[tor-commits] [arm/release] Remaining work for using tor with privileged ports

atagar at torproject.org atagar at torproject.org
Sun Jul 17 06:08:33 UTC 2011


commit 21131c72f8b1e3e8605f5153dab1c779ef8f24f2
Author: Damian Johnson <atagar at torproject.org>
Date:   Wed Jul 13 00:35:07 2011 -0700

    Remaining work for using tor with privileged ports
    
    Filling in the starter shell script and a variety of other fixes to make tor
    instances needing root startup permissions work nicely.
---
 src/cli/controller.py           |    2 +-
 src/cli/wizard.py               |   14 ++++++++------
 src/resources/startTor          |   38 ++++++++++++++++++++++++++------------
 src/resources/torrcTemplate.txt |    7 ++++---
 src/settings.cfg                |    2 +-
 5 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/src/cli/controller.py b/src/cli/controller.py
index d4fcf2f..e8b28cc 100644
--- a/src/cli/controller.py
+++ b/src/cli/controller.py
@@ -523,7 +523,7 @@ class TorManager:
     torctlConn, authType, authValue = TorCtl.preauth_connect(controlPort = int(CONFIG["wizard.default"]["Control"]))
     
     if not torctlConn:
-      msg = "Unable to start tor, try running \"tor -f %s\" to see the error output" % torrcLoc
+      msg = "Unable to start tor, try running \"tor -f %s\" to see the error output" % self.getTorrcPath()
       raise IOError(msg)
     
     if authType == TorCtl.AUTH_TYPE.COOKIE:
diff --git a/src/cli/wizard.py b/src/cli/wizard.py
index 032cb92..08e9d0b 100644
--- a/src/cli/wizard.py
+++ b/src/cli/wizard.py
@@ -8,14 +8,13 @@ import os
 import sys
 import random
 import shutil
+import getpass
 import functools
 import curses
 
 import cli.popups
 import cli.controller
 
-from TorCtl import TorCtl
-
 from util import connections, enum, log, sysTools, torConfig, torTools, uiTools
 
 # template used to generate the torrc
@@ -384,7 +383,7 @@ def showWizard():
             dst = "%sstartTor" % dataDir
             if not os.path.exists(dst): shutil.copy(src, dst)
             
-            msg = "Tor needs root permissions to start with this configuration (it will drop itself to a 'tor-arm' user afterward). To continue...\n- open another terminal\n- run \"sudo %s\"\n- press 'r' here to tell arm to reconnect" % dst
+            msg = "Tor needs root permissions to start with this configuration (it will drop itself to the current user afterward). To continue...\n- open another terminal\n- run \"sudo %s\"\n- press 'r' here to tell arm to reconnect" % dst
             log.log(log.NOTICE, msg)
           
           break
@@ -590,7 +589,7 @@ def getTorrc(relayType, config, disabledOpt):
     templateOptions[key.upper()] = value
   
   templateOptions[relayType.upper()] = True
-  templateOptions["LOW_PORTS"] = config[Options.LOWPORTS]
+  templateOptions["LOW_PORTS"] = config[Options.LOWPORTS].getValue()
   
   # uses double the relay rate for bursts
   bwOpt = Options.BANDWIDTH.upper()
@@ -599,10 +598,13 @@ def getTorrc(relayType, config, disabledOpt):
     relayRateComp = templateOptions[bwOpt].split(" ")
     templateOptions["BURST"] = "%i %s" % (int(relayRateComp[0]) * 2, " ".join(relayRateComp[1:]))
   
-  # exit notice will be in our data directory
+  # paths for our tor related resources
+  
   dataDir = cli.controller.getController().getDataDirectory()
-  templateOptions["NOTICE_PATH"] = dataDir + "exitNotice/index.html"
+  templateOptions["NOTICE_PATH"] = "%sexitNotice/index.html" % dataDir
   templateOptions["LOG_ENTRY"] = "notice file %stor_log" % dataDir
+  templateOptions["DATA_DIR"] = "%stor_data" % dataDir
+  templateOptions["USERNAME"] = getpass.getuser()
   
   policyCategories = []
   if not config[Options.POLICY].getValue():
diff --git a/src/resources/startTor b/src/resources/startTor
index c575c23..812a75a 100755
--- a/src/resources/startTor
+++ b/src/resources/startTor
@@ -1,14 +1,28 @@
 #!/bin/sh
-#
-# When binding to privilaged ports the tor process needs to start with root
-# permissions, then lower the user it's running as afterward. This script
-# simply makes a "tor-arm" user if it doesn't already exist then starts the
-# tor process.
-
-# TODO: check if the user's running as root
-# TODO: check if the tor-arm user exists and if not, make it
-# TODO: run arm
-# TODO: bonus points: double check that the torrc in this directory has a
-#       "User tor-arm" entry - this would be a problem if they run the wizard
-#       without low ports, then use this script
+
+# When binding to privileged ports the tor process needs to start with root
+# permissions, then lower the user it's running as afterward.
+
+# checks that we're running as root
+
+if [ "$(id -u)" != "0" ]; then
+  printf "This script needs root permissions to run. Try again with \"sudo ${0}\".\n\n"
+  exit 1
+fi
+
+# Checks that the torrc in this directory has a "User <username>" entry. If 
+# they ran the wizard multiple times then we might currently have a torrc
+# without it, causing this to run tor as root (... not what we wanted).
+
+torrcLoc=$( dirname "$0" )/torrc
+if ! `grep -q "^User " ${torrcLoc}`; then
+  printf "The tor configuration file (${torrcLoc}) doesn't lower its\n"
+  printf "permissions. You should only be using this script to run tor instances that\n"
+  printf "need root permissions to start.\n\n"
+  exit 1
+fi
+
+# starts the tor process
+
+tor --quiet -f $torrcLoc&
 
diff --git a/src/resources/torrcTemplate.txt b/src/resources/torrcTemplate.txt
index d23ed0b..20b2efa 100644
--- a/src/resources/torrcTemplate.txt
+++ b/src/resources/torrcTemplate.txt
@@ -4,7 +4,7 @@
 # - run 'pkill -sighup tor'
 # - restart tor
 #
-# Descriptions of all of these configuraiton attibutes (and many more) are
+# Descriptions of all of these configuration attributes (and many more) are
 # available in the tor man page.
 
 [IF SHUTDOWN]
@@ -14,15 +14,16 @@
 [END IF]
 
 [NEWLINE]
+DataDirectory [DATA_DIR]      # location to store runtime data
+Log [LOG_ENTRY]               # location to log notices, warnings, and errors
 ControlPort 9052              # port controllers can connect to
 CookieAuthentication 1        # method for controller authentication
-Log [LOG_ENTRY]               # location to log notices, warnings, and errors
 
 [IF RELAY | EXIT | BRIDGE]
   RunAsDaemon 1               # runs as a background process
   
   [IF LOWPORTS]
-    User tor-arm              # lowers our permissions to this user
+    User [USERNAME]           # lowers our permissions to this user
   [END IF]
 [END IF]
 [NEWLINE]
diff --git a/src/settings.cfg b/src/settings.cfg
index c6d483d..7e13d19 100644
--- a/src/settings.cfg
+++ b/src/settings.cfg
@@ -447,7 +447,7 @@ wizard.description.opt Notify => Sends automated email notifications to the abov
 wizard.description.opt Bandwidth => Limit for the average rate at which you relay traffic.
 wizard.description.opt Limit => Maximum amount of traffic to relay each month. Some ISPs, like Comcast, cap their customer's Internet usage so this is an easy way of staying below that limit.
 wizard.description.opt Client => Enable this if you would like to use Tor yourself. This opens or closes the SOCKS port used by applications for connecting to Tor.
-wizard.description.opt Lowports => Relays using port 443 rather than 9001. This helps some users that would otherwise be blocked, but requires that tor is started with root permissions (after that it lowers itself to those of a 'tor-arm' user).
+wizard.description.opt Lowports => Relays using port 443 rather than 9001. This helps some users that would otherwise be blocked, but requires that tor is started with root permissions (after that it lowers itself to those of the current user).
 wizard.description.opt Portforward => If needed, attempts NAT traversal using UPnP and NAT-PMP. This allows for automatic port forwarding on most home routers.
 wizard.description.opt Startup => Runs Tor in the background when the system starts.
 wizard.description.opt Rshutdown => When you quit arm the Tor process is stopped thirty seconds later. This delay is so people using you can gracefully switch their circuits.





More information about the tor-commits mailing list