[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Problem with where hidden_services able to be placed/permissions.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Problem with where hidden_services able to be placed/permissions.
From: s7r <s7r@xxxxxxxxxx>
Date: Thu, 13 Aug 2015 03:03:17 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 12 Aug 2015 20:03:43 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1439424205; bh=z+jqQdHEpOIjf5H4r1QmBS6XQFNF11mvtqytNe8c7QI=; h=Reply-To:Subject:References:To:From:Date:In-Reply-To; b=IJeJ/TlR/7sb7+vnBs6aVDywX7nPqAwitugqrlwkbVd+96d/a/Yt8xMdfsVjqsQes vy3qeb5sFSzaWsudHcBFE9+0MwnjpVRPPTJ25JYlUKR/PuBmBWTTCJirzo917R6Hw2 EhTT9kMtKz9eOJAlpUhfS7s92Z5l0NXH3BPSaEtk=
In-reply-to: <55CBAA03.8090008@xxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <mailman.390.1439336562.3050.tor-talk@xxxxxxxxxxxxxxxxxxxx> <55CBAA03.8090008@xxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I understand.

In Debian, if installed via apt-get, Tor will run under user debian-tor.

If you create the hidden service directory in /home/user/Documents,
this doesn't give the permissions to the user running Tor, which is as
I said 'debian-tor' and not 'user'.

Please follow up below and see comments inline:

On 8/12/2015 11:18 PM, MaQ wrote:
> Yes, running Tor 0.2.6.10.'Do you see there files like 
> cached-microdesc-consensus, lock, state, etc.?' Files do exist in 
> /var/lib/tor. The pertinent torrc:
> 
> 'HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80
> 127.0.0.1:80'
> 
> The '/var/lib/tor' by default is limited to root. I did some tests 
> deleting 'hidden_service' to regenerate new .onion addresses. All
> fine.
> 

OK, this is normal.

> The normal 'user' of system can't access '/var/lib/tor'. I changed 
> permissions of folder. Tor wouldn't generate new hidden_services
> files or connect. I created a new folder 'hidden_service' in
> user's '/home/user/Documents' and changed torrc to 
> '/home/user/Documents/hidden_service'. Tor wouldn't generate new 
> hidden_services files or connect.
> 

Tor cannot generate new hidden service files in
/home/user/Documents/hidden_service because this is owned by 'user'
and Tor is run by 'debian-tor'.

Do this: leave in torrc:
HiddenServiceDir /home/user/Documents/hidden_service

And run these commands:
chown -R debian-tor:debian-tor /home/user/Documents/hidden_service

chown -R debian-tor:debian-tor /home/user/Documents/hidden_service/*


> Changed everything back, back to normal... What I'm trying to do is
> have a fresh OS, that when a new user starts for first time, a
> unique .onion address is generated for them and it is easily
> displayed on a start page, without them having to fish around in
> files or having to use editor, terminal, etc.
> 

This won't work unless Tor is also started/reloaded (so it'll generate
the hidden service files), and you need to add each time entries in
torrc for each user for this to happen:

HiddenServiceDir /home/user1/Documents/hidden_service/
HiddenServicePort 80 127.0.0.1:80 # or whatever you use

HiddenServiceDir /home/user2/Documents/hidden_service/
HiddenServicePort 80 127.0.0.1:80 # or whatever you use

You also need to change the owner of all hidden_service folders for
each user to debian-tor using the commands above.


> (On another note, the tor lists has been the quickest
> response/most helpful for a novice, that I've encountered. Thank
> you all.)
> 
> ----------
> 
> Hi,
> 
> If you installed from deb.torproject.org I assume you are using
> Tor 0.2.6.10, correct? (run # tor --version to check this).
> 
> Please explain once again what you did, I don't exactly
> understand. Have you restored a hidden service for which you had
> backups of private_key and hostname files? Or did you leave Tor to
> create a new hidden service? What do you mean by 'set-up a
> directory in user's Documents folder'?
> 
> If you have installed via apt, your datadirectory should be 
> /var/lib/tor, unless you didn't change it by modifying torrc. Do
> you see there files like cached-microdesc-consensus, lock, state,
> etc.? Also, the username who should run Tor on your system is
> debian-tor.
> 
> Please provide more details and torrc entries.
> 
> On 8/10/2015 11:49 PM, MaQ wrote:
>> I tried a couple of things.
>> 
>> Gave complete permissions to user at 
>> /var/lib/tor/hidden_services/hostname recursively AND
>> 
>> set-up a directory in user's Documents folder.
>> 
>> In both instances Tor would not make a connection. Had to revert 
>> all settings back to only allowing files to be placed with root 
>> restrictions in /var/lib/tor/ (torrc was correctly set to best
>> of knowledge in both instances).
>> 
>> I'm using Debian, Tor was installed from apt repositories using 
>> instructions from torproject.org, with adding line to
>> sources.list and keyring, etc.
>> 
>> Need user to have access to hostname file.
>> 
>> Did read something about differences in privileges depending if 
>> using apt or downloading tarball?
>> 
>> What is solution?
> 
> tor-talk-request@xxxxxxxxxxxxxxxxxxxx:
>> Re: [tor-talk] Problem with where hidden_services able to be 
>> placed/permissions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVy97FAAoJEIN/pSyBJlsRaggH/j/UWNoRRQ+BVI9W0314H8mL
93QA4fZ/m1g5uBdDD3sWXTkMcPViXe9xGIFgwb3wKLvM9SEIMGk+qqCs4P8fdFfC
BTiSWjY7NQB0lAINH3LkPosMeZgwudkq6lXNnTlsdGNJP9E6YteS9Pr8t/rJ2YAr
VKqstsNfbROsDRCfdBwcmTUPSYRnAWlNIM8gCvgb9yKdeobpoMac32Uig45GCdKB
1tnSPR1Z3YyWrjeOfsfrGT7n594Pl4BAVegObIXrNA+Ot33VOijgOaAVR2Hm3Fxd
vzsaQbRyBGLHI+FL8Sm/aqQVFY9/9JXPjMFURzOAR7q9Y3mY+okCDw60UTPvY0o=
=UOoW
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Problem with where hidden_services able to be placed/permissions.
  - From: MaQ

Prev by Author: Re: [tor-talk] SSH connection attempts through hidden service
Next by Author: Re: [tor-talk] ConnLimit issues with tor-0.2.7.2-alpha
Previous by thread: Re: [tor-talk] Problem with where hidden_services able to be placed/permissions.
Next by thread: [tor-talk] Crowdsourcing Tor Guides
Index(es):
- Author
- Thread