On Sat, 12 Nov 2016 at 12:41 Dennis Christ lists@ollic.de wrote:
Yes that is what i tried to do. But it does not work in my case.
$ arm [Errno 13] Permission denied: '/var/lib/tor/control_auth_cookie'
Even if my user is in the group debian-tor the user has no right to access /var/lib/tor.
$ ls -l /var/lib | grep tor drwx--S--- 4 debian-tor debian-tor 4096 Nov 12 12:38 tor
Am 12.11.2016 um 10:33 schrieb Louie Cardone-Noott:
On Fri, 11 Nov 2016, at 07:16 PM, diffusae wrote:
Yes, you are right. But CookieAuthentication should work. You cannot query all of the connections without access to /var/lib/tor. You only will see circuits. I suggest to use "sudo -u debian-tor arm", if you like to use all of the arm pages. Otherwise you have to change the permissions. In my case, there is also the setgid flags on the directories (2700 drwx--S---).
Sorry not fully read the correspondence here but perhaps a tidier option might be the one recommended on the tor website[1] of doing
sudo adduser $USER debian-tor
The alternative of running as the debian-tor user is a 'bad idea', see [2] from last July
[1] https://www.torproject.org/docs/tor-relay-debian.html.en#after [2] https://lists.torproject.org/pipermail/tor-relays/2016-July/009608.html
Hi
You could just modify the systemd service file for tor, with something like ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /var/run/tor ExecStartPre=/usr/bin/install -Z -m 02750 -o debian-tor -g debian-tor -d /var/log/tor
Cheers Seb