
Hi to all, question: i have testet a config with ORPort 443 and dirport 80, hm but there are a permission issue with freebsd. On my testsystem is no http installed, Can i only install tor on freebsd with orport 9001 and dirport 9030 ? regards Steffen TorGate torgate(at)linux-hus.dk

On Wed, Feb 14, 2018 at 05:39:17PM +0100, TorGate wrote: : Hi to all, : : question: i have testet a config with ORPort 443 and dirport 80, hm but : there are a permission issue with freebsd. : : On my testsystem is no http installed, : : Can i only install tor on freebsd with orport 9001 and dirport 9030 ? You can configure tor to use any port that is not in use by another service, so yes you can set 80 and 443. If you did have httpd installed it would probably be using those ports so tor could not. Ports <1024 are "priveleged" so you may need to be running as root to use 80 and 443. -Jon

is this a god ide tor running as root ? Von meinem iPad gesendet
Am 14.02.2018 um 17:46 schrieb Jonathan D. Proulx <jon@csail.mit.edu>:
On Wed, Feb 14, 2018 at 05:39:17PM +0100, TorGate wrote: : Hi to all, : : question: i have testet a config with ORPort 443 and dirport 80, hm but : there are a permission issue with freebsd. : : On my testsystem is no http installed, : : Can i only install tor on freebsd with orport 9001 and dirport 9030 ?
You can configure tor to use any port that is not in use by another service, so yes you can set 80 and 443. If you did have httpd installed it would probably be using those ports so tor could not.
Ports <1024 are "priveleged" so you may need to be running as root to use 80 and 443.
-Jon _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

ok thats perfekt. so the tor process are starting with root, and when tor is running then is tor switching to the tor user _tor ?! is this correct ? regards Steffen TorGate torgate(at)linux-hus.dk
Am 14.02.2018 um 18:33 schrieb George <george@queair.net>:
TorGate:
is this a god ide tor running as root ?
It doesn't run as root. root starts the daemon, then switches over to unprivileged/nologin _tor user.
g
--
34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

can i also user the same ports to ipv6 ? ipv4 and ipv6 on orport 443 and dirport 80 ? regards Steffen TorGate torgate(at)linux-hus.dk
Am 14.02.2018 um 18:37 schrieb TorGate <torgate@linux-hus.dk>:
ok thats perfekt. so the tor process are starting with root, and when tor is running then is tor switching to the tor user _tor ?! is this correct ?
regards Steffen TorGate torgate(at)linux-hus.dk
Am 14.02.2018 um 18:33 schrieb George <george@queair.net>:
TorGate:
is this a god ide tor running as root ?
It doesn't run as root. root starts the daemon, then switches over to unprivileged/nologin _tor user.
g
--
34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

On Wed, Feb 14, 2018 at 7:34 PM George <george@queair.net> wrote:
TorGate:
is this a god ide tor running as root ?
It doesn't run as root. root starts the daemon, then switches over to unprivileged/nologin _tor user.
Is this the case even if "ps -C tor u" shows it runs as root? Q -- 0101100101000001010010000101010101000001010010000010000001000010 0100110001000101010100110101001100100000010110010100111101010101

On Wed, Feb 14, 2018 at 2:43 PM, Quintin <tor-admin@portaltodark.world> wrote:
On Wed, Feb 14, 2018 at 7:34 PM George <george@queair.net> wrote:
TorGate:
is this a god ide tor running as root ?
It doesn't run as root. root starts the daemon, then switches over to unprivileged/nologin _tor user.
Is this the case even if "ps -C tor u" shows it runs as root?
No, 'ps' should show the unprivileged user. Check whether you have a "User" setting in your torrc. (I think George was referring specifically to the way FreeBSD pkgsrc configures tor.)

ok thanks regards Steffen TorGate torgate(at)linux-hus.dk
Am 14.02.2018 um 20:48 schrieb Zack Weinberg <zackw@cmu.edu>:
On Wed, Feb 14, 2018 at 2:43 PM, Quintin <tor-admin@portaltodark.world> wrote:
On Wed, Feb 14, 2018 at 7:34 PM George <george@queair.net> wrote:
TorGate:
is this a god ide tor running as root ?
It doesn't run as root. root starts the daemon, then switches over to unprivileged/nologin _tor user.
Is this the case even if "ps -C tor u" shows it runs as root?
No, 'ps' should show the unprivileged user. Check whether you have a "User" setting in your torrc. (I think George was referring specifically to the way FreeBSD pkgsrc configures tor.) _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

On Wed, Feb 14, 2018 at 9:48 PM Zack Weinberg <zackw@cmu.edu> wrote:
No, 'ps' should show the unprivileged user. Check whether you have a "User" setting in your torrc. (I think George was referring specifically to the way FreeBSD pkgsrc configures tor.)
Adding a User setting and updating some permissions worked to get tor running as an unprivileged user. -- 0101100101000001010010000101010101000001010010000010000001000010 0100110001000101010100110101001100100000010110010100111101010101

a config with ORPort 443 and dirport 80, but there are a permission issue with freebsd.
On FreeBSD you can override the limitation for privileged ports (under 1024) by adding this to to /etc/sysctl.conf: net.inet.ip.portrange.reservedhigh=0 However, this is not recommended for security reasons. It's also not recommended to run Tor as root. For best security on FreeBSD, it may be best to use ports over 1024 for Tor.

ok, so i change not the config :-) thanks for all replays :-) regards Steffen TorGate torgate(at)linux-hus.dk
Am 14.02.2018 um 21:26 schrieb tor <tor@anondroid.com>:
a config with ORPort 443 and dirport 80, but there are a permission issue with freebsd.
On FreeBSD you can override the limitation for privileged ports (under 1024) by adding this to to /etc/sysctl.conf:
net.inet.ip.portrange.reservedhigh=0 However, this is not recommended for security reasons. It's also not recommended to run Tor as root. For best security on FreeBSD, it may be best to use ports over 1024 for Tor.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

If you don't want to configure it (start as root drop to user) manually, ansible-relayor automates these steps (and others) for you. https://github.com/nusenu/ansible-relayor -- https://mastodon.social/@nusenu twitter: @nusenu_
participants (7)
-
George
-
Jonathan D. Proulx
-
nusenu
-
Quintin
-
tor
-
TorGate
-
Zack Weinberg