[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Problem with where hidden_services able to be placed/permissions.

Hash: SHA256

I understand.

In Debian, if installed via apt-get, Tor will run under user debian-tor.

If you create the hidden service directory in /home/user/Documents,
this doesn't give the permissions to the user running Tor, which is as
I said 'debian-tor' and not 'user'.

Please follow up below and see comments inline:

On 8/12/2015 11:18 PM, MaQ wrote:
> Yes, running Tor'Do you see there files like 
> cached-microdesc-consensus, lock, state, etc.?' Files do exist in 
> /var/lib/tor. The pertinent torrc:
> 'HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80
> The '/var/lib/tor' by default is limited to root. I did some tests 
> deleting 'hidden_service' to regenerate new .onion addresses. All
> fine.

OK, this is normal.

> The normal 'user' of system can't access '/var/lib/tor'. I changed 
> permissions of folder. Tor wouldn't generate new hidden_services
> files or connect. I created a new folder 'hidden_service' in
> user's '/home/user/Documents' and changed torrc to 
> '/home/user/Documents/hidden_service'. Tor wouldn't generate new 
> hidden_services files or connect.

Tor cannot generate new hidden service files in
/home/user/Documents/hidden_service because this is owned by 'user'
and Tor is run by 'debian-tor'.

Do this: leave in torrc:
HiddenServiceDir /home/user/Documents/hidden_service

And run these commands:
chown -R debian-tor:debian-tor /home/user/Documents/hidden_service

chown -R debian-tor:debian-tor /home/user/Documents/hidden_service/*

> Changed everything back, back to normal... What I'm trying to do is
> have a fresh OS, that when a new user starts for first time, a
> unique .onion address is generated for them and it is easily
> displayed on a start page, without them having to fish around in
> files or having to use editor, terminal, etc.

This won't work unless Tor is also started/reloaded (so it'll generate
the hidden service files), and you need to add each time entries in
torrc for each user for this to happen:

HiddenServiceDir /home/user1/Documents/hidden_service/
HiddenServicePort 80 # or whatever you use

HiddenServiceDir /home/user2/Documents/hidden_service/
HiddenServicePort 80 # or whatever you use

You also need to change the owner of all hidden_service folders for
each user to debian-tor using the commands above.

> (On another note, the tor lists has been the quickest
> response/most helpful for a novice, that I've encountered. Thank
> you all.)
> ----------
> Hi,
> If you installed from deb.torproject.org I assume you are using
> Tor, correct? (run # tor --version to check this).
> Please explain once again what you did, I don't exactly
> understand. Have you restored a hidden service for which you had
> backups of private_key and hostname files? Or did you leave Tor to
> create a new hidden service? What do you mean by 'set-up a
> directory in user's Documents folder'?
> If you have installed via apt, your datadirectory should be 
> /var/lib/tor, unless you didn't change it by modifying torrc. Do
> you see there files like cached-microdesc-consensus, lock, state,
> etc.? Also, the username who should run Tor on your system is
> debian-tor.
> Please provide more details and torrc entries.
> On 8/10/2015 11:49 PM, MaQ wrote:
>> I tried a couple of things.
>> Gave complete permissions to user at 
>> /var/lib/tor/hidden_services/hostname recursively AND
>> set-up a directory in user's Documents folder.
>> In both instances Tor would not make a connection. Had to revert 
>> all settings back to only allowing files to be placed with root 
>> restrictions in /var/lib/tor/ (torrc was correctly set to best
>> of knowledge in both instances).
>> I'm using Debian, Tor was installed from apt repositories using 
>> instructions from torproject.org, with adding line to
>> sources.list and keyring, etc.
>> Need user to have access to hostname file.
>> Did read something about differences in privileges depending if 
>> using apt or downloading tarball?
>> What is solution?
> tor-talk-request@xxxxxxxxxxxxxxxxxxxx:
>> Re: [tor-talk] Problem with where hidden_services able to be 
>> placed/permissions.
Version: GnuPG v2.0.22 (MingW32)

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to