[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-dev] Tor can't read HiddenServicePort unix socket through group permissions when starting as root and using setgid?
Permissions are set so tor should be able to access through the `postfix-test-queue` user:
$ sudo ls -l /var/spool/postfix-test/public/smtpd
srw-rw-rw- 1 postfix-test postfix-test 0 █████ /var/spool/postfix-test/public/smtpd
$ sudo ls -l /var/spool/postfix-test
# ...
drwx--x--- 2 postfix-test postfix-test-queue 4096 █████ public
$ sudo -u _tor-test id
uid=130(_tor-test) gid=141(_tor-test) groups=141(_tor-test),1006(postfix-test-queue)
$ cat /etc/tor/instances/test/torrc | grep HiddenServicePort
HiddenServicePort 25 unix:/var/spool/postfix-test/public/smtpd
$ cat /run/tor-instances/test.defaults | grep User
User _tor-test
Running `tor@test` via the default systemctl config shows:
$ ps -ax -o uid,gid,supgid,command | grep /usr/bin/tor
130 141 141 /usr/bin/tor --defaults-torrc /run/tor-instances/test.defaults -f /etc/tor/instances/test/torrc
Which is missing the `postfix-test-queue` `1006` user which, for example shows up if I do:
$ sudo -u _tor-test sleep 1000 & ps -ax -o uid,gid,supgid,command | grep sleep
[1] 132314
0 141 141,1006 sudo -u _tor-test sleep 1000
Connecting using `sudo -u` works (the message indicates successful connection):
$ sudo -u _tor-test curl --unix-socket /var/spool/postfix-test/public/smtpd http://localhost curl: (1) Received HTTP/0.9 when not allowed
But connecting via tor does not:
█████ ERROR torsocks[134873]: Host unreachable (in socks5_recv_connect_reply() at socks5.c:539)
curl: (7) Couldn't connect to server
But does if I allow access to the socket to everyone:
$ sudo chmod "o+x" /var/spool/postfix-test/public/
curl: (1) Received HTTP/0.9 when not allowed
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev