Tor service from official repo. not worked out of the box

postcd · 7 November 2020 15:07

Tor 0.4.4.5-4 from community repo sets wrong permissions so the service not work out of the box?

The app that is using Tor returned error:
TorManager Disabling Tor, because error while accessing Tor proxy at port 127.0.0.1:9050: Error ([Errno 111] Connection refused)

Here is what i tried:

$ egrep “ControlPort |CookieAuth” /etc/tor/torrc
ControlPort 9051
CookieAuthentication 1

(uncommented, 90xx 90xx match)

$ systemctl restart tor
Job for tor.service failed because the control process exited with error code.
See “systemctl status tor.service” and “journalctl -xe” for details.

$ systemctl status tor
● tor.service - Anonymizing overlay network for TCP
Loaded: loaded (/usr/lib/systemd/system/tor.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-11-07 15:23:58 CET; 40s ago
Process: 459829 ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config (code=exited, status=1/FAILURE)

lis 07 15:23:58 me systemd[1]: tor.service: Scheduled restart job, restart counter is at 5.
lis 07 15:23:58 me systemd[1]: Stopped Anonymizing overlay network for TCP.
lis 07 15:23:58 me systemd[1]: tor.service: Start request repeated too quickly.
lis 07 15:23:58 me systemd[1]: tor.service: Failed with result ‘exit-code’.
lis 07 15:23:58 me systemd[1]: Failed to start Anonymizing overlay network for TCP.

$ tor -f /etc/tor/torrc --verify-config

Nov 07 15:27:29.677 [notice] Tor 0.4.4.5 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1h, Zlib 1.2.11, Liblzma 5.2.5, and Libzstd 1.4.5.
Nov 07 15:27:29.677 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 07 15:27:29.677 [notice] Read configuration file “/etc/tor/torrc”.
Nov 07 15:27:29.682 [warn] Directory /var/lib/tor cannot be read: Permission denied
Nov 07 15:27:29.682 [warn] Failed to parse/validate config: Couldn’t access private data directory “/var/lib/tor”
Nov 07 15:27:29.682 [err] Reading config failed–see warnings above.

$ stat -c%a /var/lib/tor /var/lib/tor/control_auth_cookie
700
stat: cannot statx ‘/var/lib/tor/control_auth_cookie’: Permission denied

$ sudo chmod 750 /var/lib/tor

$ stat -c%a /var/lib/tor /var/lib/tor/control_auth_cookie
750
600

Folder and contents had tor:tor rights. And my user was part of the tor ($groups myusername) and computer reset was made (maybe it remembered session, so maybe not reloaded user rights or what)

$ tor -f /etc/tor/torrc --verify-config
Nov 07 15:40:36.747 [notice] Tor 0.4.4.5 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1h, Zlib 1.2.11, Liblzma 5.2.5, and Libzstd 1.4.5.
Nov 07 15:40:36.748 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 07 15:40:36.748 [notice] Read configuration file “/etc/tor/torrc”.
Nov 07 15:40:36.752 [warn] /var/lib/tor is not owned by this user (me, 1000) but by tor (43). Perhaps you are running Tor as the wrong user?
Nov 07 15:40:36.752 [warn] Failed to parse/validate config: Couldn’t access private data directory “/var/lib/tor”
Nov 07 15:40:36.752 [err] Reading config failed–see warnings above.

$ sudo chown -R root:root /var/lib/tor

(using nonrootuser:tor or nonrootuser:nonrootuser not worked)

$ tor -f /etc/tor/torrc --verify-config
Nov 07 15:54:44.861 [notice] Tor 0.4.4.5 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1h, Zlib 1.2.11, Liblzma 5.2.5, and Libzstd 1.4.5.
Nov 07 15:54:44.861 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 07 15:54:44.861 [notice] Read configuration file “/etc/tor/torrc”.
Configuration was valid

tor starts now (requiring sudo password)

but the app says:
Disabling Tor, because error while accessing Tor proxy at port 127.0.0.1:9050: Error ([Errno 13] Permission denied: ‘/var/lib/tor/control_auth_cookie’)

So i would have to run the app as root i guess. That doe snot look good. Please how to fix that permissions and why it does not work out of the box?

Thank you for help in advance.

UPDATE, SOLUTIONS:
if have same problem, try to make sure /etc/tor/torrc contains following:

User tor
ControlPort 9051
CookieAuthentication 1
DataDirectoryGroupReadable 1
CookieAuthFileGroupReadable 1
ExtORPortCookieAuthFileGroupReadable 1
CacheDirectoryGroupReadable 1

(if “ls -l /var/lib/tor” returns different use, like “debian-tor”, update the first variable “User tor” in above box to be “User debian-tor”)

xabbu · 7 November 2020 15:16

The apportierte permissions on /var/lib/tor are 700 and owned by the tor user and the tor group.

You should not run tor as root or as your own user.

Changing the owner of /var/lib/tor to root is extremely wrong! Do not do it.

postcd · 7 November 2020 15:57

Thanks for advice @xabbu, though it was like that before and it not worked (errors you can see above, before i executed “sudo chmod 750 /var/lib/tor” above)

so i just changed it back:
sudo chown -R tor:tor /var/lib/tor/;sudo chmod -R 700 /var/lib/tor

and see the permission errors mentioned. So please kindly suggest how to now proceed.

xabbu · 7 November 2020 16:06

I see only permission errors as you tried to run tor as your normal user.

But systemctl status tor returned show that there is something wrong. Lets focus on that.

Check to journal

journalctl --no-hostname --no-pager -u tor.service

xabbu · 7 November 2020 16:08

I’m not sure if this is a good idea. You should not use -R since 700 is only for the /var/lib/tor folder and not any folder or files in there.

postcd · 7 November 2020 16:22

so i reverted to original access rights and permissions:
sudo chmod -R 600 /var/lib/tor/
sudo chmod 700 /var/lib/tor/keys /var/lib/tor
Directory and files are tor:tor
Directory was chmod 700, result is: Access: (2700/drwx–S—)

Then i did “systemctl restart tor” as a normal user (not root) and having “tor” in “$ groups user” output. It prompted password.

It failed with EXITED status and this is your journalctl command output:

[warn] /var/lib/tor is not owned by this user (root, 0) but by tor (43). Perhaps you are running Tor as the wrong user?
[warn] Failed to parse/validate config: Couldn’t access private data directory “/var/lib/tor”

full output

xabbu · 7 November 2020 16:32

Can you post your torrc config. The default config uses

User tor

If you have a torrc.pacnew file, you need to megre it.

postcd · 7 November 2020 16:36

When i exlcude # lines, then my torrc contains only:

Log notice syslog
DataDirectory /var/lib/tor
ControlPort 9051
CookieAuthentication 1
CookieAuthFile /var/lib/tor/control_auth_cookie
DataDirectoryGroupReadable 1
CookieAuthFileGroupReadable 1
ExtORPortCookieAuthFileGroupReadable 1
CacheDirectoryGroupReadable 1

After prepending User tor line to the /etc/tor/torrc and “systemctl restart tor” it is running OK. No problem… I do not know why it was not there? Is it some issue need to be fixed?

xabbu · 7 November 2020 16:40

Not sure the default torrc that is installed from the tor package contains only

User tor
Log notice syslog
DataDirectory /var/lib/tor

Did you installed tor recently or was it installed since a long time? As you installed tor, did you already had a /etc/tor/torrc file and did you merge a .pacnew file?

postcd · 7 November 2020 18:32

I was checking this and it should have been installed like this:

[PACMAN] Running ‘pacman -S torbrowser-launcher’
[ALPM] installed tor (0.4.3.6-1)
[ALPM] installed torbrowser-launcher (0.3.2-6)
[ALPM-SCRIPTLET] Creating group tor with gid 43.
[ALPM-SCRIPTLET] Creating user tor (n/a) with uid 43 and gid 43.

I rather think it was clean install and i did nothing with .pacnew

Today tor was upgraded by pacman 0.4.3.6-1 -> 0.4.4.5-4
$ diff /etc/tor/torrc /etc/tor/torrc.pacnew -y|grep -v “#”
User tor <
> User tor

Log notice syslog Log notice syslog

DataDirectory /var/lib/tor DataDirectory /var/lib/tor

CookieAuthFile /var/lib/tor/control_auth_cookie <
DataDirectoryGroupReadable 1 <
CookieAuthFileGroupReadable 1 <
ExtORPortCookieAuthFileGroupReadable 1 <
CacheDirectoryGroupReadable 1 <

Then i uninstalled tor launcher and make sure tor package is also away, then renamed /etc/tor and installed latest tor-0.4.4.5-4 using pacman. It indeed contains “User tor” line. So this seems good.
I then removed the tor package. and installed TB launcher: sudo pacman -S torbrowser-launcher
And it again has “User tor” line in torrc and service starting without problem.
so i think i had to accidentally removed the line or the previous tor package version not had it…

Thank you for help.

By the way, that python3 app that is using Tor still complained:

TorManager Disabling Tor, because error while accessing Tor proxy at port 127.0.0.1:9050: Error ([Errno 111] Connection refused)

and i believe that this error was solved by adding following to my /etc/tor/torrc:

DataDirectoryGroupReadable 1
CookieAuthFileGroupReadable 1
ExtORPortCookieAuthFileGroupReadable 1
CacheDirectoryGroupReadable 1

and “systemctl restart tor” …

feedback always welcome

linux-aarhus · 8 November 2020 08:07

You know who sponsors tor right?

javad · 25 November 2020 08:51

Your solution solved my issue with tor. But torbrowser-launcher doesn’t work yet.

postcd · 25 November 2020 17:27

Same. It worked for me after setup, but no longer works. Does nothing.
/home/$(whoami)/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser --display=:0.0

Maybe this is related: Torbrowser Launcher not launching
Now i will be wondering how to install it manually using that tgz. Tor Project | Download

javad · 25 November 2020 20:50

@postcd
Just download it and simply run the start-tor-browser.desktop --browser & as I did.
I have extracted it in the /opt and then I put a link in my path to run it.

linux-aarhus · 9 February 2022 18:22