You are not logged in.
- Topics: Active | Unanswered
#1 2024-09-27 08:39:48
- beroal
- Member
- From: Ukraine
- Registered: 2009-06-07
- Posts: 343
- Website
[SOLVED] Which user should the Tor service run as?
I have a problem with running the Tor service under an AppArmor profile written by me.
In the service file “/usr/lib/systemd/system/tor.service”, I see no “User” in the “Service” section. So the Tor service runs as root. In the file “/usr/lib/tmpfiles.d/tor.conf”, I see
d /var/lib/tor 0700 tor tor - -Thus the security settings of “/var/lib/tor” are changed at every boot such that only the “tor” user may access “/var/lib/tor”.
Now, if the Tor service is run under an AppArmor profile, the Tor service can't work with “/var/lib/tor” because root tries to work with the “tor” user's directory. (I admit that the Tor service will be able to work if I grant it the “dac_read_search” and “dac_override” capabilities. But I take this conundrum as an indication that security settings are wrong, not that the Tor service doesn't have enough permissions. The Tor service is not a file manager, but a typical internet service (server).)
Which user should the Tor service run as?
If it's the “tor” user, I need to change “/usr/lib/systemd/system/tor.service”.
If it's root, I need to change “/usr/lib/tmpfiles.d/tor.conf”.
I would like to know which option the Arch Linux maintainers intended here.
Last edited by beroal (2024-09-28 14:21:25)
we are not condemned to write ugly code
Offline
#2 2024-09-28 10:24:51
- Strike0
- Member
- From: Germany
- Registered: 2011-09-05
- Posts: 1,459
Re: [SOLVED] Which user should the Tor service run as?
When I look at the tor.service, it retains the upstream comments. So, it's shipped as provided by the project and, I assume, maintainers chose not to modify it, because it works and is tricky to mod - given you can use the package for different client/server purposes and there are exceptionally individual security considerations, as your example with apparmor shows.
Thus the security settings of “/var/lib/tor” are changed at every boot such that only the “tor” user may access “/var/lib/tor”.
When I look at the wiki article, it appears the tor uid:gid are set in the /etc/tor/torrc configuration, a lot of daemons operate like that and need an exclusive /var/lib/. What do you mean with "changed every boot"?
Offline
#3 2024-09-28 11:24:00
- beroal
- Member
- From: Ukraine
- Registered: 2009-06-07
- Posts: 343
- Website
Re: [SOLVED] Which user should the Tor service run as?
What do you mean with "changed every boot"?
I mean that systemd-tmpfiles changes the owner and group of “/var/lib/tor” at boot.
When I look at the wiki article, it appears the tor uid:gid are set in the /etc/tor/torrc configuration, a lot of daemons operate like that and need an exclusive /var/lib/.
Actually, the line
User toris commented in my “/etc/tor/torrc”. This was the reason for my confusion. Thus the Tor service is intended to run as the “tor” user.
Anyway, I created a file “/etc/systemd/system/tor.service.d/local.conf” with
[Service]
User=torand now the Tor service works.
we are not condemned to write ugly code
Offline