian-tor", there shoul be no permissions issues, right?
So, what might be the problem?
User avatar
PsySc0rpi0n
 
Posts: 109
Joined: 2012-10-24 13:54
Location: Portugal

Re: tor services permissions problem

Postby Bloom » 2019-08-24 13:55

To change the ownership of system directories, you need to be root.
So use
Code: Select all
$ sudo chown ...

and it should work fine.
User avatar
Bloom
 
Posts: 178
Joined: 2017-11-11 12:23

Re: tor services permissions problem

Postby PsySc0rpi0n » 2019-08-24 22:01

Bloom wrote:To change the ownership of system directories, you need to be root.
So use
Code: Select all
$ sudo chown ...

and it should work fine.


If I'm not missing anything, all ownership is as it should. There's something else causing this problem. Or if it is ownership problem, I know how to change them. I just don't know what to change and to what to change!
User avatar
PsySc0rpi0n
 
Posts: 109
Joined: 2012-10-24 13:54
Location: Portugal

Re: tor services permissions problem

Postby Bloom » 2019-08-25 07:02

Your error is "Unable to make /var/lib/tor group-readable: Permission denied"
That means the installation script is trying chown of that directory without sudo/root, then you get that error.
If the directory is already created with the proper permissions, you can ignore that error. If the installation script halts after that error, find the chown /var/lib/tor and prepend sudo.
User avatar
Bloom
 
Posts: 178
Joined: 2017-11-11 12:23

Re: tor services permissions problem

Postby PsySc0rpi0n » 2019-08-26 20:37

Bloom wrote:Your error is "Unable to make /var/lib/tor group-readable: Permission denied"
That means the installation script is trying chown of that directory without sudo/root, then you get that error.
If the directory is already created with the proper permissions, you can ignore that error. If the installation script halts after that error, find the chown /var/lib/tor and prepend sudo.


I'm not sure if by "the installation script" you mean tor service. If so, it's not supposed that tor must run as root.
User avatar
PsySc0rpi0n
 
Posts: 109
Joined: 2012-10-24 13:54
Location: Portugal


Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable