While the current config works, it has some problems especially when you want to use external programs to interact with the tor service using it’s control port/socket.
[Service]
RuntimeDirectory=tor
#RuntimeDirectoryPreserve=restart
### Use only one of the below configs:
# 1
# Required because the service is run as root, but tor as a user who needs tobe able to create the unix-socket.
#RuntimeDirectoryMode=0777
# 2
# This requires you to use a blank `User` line in your tor config.
User=tor
Group=tor
### Note for nyx usage
# If your sudoers config has: `%wheel ALL=(ALL:ALL) ALL`
# You can use `sudo -g tor nyx` on Manjaro.
# Else you need `sudo -u tor nyx`
This will create the /var/run/tor directory with proper ACL’s for the tor service.
Allow the creation of the cookie and socket files with proper ACL’s.
/etc/torrc.d/admin.conf
# Remove User setting because we run the service as user `tor` already !
User
# Control port/socket
#ControlPort 9051
#ControlSocket /var/run/tor/control WorldWritable RelaxDirModeCheck
ControlSocket /var/run/tor/control GroupWritable RelaxDirModeCheck
CookieAuthentication 1
CookieAuthFile /var/run/tor/control_auth_cookie
CookieAuthFileGroupReadable 1
# Other settings
The above requires a change in the /etc/tor/torrc file when you don’t use the override in an included config like i do with /etc/torrc.d/admin.conf…
Comment out the line that says User tor at top, because Tor will barf otherwise. (Tor is already started as user tor by systemd in this case, so Tor can’t change it’s UID/GUID again )
To make adjustments by the admin easier:
You should un-comment the last line in /etc/tor/torrc that says %include /etc/torrc.d/*.conf
This directory can be thought of like a “drop-in” directory used by systemd units, and i used it as shown above.
Other changes to make Manjaro better:
The sudoers drop-in file /etc/sudoers.d/10-installer should have the below to allow to run programs under a different group with sudo -g xxx which isn’t allowed at moment.
%wheel ALL=(ALL:ALL) ALL
The current content is missing the :ALL part…
Nyx usage:
After all the above is in place; we can use nyx to interact with tor via it’s control socket without any problems
So in short Manjaro refuses to make a Manjaro version of tor.
If people want changes in the package manjaro uses they should contact the arch package maintainers…
Aint so hard to openly say you guys REFUSE to fix small bugs in packages.
Yes, because you advise to make an own package with the changes.
I would if i were able to, but i never made any package yet, i never fiddled with any PKGBUILD let alone create one from fresh.
The “small” part refers to a simple text file that needs updating not any code in the tor app…
I literally posted the needed change, but im unable to create a PKGBUILD that uses a patch to fix stuff after the original files…
I’ll try to make a pull request on that repo if that is possible at all in due time…
An issues section on a repo like all other software…