[tor-bugs] #27992 [Core Tor/Tor]: config DataDirectoryGroupReadable 1 is ignored

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 10 18:14:29 UTC 2018


#27992: config DataDirectoryGroupReadable 1 is ignored
----------------------------------------+------------------------------
 Reporter:  needle8420                  |          Owner:  (none)
     Type:  defect                      |         Status:  new
 Priority:  Low                         |      Component:  Core Tor/Tor
  Version:  Tor: 0.3.5.2-alpha          |       Severity:  Minor
 Keywords:  DataDirectoryGroupReadable  |  Actual Points:
Parent ID:                              |         Points:
 Reviewer:                              |        Sponsor:
----------------------------------------+------------------------------
 im trying to run zeronet over tor.

 i need group access to the DataDirectory for cookie auth
 so /var/lib/tor should have file mode 0750

 spoiler: see below for workarounds + bugfix

 when i run
 # d=$(date +"%F %T"); \
 chmod 0750 /var/lib/tor; \
 systemctl restart tor; sleep 2; \
 journalctl -u tor --since="$d" \
 | grep -i permissions; \
 stat -c%a /var/lib/tor

 i always get
 Fixing permissions on directory /var/lib/tor
 700

 and datadir ends up with filemode 0700
 so it is not accessible for other users in the tor group

 ... though in my torrc i set
 DataDirectoryGroupReadable 1

 # usermod -a -G tor zeronet
 # sudo -u zeronet cat /var/lib/tor/control_auth_cookie
 cat: /var/lib/tor/control_auth_cookie: Permission denied

 the authcookie filemode is set correctly to 0640
 with the config
 CookieAuthFileGroupReadable 1

 --

 workaround 1
 run
 # chmod 0750 /var/lib/tor
 after starting tor

 workaround 2
 add
 CacheDirectoryGroupReadable 1
 to your torrc file

 workaround 3
 add
 CacheDirectory = /var/lib/tor/cache
 to your torrc file
 if your cache dir should not be group readable

 why workaround 2 and 3?

 cos the error only happens
 if CacheDirectory == DataDirectory
 which is the default config

 --

 bugfix

 in
 src/app/config/config.c
 add
 if (strcmp(options->KeyDirectory, options->DataDirectory) != 0) {
 and
 if (strcmp(options->CacheDirectory, options->DataDirectory) != 0) {
 around line 1570 and 1590
 before calling
 check_and_create_data_directory
 ... and close the parentheses

 --

 # cat /etc/tor/torrc
 Log notice syslog
 DataDirectory /var/lib/tor
 DataDirectoryGroupReadable 1
 ControlPort 9051
 CookieAuthentication 1
 CookieAuthFileGroupReadable 1
 CookieAuthFile /var/lib/tor/control_auth_cookie

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27992>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list