PHP coder needs Tor details

Michael Holstein michael.holstein at
Tue Feb 13 14:37:51 UTC 2007

> Now all this works well when I perform it like a root, but when I want 
> nobody(apache) to parse file.php that is calling Tor will not work.
> I know why - nobody doesn't have a permission for that.

'nobody' is just another user in FreeBSD .. just one that has a '::' in 
/etc/passwd and '/bin/false' as a shell. Doesn't mean you can't run 
something as that user .. you just have to ensure that 'nobody' can 
write to the pidfile and logfiles (if any), and read the config files.

You only need to be 'root' to start a program if that program needs to 
bind to a port below 1024.

> If I can't find Tor dir on my server how am I suppose to chmod it?

FreeBSD's ports will install stuff to standard places. If you want to 
chroot it, you've got to do a manual install (compile from source). 
That's not particularly hard, but it's not for the novice, since you've 
got to ensure you've got copies of any libraries you'd need in the 
appropriate places.

run 'ldd /path/to/tor' and you'll see what libraries it requires. All 
that "stuff" needs to be under your chroot dir.

> To shorten... How do I allow nobody to utilize Tor (It can already do 
> that but I must start it like a root and stop it like a root)

Ensure that 'nobody' can read $base/etc/torrc .. as any UNIX admin will 
tell you, 95% of the "it won't run" problems are permissions issues.

Try 'sudo -u nobody /path/to/tor' and see what croaks.

> PS: Why after I start Tor like a root by typing "tor" in command line it 
> start and then I simply can't issue ANY command to my server, whatever I 
> type in command line and press enter it is like I am typing some text in 
> a word(or nano for a unix)?

Because TOR is running in the foreground in that terminal. If you want 
to background the process, put a '&' after the command .. eg:

'/path/to/tor &'

You can also do a CONTROL+Z (pause) and then issue the command 'bg 1' to 
background it in the current terminal. If you want it back in the 
foreground, do 'fg 1'.


Michael Holstein CISSP GCIA
Cleveland State University

More information about the tor-talk mailing list