[tor-bugs] #6996 [Obfsproxy]: Problems with starting managed Obfsproxy server when installed via debian package and with Tor as service

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Oct 1 15:07:37 UTC 2012 

#6996: Problems with starting managed Obfsproxy server when installed via debian
package and with Tor as service
-----------------------+----------------------------------------------------
 Reporter:  linda      |          Owner:  asn             
     Type:  defect     |         Status:  new             
 Priority:  normal     |      Milestone:                  
Component:  Obfsproxy  |        Version:  Tor: 0.2.3.22-rc
 Keywords:             |         Parent:                  
   Points:             |   Actualpoints:                  
-----------------------+----------------------------------------------------

Comment(by linda):

 Replying to [comment:5 arma]:
 > Replying to [comment:4 linda]:
 > > Now I'm trying to add all the options in {{{/usr/share/tor/tor-
 service-defaults-torrc}}} to the command line to see if it reproduces the
 error.  It works if I leave out {{{User debian-tor}}}:
 >
 > > linda at vm05:~$ sudo -u debian-tor tor -f /etc/tor/torrc DataDirectory
 /var/lib/tor RunAsDaemon 1 Log "notice file /var/log/tor/log"
 ControlSocket /var/run/tor/control ControlSocketsGroupWritable 1 PidFile
 /var/run/tor/tor.pid CookieAuthentication 1 CookieAuthFileGroupReadable 1
 CookieAuthFile /var/run/tor/control.authcookie User debian-tor
 > > Oct 01 07:47:37.335 [warn] Error setting groups to gid 115: "Operation
 not permitted".
 > > Oct 01 07:47:37.335 [warn] Tor is already running as debian-tor.  You
 do not need the "User" option if you are already running as the user you
 want to be.  (If you did not set the User option in your torrc, check
 whether it was specified on the command line by a startup script.)
 > > Oct 01 07:47:37.335 [warn] Failed to parse/validate config: Problem
 with User value. See logs for details.
 >
 > > Does this give you any clues?
 >
 > The init script starts Tor as root, and then Tor drops privs to the
 debian-tor user. If you start Tor as debian-tor, you shouldn't ask it to
 change user. Hopefully the above explanation by Tor makes sense?

 Yes, it does.  And from the log output, I understood that calling tor from
 the command line as user debian-tor made the option {{{User}}} moot.  I
 was just trying to get as close as possible to what the (broken?) init
 script does.  Unfortunately, it worked like a charm when I called tor from
 the command line with all the other options.

 I wish there was a way to see what kind of permission is denied when I use
 the init script.  Is it writing to a file?  Which one?  I guess the
 {{{--managed}}} is still a mystery to me... (although I like how it works
 when I send SIGTERM to tor and it also kills the obfsproxy process if
 running).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6996#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list