[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Problem with where hidden_services able to be placed/permissions.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I understand.

In Debian, if installed via apt-get, Tor will run under user debian-tor.

If you create the hidden service directory in /home/user/Documents,
this doesn't give the permissions to the user running Tor, which is as
I said 'debian-tor' and not 'user'.

Please follow up below and see comments inline:

On 8/12/2015 11:18 PM, MaQ wrote:
> Yes, running Tor 0.2.6.10.'Do you see there files like 
> cached-microdesc-consensus, lock, state, etc.?' Files do exist in 
> /var/lib/tor. The pertinent torrc:
> 
> 'HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80
> 127.0.0.1:80'
> 
> The '/var/lib/tor' by default is limited to root. I did some tests 
> deleting 'hidden_service' to regenerate new .onion addresses. All
> fine.
> 

OK, this is normal.

> The normal 'user' of system can't access '/var/lib/tor'. I changed 
> permissions of folder. Tor wouldn't generate new hidden_services
> files or connect. I created a new folder 'hidden_service' in
> user's '/home/user/Documents' and changed torrc to 
> '/home/user/Documents/hidden_service'. Tor wouldn't generate new 
> hidden_services files or connect.
> 

Tor cannot generate new hidden service files in
/home/user/Documents/hidden_service because this is owned by 'user'
and Tor is run by 'debian-tor'.

Do this: leave in torrc:
HiddenServiceDir /home/user/Documents/hidden_service

And run these commands:
chown -R debian-tor:debian-tor /home/user/Documents/hidden_service

chown -R debian-tor:debian-tor /home/user/Documents/hidden_service/*


> Changed everything back, back to normal... What I'm trying to do is
> have a fresh OS, that when a new user starts for first time, a
> unique .onion address is generated for them and it is easily
> displayed on a start page, without them having to fish around in
> files or having to use editor, terminal, etc.
> 

This won't work unless Tor is also started/reloaded (so it'll generate
the hidden service files), and you need to add each time entries in
torrc for each user for this to happen:

HiddenServiceDir /home/user1/Documents/hidden_service/
HiddenServicePort 80 127.0.0.1:80 # or whatever you use

HiddenServiceDir /home/user2/Documents/hidden_service/
HiddenServicePort 80 127.0.0.1:80 # or whatever you use

You also need to change the owner of all hidden_service folders for
each user to debian-tor using the commands above.


> (On another note, the tor lists has been the quickest
> response/most helpful for a novice, that I've encountered. Thank
> you all.)
> 
> ----------
> 
> Hi,
> 
> If you installed from deb.torproject.org I assume you are using
> Tor 0.2.6.10, correct? (run # tor --version to check this).
> 
> Please explain once again what you did, I don't exactly
> understand. Have you restored a hidden service for which you had
> backups of private_key and hostname files? Or did you leave Tor to
> create a new hidden service? What do you mean by 'set-up a
> directory in user's Documents folder'?
> 
> If you have installed via apt, your datadirectory should be 
> /var/lib/tor, unless you didn't change it by modifying torrc. Do
> you see there files like cached-microdesc-consensus, lock, state,
> etc.? Also, the username who should run Tor on your system is
> debian-tor.
> 
> Please provide more details and torrc entries.
> 
> On 8/10/2015 11:49 PM, MaQ wrote:
>> I tried a couple of things.
>> 
>> Gave complete permissions to user at 
>> /var/lib/tor/hidden_services/hostname recursively AND
>> 
>> set-up a directory in user's Documents folder.
>> 
>> In both instances Tor would not make a connection. Had to revert 
>> all settings back to only allowing files to be placed with root 
>> restrictions in /var/lib/tor/ (torrc was correctly set to best
>> of knowledge in both instances).
>> 
>> I'm using Debian, Tor was installed from apt repositories using 
>> instructions from torproject.org, with adding line to
>> sources.list and keyring, etc.
>> 
>> Need user to have access to hostname file.
>> 
>> Did read something about differences in privileges depending if 
>> using apt or downloading tarball?
>> 
>> What is solution?
> 
> tor-talk-request@xxxxxxxxxxxxxxxxxxxx:
>> Re: [tor-talk] Problem with where hidden_services able to be 
>> placed/permissions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVy97FAAoJEIN/pSyBJlsRaggH/j/UWNoRRQ+BVI9W0314H8mL
93QA4fZ/m1g5uBdDD3sWXTkMcPViXe9xGIFgwb3wKLvM9SEIMGk+qqCs4P8fdFfC
BTiSWjY7NQB0lAINH3LkPosMeZgwudkq6lXNnTlsdGNJP9E6YteS9Pr8t/rJ2YAr
VKqstsNfbROsDRCfdBwcmTUPSYRnAWlNIM8gCvgb9yKdeobpoMac32Uig45GCdKB
1tnSPR1Z3YyWrjeOfsfrGT7n594Pl4BAVegObIXrNA+Ot33VOijgOaAVR2Hm3Fxd
vzsaQbRyBGLHI+FL8Sm/aqQVFY9/9JXPjMFURzOAR7q9Y3mY+okCDw60UTPvY0o=
=UOoW
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk