You are not logged in.

#1 2013-08-20 22:16:06

tyo
Member
From: Leipzig, Germany
Registered: 2011-10-29
Posts: 7

[solved] systemd won't start tor

Hi everyone,

I freshly installed tor from the community repo, edited the configuration file to work as an exit node, and now I try to run it as a service, but it won't start and I can't figure out why. When using systemctl to start it, there is no output at all. Looking at the journal, it says it exited for no apparent reason:

$ / systemctl start tor
$ / systemctl status tor
tor.service - Anonymizing Overlay Network
   Loaded: loaded (/usr/lib/systemd/system/tor.service; enabled)
   Active: failed (Result: exit-code) since Tue 2013-08-20 23:54:46 CEST; 2s ago
  Process: 3006 ExecStart=/usr/bin/tor -f /etc/tor/torrc (code=exited, status=255)

Aug 20 23:54:46 meteor systemd[1]: Started Anonymizing Overlay Network.
Aug 20 23:54:46 meteor tor[3006]: Aug 20 23:54:46.829 [notice] Tor v0.2.3.25 (git-17c24b3118224d65) running on Linux.
Aug 20 23:54:46 meteor tor[3006]: Aug 20 23:54:46.830 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Aug 20 23:54:46 meteor tor[3006]: Aug 20 23:54:46.830 [notice] Read configuration file "/etc/tor/torrc".
Aug 20 23:54:46 meteor tor[3006]: Aug 20 23:54:46.834 [notice] Initialized libevent version 2.0.21-stable using method epoll (with changelist). Good.
Aug 20 23:54:46 meteor systemd[1]: tor.service: main process exited, code=exited, status=255/n/a
Aug 20 23:54:46 meteor systemd[1]: Unit tor.service entered failed state.

This is what /etc/systemd/system/multi-user.target.wants/tor.service looks like:

[Unit]
Description=Anonymizing Overlay Network
After=network.target

[Service]
User=tor
Type=simple
ExecStart=/usr/bin/tor -f /etc/tor/torrc
KillSignal=SIGINT
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

When I execute tor directly by hand, it works fine and writes successfully to its logfile. When called via systemctl, it doesn't even get to touch its logfile.

$ / /usr/bin/tor -f /etc/tor/torrc
Aug 20 23:58:18.368 [notice] Tor v0.2.3.25 (git-17c24b3118224d65) running on Linux.
Aug 20 23:58:18.369 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Aug 20 23:58:18.369 [notice] Read configuration file "/etc/tor/torrc".
Aug 20 23:58:18.372 [notice] Initialized libevent version 2.0.21-stable using method epoll (with changelist). Good.
Aug 20 23:58:18.372 [notice] Opening OR listener on 0.0.0.0:443
Aug 20 23:58:18.372 [notice] Opening Directory listener on 0.0.0.0:80

After calling tor by hand, the logfile reads:

Aug 20 23:58:18.000 [notice] Tor 0.2.3.25 (git-17c24b3118224d65) opening log file.
Aug 20 23:58:18.000 [notice] Parsing GEOIP file /usr/share/tor/geoip.
Aug 20 23:58:18.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Aug 20 23:58:18.000 [notice] This version of OpenSSL has a known-good EVP counter-mode implementation. Using it.
Aug 20 23:58:18.000 [notice] OpenSSL OpenSSL 1.0.1e 11 Feb 2013 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Aug 20 23:58:18.000 [notice] Your Tor server's identity key fingerprint is 'xxxxx XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
Aug 20 23:58:18.000 [notice] Reloaded microdescriptor cache.  Found 4424 descriptors.
Aug 20 23:58:19.000 [notice] We now have enough directory information to build circuits.
Aug 20 23:58:19.000 [notice] Bootstrapped 80%: Connecting to the Tor network.
Aug 20 23:58:20.000 [notice] Heartbeat: It seems like we are not in the cached consensus.
Aug 20 23:58:20.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 2 circuits open. I've sent 0 kB and received 0 kB.
Aug 20 23:58:20.000 [notice] Bootstrapped 85%: Finishing handshake with first hop.
Aug 20 23:58:20.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Aug 20 23:58:21.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Aug 20 23:58:21.000 [notice] Bootstrapped 100%: Done.
Aug 20 23:58:21.000 [notice] Now checking whether ORPort XXX.XXX.XXX.XXX:443 and DirPort XXX.XXX.XXX.XXX:80 are reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Aug 20 23:58:21.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Aug 20 23:58:21.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
Aug 20 23:58:34.000 [notice] Performing bandwidth self-test...done.
Aug 21 00:00:12.000 [notice] Interrupt: we have stopped accepting new connections, and will shut down in 30 seconds. Interrupt again to exit now.
Aug 21 00:00:42.000 [notice] Clean shutdown finished. Exiting.

I assume the configuration is correct. Tor is running as the user tor, also indicated in the config file /etc/tor/torrc:

User tor

I'd be grateful for any help with this!

Last edited by tyo (2013-08-21 05:03:04)

Offline

#2 2013-08-20 22:58:19

Raynman
Member
Registered: 2011-10-22
Posts: 1,155

Re: [solved] systemd won't start tor

tyo wrote:

I assume the configuration is correct. Tor is running as the user tor, also indicated in the config file /etc/tor/torrc:

User tor

Tor can only use that setting when you start it as root -- or at least that's how these things usually work. I'd expect it to drop these root privileges as soon as possible and then continue running as user tor. That's probably what happened when you manually started tor. With this service file, systemd limits the tor process's privileges from the start; that's the first obvious difference that I can see. Try it without the User=tor line.

Offline

#3 2013-08-21 05:02:04

tyo
Member
From: Leipzig, Germany
Registered: 2011-10-29
Posts: 7

Re: [solved] systemd won't start tor

Wow, thanks a lot! That helped and systemd now starts tor smoothly.
This is the default tor.service file; I just increased the NOFILE limit. I added User tor to the tor config after it didn't run via systemd, so I wonder why the line in the .service file is there in the first place and no one seems to have my problem. Anyway, thank you!

Offline

Board footer

Powered by FluxBB