You can also have Tor install the service as the NT AUTHORITY\LocalService account. This patch on 0.1.1.5-alpha does so: --- main.c.orig 2005-08-04 18:45:20.000000000 -0400 +++ main.c 2005-08-19 09:15:47.000000000 -0400 @@ -77,6 +77,7 @@ #define GENSRV_SERVICENAME TEXT("tor") #define GENSRV_DISPLAYNAME TEXT("Tor Win32 Service") #define GENSRV_DESCRIPTION TEXT("Provides an anonymous Internet communication system") +#define GENSRV_USERACCT TEXT("NT AUTHORITY\\LocalService") // Cheating: using the pre-defined error codes, tricks Windows into displaying // a semi-related human-readable error message if startup fails as @@ -1767,7 +1768,7 @@ if ((hService = CreateService(hSCManager, GENSRV_SERVICENAME, GENSRV_DISPLAYNAME, SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_IGNORE, command, - NULL, NULL, NULL, NULL, "")) == NULL) { + NULL, NULL, NULL, GENSRV_USERACCT, "")) == NULL) { errmsg = nt_strerror(GetLastError()); printf("CreateService() failed : %s\n", errmsg); CloseServiceHandle(hSCManager); -----Original Message----- From: owner-or-talk@xxxxxxxxxxxxx on behalf of Carsten Krüger Sent: Thu 8/18/2005 9:05 PM To: or-talk@xxxxxxxx Subject: bad security setting for win32 tor service Hello, the default install of win32 tor service is bad. tor -install create the service that it runs with SYSTEM-privileges (highest possible privilege level on win32 (more than administrator)) Nobody would run tor daemon on *nix with root-privileges. short document about Service account permissions: http://www.microsoft.com/resources/documentation/WindowsServ/2003/datacenter/proddocs/en-us/sys_srv_permissions.asp Tor works fine as user LocalService. tor.exe didn't find: C:\Documents and Settings\LocalService\Application Data\Tor\torrc but c:\Program Files\Tor\torrc worked I defined the log directory in torrc this way: Log notice file C:\Documents and Settings\LocalService\Application Data\Tor\notices.log and changed the account for the service: -----------------------------tor_service.reg----------------------------------- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tor] "ObjectName"="NT AUTHORITY\\LocalService" -----------------------------tor_service.reg----------------------------------- (0. "tor -install" if tor is not installed) 1. run "regedit /s tor_service.reg" to merge this regfile silent 2. stop tor-service "sc stop tor" 3. start tor-service again "sc start tor" and it runs within the localservice account greetings Carsten
<<winmail.dat>>