[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #6996 [Obfsproxy]: Problems with starting managed Obfsproxy server when installed via debian package and with Tor as service
#6996: Problems with starting managed Obfsproxy server when installed via debian
package and with Tor as service
-----------------------+----------------------------------------------------
Reporter: linda | Owner: asn
Type: defect | Status: new
Priority: normal | Milestone:
Component: Obfsproxy | Version: Tor: 0.2.3.22-rc
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by linda):
Replying to [comment:5 arma]:
> Replying to [comment:4 linda]:
> > Now I'm trying to add all the options in {{{/usr/share/tor/tor-
service-defaults-torrc}}} to the command line to see if it reproduces the
error. It works if I leave out {{{User debian-tor}}}:
>
> > linda@vm05:~$ sudo -u debian-tor tor -f /etc/tor/torrc DataDirectory
/var/lib/tor RunAsDaemon 1 Log "notice file /var/log/tor/log"
ControlSocket /var/run/tor/control ControlSocketsGroupWritable 1 PidFile
/var/run/tor/tor.pid CookieAuthentication 1 CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie User debian-tor
> > Oct 01 07:47:37.335 [warn] Error setting groups to gid 115: "Operation
not permitted".
> > Oct 01 07:47:37.335 [warn] Tor is already running as debian-tor. You
do not need the "User" option if you are already running as the user you
want to be. (If you did not set the User option in your torrc, check
whether it was specified on the command line by a startup script.)
> > Oct 01 07:47:37.335 [warn] Failed to parse/validate config: Problem
with User value. See logs for details.
>
> > Does this give you any clues?
>
> The init script starts Tor as root, and then Tor drops privs to the
debian-tor user. If you start Tor as debian-tor, you shouldn't ask it to
change user. Hopefully the above explanation by Tor makes sense?
Yes, it does. And from the log output, I understood that calling tor from
the command line as user debian-tor made the option {{{User}}} moot. I
was just trying to get as close as possible to what the (broken?) init
script does. Unfortunately, it worked like a charm when I called tor from
the command line with all the other options.
I wish there was a way to see what kind of permission is denied when I use
the init script. Is it writing to a file? Which one? I guess the
{{{--managed}}} is still a mystery to me... (although I like how it works
when I send SIGTERM to tor and it also kills the obfsproxy process if
running).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6996#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs