[tor-bugs] #6996 [Obfsproxy]: Problems with starting managed Obfsproxy server when installed via debian package and with Tor as service
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Oct 1 16:25:08 UTC 2012
#6996: Problems with starting managed Obfsproxy server when installed via debian
package and with Tor as service
-----------------------+----------------------------------------------------
Reporter: linda | Owner: asn
Type: defect | Status: new
Priority: normal | Milestone:
Component: Obfsproxy | Version: Tor: 0.2.3.22-rc
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by asn):
Replying to [comment:6 linda]:
> Replying to [comment:5 arma]:
> > Replying to [comment:4 linda]:
> > > Now I'm trying to add all the options in {{{/usr/share/tor/tor-
service-defaults-torrc}}} to the command line to see if it reproduces the
error. It works if I leave out {{{User debian-tor}}}:
> >
> > > linda at vm05:~$ sudo -u debian-tor tor -f /etc/tor/torrc DataDirectory
/var/lib/tor RunAsDaemon 1 Log "notice file /var/log/tor/log"
ControlSocket /var/run/tor/control ControlSocketsGroupWritable 1 PidFile
/var/run/tor/tor.pid CookieAuthentication 1 CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie User debian-tor
> > > Oct 01 07:47:37.335 [warn] Error setting groups to gid 115:
"Operation not permitted".
> > > Oct 01 07:47:37.335 [warn] Tor is already running as debian-tor.
You do not need the "User" option if you are already running as the user
you want to be. (If you did not set the User option in your torrc, check
whether it was specified on the command line by a startup script.)
> > > Oct 01 07:47:37.335 [warn] Failed to parse/validate config: Problem
with User value. See logs for details.
> >
> > > Does this give you any clues?
> >
> > The init script starts Tor as root, and then Tor drops privs to the
debian-tor user. If you start Tor as debian-tor, you shouldn't ask it to
change user. Hopefully the above explanation by Tor makes sense?
>
> Yes, it does. And from the log output, I understood that calling tor
from the command line as user debian-tor made the option {{{User}}} moot.
I was just trying to get as close as possible to what the (broken?) init
script does. Unfortunately, it worked like a charm when I called tor from
the command line with all the other options.
>
> I wish there was a way to see what kind of permission is denied when I
use the init script. Is it writing to a file? Which one? I guess the
{{{--managed}}} is still a mystery to me... (although I like how it works
when I send SIGTERM to tor and it also kills the obfsproxy process if
running).
The permission error happened when Tor tried to execute the file
`/usr/bin/obfsproxy`.
`execve()` (the function used to execute that file) says "Permission
denied" when the following things happen:
{{{
EACCES Search permission is denied on a component of the path
prefix of filename or the name of a script interpreter. (See also
path_resolution(7).)
EACCES The file or a script interpreter is not a regular file.
EACCES Execute permission is denied for the file or a script or ELF
interpreter.
EACCES The file system is mounted noexec.
}}}
I'm not sure in which case you belong, and unfortunately there is no way
for `execve()` to be more verbose.
I also tried using your `/etc/tor/torrc` with the default init script of
tor in Ubuntu, and obfsproxy spawned fine.
If you feel playful, you can move the obfsproxy binary to a different
place (like `/tmp/obfsproxy` or something) and see if you still get the
`Permission Denied` error. Or you can replace `/usr/bin/obfsproxy` with a
different binary and see if you still get the same error.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6996#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list