You are not logged in.

#1 2024-09-27 08:39:48

beroal
Member
From: Ukraine
Registered: 2009-06-07
Posts: 359
Website

[SOLVED] Which user should the Tor service run as?

I have a problem with running the Tor service under an AppArmor profile written by me.

In the service file “/usr/lib/systemd/system/tor.service”, I see no “User” in the “Service” section. So the Tor service runs as root. In the file “/usr/lib/tmpfiles.d/tor.conf”, I see

d /var/lib/tor 0700 tor tor - -

Thus the security settings of “/var/lib/tor” are changed at every boot such that only the “tor” user may access “/var/lib/tor”.

Now, if the Tor service is run under an AppArmor profile, the Tor service can't work with “/var/lib/tor” because root tries to work with the “tor” user's directory. (I admit that the Tor service will be able to work if I grant it the “dac_read_search” and “dac_override” capabilities. But I take this conundrum as an indication that security settings are wrong, not that the Tor service doesn't have enough permissions. The Tor service is not a file manager, but a typical internet service (server).)

Which user should the Tor service run as?

  1. If it's the “tor” user, I need to change “/usr/lib/systemd/system/tor.service”.

  2. If it's root, I need to change “/usr/lib/tmpfiles.d/tor.conf”.

I would like to know which option the Arch Linux maintainers intended here.

Last edited by beroal (2024-09-28 14:21:25)


we are not condemned to write ugly code

Offline

#2 2024-09-28 10:24:51

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,486

Re: [SOLVED] Which user should the Tor service run as?

When I look at the tor.service, it retains the upstream comments. So, it's shipped as provided by the project and, I assume, maintainers chose not to modify it, because it works and is tricky to mod - given you can use the package for different client/server purposes and there are exceptionally individual security considerations, as your example with apparmor shows.

beroal wrote:

Thus the security settings of “/var/lib/tor” are changed at every boot such that only the “tor” user may access “/var/lib/tor”.

When I look at the wiki article, it appears the tor uid:gid are set in the /etc/tor/torrc configuration, a lot of daemons operate like that and need an exclusive /var/lib/. What do you mean with "changed every boot"?

Offline

#3 2024-09-28 11:24:00

beroal
Member
From: Ukraine
Registered: 2009-06-07
Posts: 359
Website

Re: [SOLVED] Which user should the Tor service run as?

Strike0 wrote:

What do you mean with "changed every boot"?

I mean that systemd-tmpfiles changes the owner and group of “/var/lib/tor” at boot.

Strike0 wrote:

When I look at the wiki article, it appears the tor uid:gid are set in the /etc/tor/torrc configuration, a lot of daemons operate like that and need an exclusive /var/lib/.

Actually, the line

User tor

is commented in my “/etc/tor/torrc”. This was the reason for my confusion. Thus the Tor service is intended to run as the “tor” user.

Anyway, I created a file “/etc/systemd/system/tor.service.d/local.conf” with

[Service]
User=tor

and now the Tor service works.


we are not condemned to write ugly code

Offline

Board footer

Powered by FluxBB