Tor ClientOnionAuthDir does not appear to work with Manjaro?

I am using tor from the repository. Pretty standard, the end result is that systemctl restart tor fails and the error is… frustrating.

Here’s what I do

$sudo pacman -Syu tor
$sudo systemctl start tor
$sudo mkdir /var/lib/tor/onion_auth
$sudo chown -R tor:tor /var/lib/tor/onion_auth
$sudo nano /etc/tor/torrc

In the torrc at the end I add ClientOnionAuthDir /var/lib/tor/onion_auth
Then:

$sudo systemctl restart tor

Here are my results

Job for tor.service failed because the control process exited with error code.
See "systemctl status tor.service" and "journalctl -xeu tor.service" for details.

systemctl status tor.service

× tor.service - Anonymizing overlay network for TCP
     Loaded: loaded (/usr/lib/systemd/system/tor.service; enabled; preset: disabled)
     Active: failed (Result: exit-code) since Wed 2024-05-29 20:53:56 BST; 41s ago
   Duration: 59.934s
    Process: 22085 ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config (code=exited, status=1/FAILURE)
        CPU: 11ms

May 29 20:53:56 daffodil systemd[1]: tor.service: Scheduled restart job, restart counter is at 5.
May 29 20:53:56  systemd[1]: tor.service: Start request repeated too quickly.
May 29 20:53:56  systemd[1]: tor.service: Failed with result 'exit-code'.
May 29 20:53:56  systemd[1]: Failed to start Anonymizing overlay network for TCP.

journalctl -xeu tor.service

 29 20:53:56  systemd[1]: Failed to start Anonymizing overlay network for TCP.
░░ Subject: A start job for unit tor.service has failed
░░ Defined-By: systemd
░░ Support: https://forum.manjaro.org/c/support
░░ 
░░ A start job for unit tor.service has finished with a failure.
░░ 
░░ The job identifier is 13777 and the job result is failed.

It’s this message that has prompted me to come here but I didn’t stop there.

strace -e trace=open /usr/bin/tor -f /etc/tor/torrc
May 29 20:56:26.670 [notice] Tor 0.4.8.11 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.3.0, Zlib 1.3.1, Liblzma 5.6.1, Libzstd 1.5.5 and Glibc 2.39 as libc.
May 29 20:56:26.670 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
May 29 20:56:26.670 [notice] Read configuration file "/etc/tor/torrc".
May 29 20:56:26.671 [warn] Directory /var/lib/tor/onion_auth cannot be read: Permission denied
May 29 20:56:26.671 [warn] Failed to parse/validate config: Failed to configure client authorization for hidden services. See logs for details.
May 29 20:56:26.671 [err] Reading config failed--see warnings above.
+++ exited with 1 +++

So

sudo ls -l /var/lib/tor
total 21532
-rw------- 1 tor tor    18209 May 29 17:50 cached-certs
-rw------- 1 tor tor  2546698 May 29 20:16 cached-microdesc-consensus
-rw------- 1 tor tor 19363076 May 29 18:05 cached-microdescs
-rw------- 1 tor tor    82444 May 29 20:18 cached-microdescs.new
drwx------ 2 tor tor     4096 May 29 17:50 keys
-rw------- 1 tor tor        0 May 29 20:37 lock
drwxr-Sr-- 2 tor tor     4096 May 29 18:03 onion_auth
-rw------- 1 tor tor    17604 May 29 20:37 state

Per Arch I also ran sudo tor

May 30 11:50:37.321 [notice] Tor 0.4.8.11 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.3.0, Zlib 1.3.1, Liblzma 5.6.1, Libzstd 1.5.5 and Glibc 2.39 as libc.
May 30 11:50:37.321 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
May 30 11:50:37.322 [notice] Read configuration file "/etc/tor/torrc".
May 30 11:50:37.322 [warn] Fixing permissions on directory /var/lib/tor/onion_auth
May 30 11:50:37.338 [err] tor_assertion_failed_(): Bug: src/app/config/config.c:929: get_options_mutable: Assertion global_options failed; aborting. (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug: Tor 0.4.8.11: Assertion global_options failed in get_options_mutable at src/app/config/config.c:929: . Stack trace: (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(log_backtrace_impl+0x5d) [0x55c8927398dd] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(tor_assertion_failed_+0x15c) [0x55c89274c43c] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(get_options_mutable+0x6a) [0x55c8927de41a] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(hs_parse_address+0x59) [0x55c892876479] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(hs_config_client_authorization+0x164) [0x55c892876d04] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(+0x189926) [0x55c8927e5926] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(+0xcc22f) [0x55c89272822f] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(config_validate+0x105) [0x55c8927284c5] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(+0x187ad1) [0x55c8927e3ad1] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(options_init_from_string+0x205) [0x55c8927e7215] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(options_init_from_torrc+0x684) [0x55c8927e7ac4] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(tor_init+0x389) [0x55c8926afdc9] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(tor_run_main+0xb1) [0x55c8926bc001] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(tor_main+0x5e) [0x55c8926bc5ee] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(main+0x1d) [0x55c8926ae08d] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     /usr/lib/libc.so.6(+0x25d4a) [0x7fbf3e56ed4a] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     /usr/lib/libc.so.6(__libc_start_main+0x8c) [0x7fbf3e56ee0c] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(_start+0x25) [0x55c8926ae0e5] (on Tor 0.4.8.11 )
Aborted

Help?

I’ve followed the official tor guidance and I’m able to do this without problem on a debian install (as are others).

It doesn’t matter what user I use, I’ve even tried creating new users or using root (which tor baulked at). If I use sudo -u tor $SHELL I can navigate into the folder quite happily.

Apparmor is not installed.

System specs

Kernel: 6.6.30-2-MANJARO
Arch: x86_64 
Desktop: Cinnamon
v: 6.0.4
Distro: Manjaro Linux

Did you read the official guidance for Arch based distributions at Tor - ArchWiki

Several times but there’s a lot of stuff there some relevant some not.

Just a reminder but I’m not planning on using this as a relay, bridge, or as a browser, I already have the tor browser for that.

I don’t have a problem with the Tor User value the tor user value starts perfectly well until I’ve added ClientOnionAuthDir to my torrc.

Is there a section that I’ve missed?

Here is the result from sudo tor that I’ve added to the original post.

May 30 11:50:37.321 [notice] Tor 0.4.8.11 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.3.0, Zlib 1.3.1, Liblzma 5.6.1, Libzstd 1.5.5 and Glibc 2.39 as libc.
May 30 11:50:37.321 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
May 30 11:50:37.322 [notice] Read configuration file "/etc/tor/torrc".
May 30 11:50:37.322 [warn] Fixing permissions on directory /var/lib/tor/onion_auth
May 30 11:50:37.338 [err] tor_assertion_failed_(): Bug: src/app/config/config.c:929: get_options_mutable: Assertion global_options failed; aborting. (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug: Tor 0.4.8.11: Assertion global_options failed in get_options_mutable at src/app/config/config.c:929: . Stack trace: (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(log_backtrace_impl+0x5d) [0x55c8927398dd] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(tor_assertion_failed_+0x15c) [0x55c89274c43c] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(get_options_mutable+0x6a) [0x55c8927de41a] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(hs_parse_address+0x59) [0x55c892876479] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(hs_config_client_authorization+0x164) [0x55c892876d04] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(+0x189926) [0x55c8927e5926] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(+0xcc22f) [0x55c89272822f] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(config_validate+0x105) [0x55c8927284c5] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(+0x187ad1) [0x55c8927e3ad1] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(options_init_from_string+0x205) [0x55c8927e7215] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(options_init_from_torrc+0x684) [0x55c8927e7ac4] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(tor_init+0x389) [0x55c8926afdc9] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(tor_run_main+0xb1) [0x55c8926bc001] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(tor_main+0x5e) [0x55c8926bc5ee] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(main+0x1d) [0x55c8926ae08d] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     /usr/lib/libc.so.6(+0x25d4a) [0x7fbf3e56ed4a] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     /usr/lib/libc.so.6(__libc_start_main+0x8c) [0x7fbf3e56ee0c] (on Tor 0.4.8.11 )
May 30 11:50:37.353 [err] Bug:     tor(_start+0x25) [0x55c8926ae0e5] (on Tor 0.4.8.11 )
Aborted

So I did some additional research and so far… it appears to be that the Manjaro version and the Debian version are behaving in different ways. At present (but haven’t confirmed) by removing the auth_priv file, I’ve gotten it to restart. I suspect this is because it is trying to validate the file much too early, it won’t succeed because the file is not yet finished. In debian and Arch linux, this check occurs later. I’m not sure why manjaro is different. This i slightly speculation at the moment though.

So it turns out that there is some ‘validation’ going on.

On Debian, a dummy file appears to be fine and tor will ignore it (or error much later), on Manjaro if the auth_private file is not what tor on manjaro is expecting, it throws a wobbly and says that it can’t access the file.

Manjaro will only accept a ‘valid’ .auth_private file. So I had to put the file back in later with the correct information.

1 Like

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.