You are not logged in.
- Topics: Active | Unanswered
#1 2024-03-10 20:24:54
- espritlibre
- Member
- Registered: 2022-12-15
- Posts: 129
[SOLVED] how to safely start tor as user
i installed the tor package from the repo and want to run it occasionally as user, so i don't want to enable tor.service. i'd like to be able to just type tor and the daemon starts, without requiring sudo. with the default config when i type tor in a terminal i get
[notice] Tor 0.4.8.10 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.2.1, Zlib 1.3.1, Liblzma 5.6.0, Libzstd 1.5.5 and Glibc 2.39 as libc.
[notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
[notice] Read configuration file "/etc/tor/torrc".
[notice] Opening Socks listener on 127.0.0.1:9050
[notice] Opened Socks listener connection (ready) on 127.0.0.1:9050
[warn] Directory /var/lib/tor cannot be read: Permission denied
[notice] Closing partially-constructed Socks listener connection (ready) on 127.0.0.1:9050
[warn] Failed to parse/validate config: Couldn't create private data directory "/var/lib/tor"
[err] Reading config failed--see warnings above. if i uncomment "User tor" in /etc/torrc i get the following output
[notice] Tor 0.4.8.10 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.2.1, Zlib 1.3.1, Liblzma 5.6.0, Libzstd 1.5.5 and Glibc 2.39 as libc.
[notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
[notice] Read configuration file "/etc/tor/torrc".
[notice] Opening Socks listener on 127.0.0.1:9050
[notice] Opened Socks listener connection (ready) on 127.0.0.1:9050
[warn] Error setting groups to gid 43: "Operation not permitted".
[warn] If you set the "User" option, you must start Tor as root.
[notice] Closing partially-constructed Socks listener connection (ready) on 127.0.0.1:9050
[warn] Failed to parse/validate config: Problem with User value. See logs for details.
[err] Reading config failed--see warnings above.i checked the ArchWiki and tried
# setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/tor to no avail
i was thinking about chowning /var/lib/tor but i'm not sure if this is safe to do, any advice is welcome
Last edited by espritlibre (2024-03-17 20:48:54)
Offline
#2 2024-03-10 21:03:52
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,211
- Website
Re: [SOLVED] how to safely start tor as user
Do you want to run it as a relay or as a proxy? If the former, I strongly recommend sticking to the system-wide service. The setup provides protection in both directions.
In either case, the need to run Tor binary as your user sounds weird. I don’t know any technical reason to do so, so at this point I assume XY problem. Note there is a difference between “start” and “run” and you seem to try the latter. For “start” you can simply use sudo: no need to start the entire service. Another weirdly looking part of the question is the request to not run the service, but actually use service’s configuration file. Please explain.
If you want to run Tor as a proxy as your user only,⁽¹⁾ you must use torrc with values specific to your user. It will require all relevant settings to be changed, so they fit your scenario. In particular all configured directories and resources must be accessible to your user. You may analyze the “~/.local/share/torbrowser/tbb/x86_64/tor-browser/Browser/TorBrowser/Data/Tor/torrc” generated by TorBrowser as an example, along with what TorBrowser sets up.
Don’t arbitrarily set capabilities or setuid on binaries to circumvent specific user’s limitations. By doing so you grant them to any user in your system.
____
⁽¹⁾ That may have use cases, like having more than a single instance running.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#3 2024-03-10 21:47:46
- espritlibre
- Member
- Registered: 2022-12-15
- Posts: 129
Re: [SOLVED] how to safely start tor as user
sorry for the confusion caused, i should have been clearer.
i want to proxy traffic from apps like freetube through tor. since i very rarely watch youtube videos, i don't need a service which connects me 24/7 to the tor network. i'd like to be able to easily type tor in a terminal to start the proxy watch a video on freetube and when i'm finished watching, i CTRL+C the terminal and disconnect, if possible without elevated privileges.
Last edited by espritlibre (2024-03-10 21:48:48)
Offline
#4 2024-03-11 10:05:48
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,211
- Website
Re: [SOLVED] how to safely start tor as user
Then the part described in “running Tor as a proxy” applies.
But also is not really needed. You may write a shell script, which starts the global tor.service, then your program, then unconditionally stops tor.service on exit. I believe this is going to be simpler to setup than running Tor proxy as your user.
See `trap` command in Bash for handling script exiting.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#5 2024-03-17 20:48:36
- espritlibre
- Member
- Registered: 2022-12-15
- Posts: 129
Re: [SOLVED] how to safely start tor as user
thanks for the help mpan, i think i have a solution!
Offline