[tor-dev] permission denied when running snowflake-client with debian-tor user

Arlo Breault arlo at torproject.org
Mon Jun 11 17:24:19 UTC 2018


> On Jun 11, 2018, at 7:35 AM, iry <iry at riseup.net> wrote:
> 
> Dear Tor developers,
> 
> I met a problem when trying to use the snowflake-client binary
> extracted from TBB 8.0a8 with the system Tor.
> 
> Specifically, it seems snowflake-client cannot be run by debian-tor
> user, regardless of the permissions it is given.
> 
> I am posting the full steps below. A better formatted version of it
> can be found here:
> http://forums.whonix.org/t/replacing-meek-snowflake/5190/18
> 
> > Here is the original permission and ownership of snowflake-client:
> >
> > user at host:~$ ls -l snowflake-client -rwx------ 1 user user 14160744
> > Jun  4 06:17 snowflake-client
> >
> > It can be executed by user user:
> >
> > user at host:~$ sudo -u user ./snowflake-client 2018/06/04 06:18:21
> >
> >
> > --- Starting Snowflake Client --- 2018/06/04 06:18:21 No HTTP
> > signaling detected. Using manual copy-paste signaling. 2018/06/04
> > 06:18:21 Waiting for a "signal" pipe... ^C
> >
> > We now change the permission to let it executable by user
> > debian-tor:
> >
> > user at host:~$ sudo chmod 777 snowflake-client
> >
> >
> > user at host:~$ sudo -u debian-tor ./snowflake-client 2018/06/04
> > 06:18:43
> >
> > Noticed the permission denied:
> >
> > --- Starting Snowflake Client --- 2018/06/04 06:18:43 No HTTP
> > signaling detected. Using manual copy-paste signaling. 2018/06/04
> > 06:18:43 Waiting for a "signal" pipe... 2018/06/04 06:18:43 open
> > signal: permission denied
> >
> > We now change its ownership to debian-tor:debian-tor:
> >
> > user at host:~$ sudo chown debian-tor:debian-tor snowflake-client
> > user at host:~$ ls -l snowflake-client -rwxrwxrwx 1 debian-tor
> > debian-tor 14160744 Jun  4 06:17 snowflake-client
> >
> > Still, permission denied:
> >
> > user at host:~$ sudo -u debian-tor ./snowflake-client 2018/06/04
> > 06:19:15
> >
> >
> > --- Starting Snowflake Client --- 2018/06/04 06:19:15 No HTTP
> > signaling detected. Using manual copy-paste signaling. 2018/06/04
> > 06:19:15 Waiting for a "signal" pipe... 2018/06/04 06:19:15 open
> > signal: permission denied
> >
> > However, when executing it by user, it works fine:
> >
> > user at host:~$ sudo -u user ./snowflake-client 2018/06/04 06:19:22
> >
> >
> > --- Starting Snowflake Client --- 2018/06/04 06:19:22 No HTTP
> > signaling detected. Using manual copy-paste signaling. 2018/06/04
> > 06:19:22 Waiting for a "signal" pipe... ^C
> 
> I didn't find any special requirement for the user who runs
> snowflake-client from the documentation, so it would be extremely
> helpful and appreciated if you could share some insights on this
> problem. :)


When you launch the client binary without providing a broker url
it tries to create a named pipe (mkfifo) to do signalling.

https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client/rendezvous.go#n161

Try providing a -url as in,
https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client/torrc



> Best Regards,
> iry
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev



More information about the tor-dev mailing list