Hi to all, question: i have testet a config with ORPort 443 and dirport 80, hm but there are a permission issue with freebsd. On my testsystem is no http installed,
Can i only install tor on freebsd with orport 9001 and dirport 9030 ?
regards Steffen TorGate torgate(at)linux-hus.dk
On Wed, Feb 14, 2018 at 05:39:17PM +0100, TorGate wrote: : Hi to all, : : question: i have testet a config with ORPort 443 and dirport 80, hm but : there are a permission issue with freebsd. : : On my testsystem is no http installed, : : Can i only install tor on freebsd with orport 9001 and dirport 9030 ?
You can configure tor to use any port that is not in use by another service, so yes you can set 80 and 443. If you did have httpd installed it would probably be using those ports so tor could not.
Ports <1024 are "priveleged" so you may need to be running as root to use 80 and 443.
-Jon
is this a god ide tor running as root ?
Von meinem iPad gesendet
Am 14.02.2018 um 17:46 schrieb Jonathan D. Proulx jon@csail.mit.edu:
On Wed, Feb 14, 2018 at 05:39:17PM +0100, TorGate wrote: : Hi to all, : : question: i have testet a config with ORPort 443 and dirport 80, hm but : there are a permission issue with freebsd. : : On my testsystem is no http installed, : : Can i only install tor on freebsd with orport 9001 and dirport 9030 ?
You can configure tor to use any port that is not in use by another service, so yes you can set 80 and 443. If you did have httpd installed it would probably be using those ports so tor could not.
Ports <1024 are "priveleged" so you may need to be running as root to use 80 and 443.
-Jon _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
ok thats perfekt. so the tor process are starting with root, and when tor is running then is tor switching to the tor user _tor ?! is this correct ?
regards Steffen TorGate torgate(at)linux-hus.dk
Am 14.02.2018 um 18:33 schrieb George george@queair.net:
TorGate:
is this a god ide tor running as root ?
It doesn't run as root. root starts the daemon, then switches over to unprivileged/nologin _tor user.
g
--
34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
can i also user the same ports to ipv6 ?
ipv4 and ipv6 on orport 443 and dirport 80 ?
regards Steffen TorGate torgate(at)linux-hus.dk
Am 14.02.2018 um 18:37 schrieb TorGate torgate@linux-hus.dk:
ok thats perfekt. so the tor process are starting with root, and when tor is running then is tor switching to the tor user _tor ?! is this correct ?
regards Steffen TorGate torgate(at)linux-hus.dk
Am 14.02.2018 um 18:33 schrieb George george@queair.net:
TorGate:
is this a god ide tor running as root ?
It doesn't run as root. root starts the daemon, then switches over to unprivileged/nologin _tor user.
g
--
34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, Feb 14, 2018 at 7:34 PM George george@queair.net wrote:
TorGate:
is this a god ide tor running as root ?
It doesn't run as root. root starts the daemon, then switches over to unprivileged/nologin _tor user.
Is this the case even if "ps -C tor u" shows it runs as root?
Q
On Wed, Feb 14, 2018 at 2:43 PM, Quintin tor-admin@portaltodark.world wrote:
On Wed, Feb 14, 2018 at 7:34 PM George george@queair.net wrote:
TorGate:
is this a god ide tor running as root ?
It doesn't run as root. root starts the daemon, then switches over to unprivileged/nologin _tor user.
Is this the case even if "ps -C tor u" shows it runs as root?
No, 'ps' should show the unprivileged user. Check whether you have a "User" setting in your torrc. (I think George was referring specifically to the way FreeBSD pkgsrc configures tor.)
ok thanks
regards Steffen TorGate torgate(at)linux-hus.dk
Am 14.02.2018 um 20:48 schrieb Zack Weinberg zackw@cmu.edu:
On Wed, Feb 14, 2018 at 2:43 PM, Quintin tor-admin@portaltodark.world wrote:
On Wed, Feb 14, 2018 at 7:34 PM George george@queair.net wrote:
TorGate:
is this a god ide tor running as root ?
It doesn't run as root. root starts the daemon, then switches over to unprivileged/nologin _tor user.
Is this the case even if "ps -C tor u" shows it runs as root?
No, 'ps' should show the unprivileged user. Check whether you have a "User" setting in your torrc. (I think George was referring specifically to the way FreeBSD pkgsrc configures tor.) _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, Feb 14, 2018 at 9:48 PM Zack Weinberg zackw@cmu.edu wrote:
No, 'ps' should show the unprivileged user. Check whether you have a "User" setting in your torrc. (I think George was referring specifically to the way FreeBSD pkgsrc configures tor.)
Adding a User setting and updating some permissions worked to get tor running as an unprivileged user.
a config with ORPort 443 and dirport 80, but there are a permission issue with freebsd.
On FreeBSD you can override the limitation for privileged ports (under 1024) by adding this to to /etc/sysctl.conf:
net.inet.ip.portrange.reservedhigh=0 However, this is not recommended for security reasons. It's also not recommended to run Tor as root. For best security on FreeBSD, it may be best to use ports over 1024 for Tor.
ok, so i change not the config :-)
thanks for all replays :-)
regards Steffen TorGate torgate(at)linux-hus.dk
Am 14.02.2018 um 21:26 schrieb tor tor@anondroid.com:
a config with ORPort 443 and dirport 80, but there are a permission issue with freebsd.
On FreeBSD you can override the limitation for privileged ports (under 1024) by adding this to to /etc/sysctl.conf:
net.inet.ip.portrange.reservedhigh=0 However, this is not recommended for security reasons. It's also not recommended to run Tor as root. For best security on FreeBSD, it may be best to use ports over 1024 for Tor.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
If you don't want to configure it (start as root drop to user) manually, ansible-relayor automates these steps (and others) for you.
https://github.com/nusenu/ansible-relayor
tor-relays@lists.torproject.org
-
George -
Jonathan D. Proulx -
nusenu -
Quintin -
tor -
TorGate -
Zack Weinberg