[tor-talk] Problem with where hidden_services able to be placed/permissions.
s7r
s7r at sky-ip.org
Thu Aug 13 00:03:17 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I understand.
In Debian, if installed via apt-get, Tor will run under user debian-tor.
If you create the hidden service directory in /home/user/Documents,
this doesn't give the permissions to the user running Tor, which is as
I said 'debian-tor' and not 'user'.
Please follow up below and see comments inline:
On 8/12/2015 11:18 PM, MaQ wrote:
> Yes, running Tor 0.2.6.10.'Do you see there files like
> cached-microdesc-consensus, lock, state, etc.?' Files do exist in
> /var/lib/tor. The pertinent torrc:
>
> 'HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80
> 127.0.0.1:80'
>
> The '/var/lib/tor' by default is limited to root. I did some tests
> deleting 'hidden_service' to regenerate new .onion addresses. All
> fine.
>
OK, this is normal.
> The normal 'user' of system can't access '/var/lib/tor'. I changed
> permissions of folder. Tor wouldn't generate new hidden_services
> files or connect. I created a new folder 'hidden_service' in
> user's '/home/user/Documents' and changed torrc to
> '/home/user/Documents/hidden_service'. Tor wouldn't generate new
> hidden_services files or connect.
>
Tor cannot generate new hidden service files in
/home/user/Documents/hidden_service because this is owned by 'user'
and Tor is run by 'debian-tor'.
Do this: leave in torrc:
HiddenServiceDir /home/user/Documents/hidden_service
And run these commands:
chown -R debian-tor:debian-tor /home/user/Documents/hidden_service
chown -R debian-tor:debian-tor /home/user/Documents/hidden_service/*
> Changed everything back, back to normal... What I'm trying to do is
> have a fresh OS, that when a new user starts for first time, a
> unique .onion address is generated for them and it is easily
> displayed on a start page, without them having to fish around in
> files or having to use editor, terminal, etc.
>
This won't work unless Tor is also started/reloaded (so it'll generate
the hidden service files), and you need to add each time entries in
torrc for each user for this to happen:
HiddenServiceDir /home/user1/Documents/hidden_service/
HiddenServicePort 80 127.0.0.1:80 # or whatever you use
HiddenServiceDir /home/user2/Documents/hidden_service/
HiddenServicePort 80 127.0.0.1:80 # or whatever you use
You also need to change the owner of all hidden_service folders for
each user to debian-tor using the commands above.
> (On another note, the tor lists has been the quickest
> response/most helpful for a novice, that I've encountered. Thank
> you all.)
>
> ----------
>
> Hi,
>
> If you installed from deb.torproject.org I assume you are using
> Tor 0.2.6.10, correct? (run # tor --version to check this).
>
> Please explain once again what you did, I don't exactly
> understand. Have you restored a hidden service for which you had
> backups of private_key and hostname files? Or did you leave Tor to
> create a new hidden service? What do you mean by 'set-up a
> directory in user's Documents folder'?
>
> If you have installed via apt, your datadirectory should be
> /var/lib/tor, unless you didn't change it by modifying torrc. Do
> you see there files like cached-microdesc-consensus, lock, state,
> etc.? Also, the username who should run Tor on your system is
> debian-tor.
>
> Please provide more details and torrc entries.
>
> On 8/10/2015 11:49 PM, MaQ wrote:
>> I tried a couple of things.
>>
>> Gave complete permissions to user at
>> /var/lib/tor/hidden_services/hostname recursively AND
>>
>> set-up a directory in user's Documents folder.
>>
>> In both instances Tor would not make a connection. Had to revert
>> all settings back to only allowing files to be placed with root
>> restrictions in /var/lib/tor/ (torrc was correctly set to best
>> of knowledge in both instances).
>>
>> I'm using Debian, Tor was installed from apt repositories using
>> instructions from torproject.org, with adding line to
>> sources.list and keyring, etc.
>>
>> Need user to have access to hostname file.
>>
>> Did read something about differences in privileges depending if
>> using apt or downloading tarball?
>>
>> What is solution?
>
> tor-talk-request at lists.torproject.org:
>> Re: [tor-talk] Problem with where hidden_services able to be
>> placed/permissions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBCAAGBQJVy97FAAoJEIN/pSyBJlsRaggH/j/UWNoRRQ+BVI9W0314H8mL
93QA4fZ/m1g5uBdDD3sWXTkMcPViXe9xGIFgwb3wKLvM9SEIMGk+qqCs4P8fdFfC
BTiSWjY7NQB0lAINH3LkPosMeZgwudkq6lXNnTlsdGNJP9E6YteS9Pr8t/rJ2YAr
VKqstsNfbROsDRCfdBwcmTUPSYRnAWlNIM8gCvgb9yKdeobpoMac32Uig45GCdKB
1tnSPR1Z3YyWrjeOfsfrGT7n594Pl4BAVegObIXrNA+Ot33VOijgOaAVR2Hm3Fxd
vzsaQbRyBGLHI+FL8Sm/aqQVFY9/9JXPjMFURzOAR7q9Y3mY+okCDw60UTPvY0o=
=UOoW
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list