Reputation: 109
TOR startup generate Permission on directory are too permissive
I'm the operator of the XMPP server on darkness.su.The server runs on Centos 6.
I installed TOR and configured it to provide a hidden service access to the server.It was working fine at first,but ever since an update a few months ago it started giving me these errors:
799 May 25 14:19:37.060 [warn] Permissions on directory /var/lib/tor/hidden_service are too permissive.
800 May 25 14:19:37.060 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
801 May 25 14:19:37.060 [err] Reading config failed--see warnings above.
I tried to check the logs,but I can't find them,and setting one doesn't seem to work.I've tried removing TOR and wiping all its folder,then reinstalling it.Same thing.
I'm installing through yum from TOR Project's repository.
With chmod 700 on the hidden service directory(owned by TOR):
Jul 24 21:39:05.573 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied
Jul 24 21:39:05.573 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Jul 24 21:39:05.573 [err] Reading config failed--see warnings above
After changing directory owner to root:
Jul 24 22:11:36.236 [warn] /var/lib/tor/hidden_service/ is not owned by this user (_tor, 496) but by root (0). Perhaps you are running Tor as the wrong user?
Jul 24 22:11:36.236 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Jul 24 22:11:36.236 [err] Reading config failed--see warnings above.
Upvotes: 9
Views: 23169
Answers (4)
Reputation: 1
sudo chown _tor:_tor /var/lib/tor/site/
fixed it for me.
Upvotes: 0
Reputation: 692
It is all about file and directory permissions. I wrote this in Dockerfile
FROM osminogin/tor-simple:0.4.6.7
ARG source=.
USER tor
COPY $source/torrc /etc/tor/torrc
RUN mkdir /var/lib/tor/sc && chmod 700 /var/lib/tor/sc
COPY --chown=tor:nogroup $source/private/* /var/lib/tor/sc
RUN chmod -R 400 /var/lib/tor/sc/*
In my sc directory I have hostname and key pair. After restarting the container tor domain name persists
Upvotes: 1
Reputation: 1769
Your initial problem with permission issues (I had these after cloning a virtual hdd in VirtualBox) was caused by broken labels in selinux. On CentOS/Linux this is fixed with:
restorecon -r -v /var/lib/tor
Upvotes: 1
Reputation: 1526
Permissions on directory /var/lib/tor/hidden_service are too permissive.
This means, that too many users have access to this directory. Try to change it:
chmod 700 /var/lib/tor/hidden_service
I assume here that the user running TOR is also the owner of the directory.
Upvotes: 24
Related Questions
- Tor StrictExitNodes is not working
- Torrc does not exist
- install TOR on a centOS 7 server
- Tor & cURL: Can't complete SOCKS5 connection to 0.0.0.0:0
- Attempting to setup and use torctl but having issues
- Tor browser, new IP not working?
- tor via python - connection ok, but no showing up as on tor
- torctl errors out with; TorCtl.connect() AttributeError: 'module' object has no attribute 'connect'
- tor - Not able to create single hop circuit (one hop tunnel)
- Unable to load tor with Apache