[tor-relays] Questions regarding arm on Debian

Kurt Besig kbesig at socal.rr.com
Mon Nov 14 12:50:47 UTC 2016


On 11/12/2016 8:34 AM, r1610091651 wrote:
> On Sat, 12 Nov 2016 at 12:41 Dennis Christ <lists at ollic.de
> <mailto:lists at ollic.de>> wrote:
> 
>     Yes that is what i tried to do. But it does not work in my case.
> 
>     $ arm
>     [Errno 13] Permission denied: '/var/lib/tor/control_auth_cookie'
> 
>     Even if my user is in the group debian-tor the user has no right to
>     access /var/lib/tor.
> 
>     $ ls -l /var/lib | grep tor
>     drwx--S--- 4 debian-tor    debian-tor    4096 Nov 12 12:38 tor
> 
> 
>     Am 12.11.2016 um 10:33 schrieb Louie Cardone-Noott:
>     > On Fri, 11 Nov 2016, at 07:16 PM, diffusae wrote:
>     >> Yes, you are right. But CookieAuthentication should work. You cannot
>     >> query all of the connections without access to /var/lib/tor. You only
>     >> will see circuits. I suggest to use "sudo -u debian-tor arm", if you
>     >> like to use all of the arm pages. Otherwise you have to change the
>     >> permissions. In my case, there is also the setgid flags on the
>     >> directories (2700 drwx--S---).
>     > Sorry not fully read the correspondence here but perhaps a tidier
>     option
>     > might be the one recommended on the tor website[1] of doing
>     >
>     > sudo adduser $USER debian-tor
>     >
>     > The alternative of running as the debian-tor user is a 'bad idea', see
>     > [2] from last July
>     >
>     > [1] https://www.torproject.org/docs/tor-relay-debian.html.en#after
>     > [2]
>     >
>     https://lists.torproject.org/pipermail/tor-relays/2016-July/009608.html
> 
>  
> Hi
> 
> You could just modify the systemd service file for tor, with something like
> ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d
> /var/run/tor
> ExecStartPre=/usr/bin/install -Z -m 02750 -o debian-tor -g debian-tor -d
> /var/log/tor
> 
> Cheers
> Seb
> 
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
A little OT, but if Arm is giving you trouble perhaps try using nload or
lsof to view activity on your relay. When I started running a tor relay
I was very dependent on Arm to, 'see what was going on', but over time I
realized that if things were going smoothly there was little need to run
a background app such as Arm.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161114/d916195f/attachment.sig>


More information about the tor-relays mailing list