PHP coder needs Tor details
Michael Holstein
michael.holstein at csuohio.edu
Tue Feb 13 14:37:51 UTC 2007
> Now all this works well when I perform it like a root, but when I want
> nobody(apache) to parse file.php that is calling Tor will not work.
> I know why - nobody doesn't have a permission for that.
'nobody' is just another user in FreeBSD .. just one that has a '::' in
/etc/passwd and '/bin/false' as a shell. Doesn't mean you can't run
something as that user .. you just have to ensure that 'nobody' can
write to the pidfile and logfiles (if any), and read the config files.
You only need to be 'root' to start a program if that program needs to
bind to a port below 1024.
> If I can't find Tor dir on my server how am I suppose to chmod it?
FreeBSD's ports will install stuff to standard places. If you want to
chroot it, you've got to do a manual install (compile from source).
That's not particularly hard, but it's not for the novice, since you've
got to ensure you've got copies of any libraries you'd need in the
appropriate places.
run 'ldd /path/to/tor' and you'll see what libraries it requires. All
that "stuff" needs to be under your chroot dir.
> To shorten... How do I allow nobody to utilize Tor (It can already do
> that but I must start it like a root and stop it like a root)
Ensure that 'nobody' can read $base/etc/torrc .. as any UNIX admin will
tell you, 95% of the "it won't run" problems are permissions issues.
Try 'sudo -u nobody /path/to/tor' and see what croaks.
> PS: Why after I start Tor like a root by typing "tor" in command line it
> start and then I simply can't issue ANY command to my server, whatever I
> type in command line and press enter it is like I am typing some text in
> a word(or nano for a unix)?
Because TOR is running in the foreground in that terminal. If you want
to background the process, put a '&' after the command .. eg:
'/path/to/tor &'
You can also do a CONTROL+Z (pause) and then issue the command 'bg 1' to
background it in the current terminal. If you want it back in the
foreground, do 'fg 1'.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
More information about the tor-talk
mailing list