[tor-relays] issues with a fresh new tor server

Tom van der Woerdt info at tvdw.eu
Sun Aug 21 13:23:20 UTC 2016 

Op 21/08/16 om 15:14 schreef Toralf Förster:
> Hi,
> 
> I made the following steps to have /var/lib/tor encrypted under an ext4fs under a stable Gentoo Linux:
> 
> at a local system:
> 	head -c 16 /dev/random | xxd -p > ~/tmp-salt.txt; echo 0x`cat ~/tmp-salt.txt` > ~/.cryptoSalt; rm ~/tmp-salt.txt
> 	picked up a password from: pwgen -s 16
> 	open the remote directory: scp ~/.crypto{Pass,Salt} user at host:home; ssh user at host 'cat ~/.cryptoPass | sudo e4crypt add_key -S $(cat ~/.cryptoSalt) /var/lib/tor; rm ~/.crypto{Pass,Salt}'
> 
> 
> debug.log tells me:
> 
> ...
> Aug 21 15:09:23.817 [notice] Opening Directory listener on [2a01:4f8:190:514a::2]:80
> Aug 21 15:09:23.000 [warn] Your log may contain sensitive information - you're logging more than "notice". Don't log unless it serves an important reason. Overwrite the log afterwards.
> Aug 21 15:09:23.000 [debug] tor_disable_debugger_attach(): Attemping to disable debugger attachment to Tor for unprivileged users.
> Aug 21 15:09:23.000 [debug] tor_disable_debugger_attach(): Debugger attachment disabled for unprivileged users.
> Aug 21 15:09:23.000 [info] tor_lockfile_lock(): Locking "/var/lib/tor/data/lock"
> Aug 21 15:09:23.000 [warn] Couldn't open "/var/lib/tor/data/lock" for locking: Operation not permitted
> Aug 21 15:09:23.000 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.2.8.6 )
> 
> and indeed :
> 
> 
> # ls -alR /var/lib/tor/
> /var/lib/tor/:
> total 12
> drwxr-xr-x  3 tor  tor  4096 Aug 21 15:09 .
> drwxr-xr-x 14 root root 4096 Aug 21 03:10 ..
> drwx------  2 tor  tor  4096 Aug 21 15:09 data
> -rw-r--r--  1 root root    0 Aug 19 14:47 .keep_net-misc_tor-0
> 
> /var/lib/tor/data:
> total 8
> drwx------ 2 tor tor 4096 Aug 21 15:09 .
> drwxr-xr-x 3 tor tor 4096 Aug 21 15:09 ..
> 
> 
> 
> Any hints ?


Those permissions look fine. Do you have selinux enabled? Did this work
prior to adding encryption, or could that be a red herring? Can you see
what it fails on with strace? Is tor actually running as the 'tor' user?
Do you have any special security configuration like sandboxing set up?

Tom

More information about the tor-relays mailing list