Torix, that's still true. Snaps restrict syscalls so tightly that switching users is not possible.

- chad

On Tue, Dec 5, 2017 at 8:35 AM, Torix torix@protonmail.com wrote:

Dear Chad, The last I read from nusenu a few months ago was that you have tor is running as root, which sort of wiped it off my radar. Is that still true? I do like your idea of democratizing tor relays so normal people can run them.

TIA,

--torix

Sent with ProtonMail https://protonmail.com Secure Email.

-------- Original Message -------- Subject: [tor-relays] UbuntuCore stats update Local Time: December 4, 2017 10:18 PM UTC Time: December 5, 2017 3:18 AM From: chad@cornsilk.net To: tor-relays@lists.torproject.org

Hi all. I generate* the packages that make up those UbuntuCore relays and bridges you hear about some time in here. I intended it to be a low-friction way normal joes can help Tor. There have been a good number of volunteers.

The automatic-update system of Snap means the security update of a few days ago gives some population info through download stats.

About 2200+ machines updated to last week's release. Almost all are amd64, though a few percent are i386 or armhf. I don't know of any arm64 yet. They're mostly desktops and servers. I see several new downloads every day.

Judging from the new Atlas, about 800 are have checked in to try to join the consensus, and a little more than 100 are active at any time.

Some working details: The package has a kill-switch so that it no longer starts after a few months of staleness (if I'm ever hit by a bus). At first launch, Tor creates a key and the last two bits of the key determines the role of the instance, with a 1/4 chance of becoming a obfs4 bridge. The default bandwidth limit is a modest 4 megabits per second. Also by default, it tries to punch holes in NAT to make itself available for incoming connections, but I don't have a lot of confidence that is often successful.

I remain on this list and am always happy to answer questions or suggestions.

• http://bazaar.launchpad.net/~privacy-squad/+junk/tor-

middle-relay-snap/files

-- Chad Miller chad.org gpg:a806deac30420066

---

tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

On 11 Dec 2017, at 09:50, nusenu nusenu-lists@riseup.net wrote:

Chad MILLER:

...

Torix, that's still true. Snaps restrict syscalls so tightly that switching users is not possible.

Is it possible to start tor with a non-root user directly (without using tor's user parameter to drop privileges)?

Yes, but you must pre-configure tor's directories with the correct user and permissions. Tor has strict requirements for private key security.

If this doesn't work, let us know: there have been bugs in this code in the past.

-- Tim / teor

PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------