TOR startup generate Permission on directory are too permissive

Asked 24/7, 2015 at 22:34 Answered 27/11, 2021 at 23:22

I'm the operator of the XMPP server on darkness.su.The server runs on Centos 6.

I installed TOR and configured it to provide a hidden service access to the server.It was working fine at first,but ever since an update a few months ago it started giving me these errors:

799  May 25 14:19:37.060 [warn] Permissions on directory /var/lib/tor/hidden_service are too permissive.
800  May 25 14:19:37.060 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
801  May 25 14:19:37.060 [err] Reading config failed--see warnings above.

I tried to check the logs,but I can't find them,and setting one doesn't seem to work.I've tried removing TOR and wiping all its folder,then reinstalling it.Same thing.

I'm installing through yum from TOR Project's repository.

With chmod 700 on the hidden service directory(owned by TOR):

Jul 24 21:39:05.573 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied
Jul 24 21:39:05.573 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Jul 24 21:39:05.573 [err] Reading config failed--see warnings above

After changing directory owner to root:

Jul 24 22:11:36.236 [warn] /var/lib/tor/hidden_service/ is not owned by this user (_tor, 496) but by root (0). Perhaps you are running Tor as the wrong user?
Jul 24 22:11:36.236 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Jul 24 22:11:36.236 [err] Reading config failed--see warnings above.

Neutrino answered 24/7, 2015 at 22:34 Comment(2)

You would get the best possible answers on superuser.com or maybe serverfault.com - this is not a programming question. – Mahlstick 24/7, 2015 at 22:57

based on the last entry: chown _tor:_tor /var/lib/tor/hidden_service/ -R should fix it. The previous setups would have allowed other users on the system to access your hidden service dir to copy your keys and impersonate your service. – Utta 27/7, 2015 at 19:28

Permissions on directory /var/lib/tor/hidden_service are too permissive.

This means, that too many users have access to this directory. Try to change it:

chmod 700 /var/lib/tor/hidden_service

I assume here that the user running TOR is also the owner of the directory.

Saintly answered 24/7, 2015 at 22:46 Comment(6)

Yes,TOR is running as user _tor ,and I've done a chown on that direrectory for it.After trying that,it gives me: Jul 24 21:39:05.573 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied Jul 24 21:39:05.573 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details. Jul 24 21:39:05.573 [err] Reading config failed--see warnings above. – Neutrino 24/7, 2015 at 22:54

Then the user running TOR doesn't match the owner oft the directory. Can you check that with ps -elf? – Saintly 24/7, 2015 at 23:0

TOR isn't coming up in there because it's not running,I would guess.But it runs as _tor by default and I've done a chown on the directory. – Neutrino 24/7, 2015 at 23:7

My last idea would be to make root owner of the dir. Maybe the privileges are dropped after the config is read. – Saintly 24/7, 2015 at 23:21

Result: Jul 24 22:11:36.236 [warn] /var/lib/tor/hidden_service/ is not owned by this user (_tor, 496) but by root (0). Perhaps you are running Tor as the wrong user? Jul 24 22:11:36.236 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details. Jul 24 22:11:36.236 [err] Reading config failed--see warnings above. – Neutrino 24/7, 2015 at 23:25

I found this and apparently the solution worked there. I don't understand why the owner can't access his directory in your case, sorry. – Saintly 24/7, 2015 at 23:41

Your initial problem with permission issues (I had these after cloning a virtual hdd in VirtualBox) was caused by broken labels in selinux. On CentOS/Linux this is fixed with:

restorecon -r -v /var/lib/tor

Blockbuster answered 10/9, 2015 at 13:16 Comment(0)

It is all about file and directory permissions. I wrote this in Dockerfile

FROM osminogin/tor-simple:0.4.6.7
ARG source=.
USER tor
COPY $source/torrc /etc/tor/torrc
RUN mkdir /var/lib/tor/sc && chmod 700 /var/lib/tor/sc
COPY --chown=tor:nogroup $source/private/* /var/lib/tor/sc
RUN chmod -R 400 /var/lib/tor/sc/*

In my sc directory I have hostname and key pair. After restarting the container tor domain name persists

Antiphonal answered 30/9, 2021 at 10:10 Comment(0)

sudo chown _tor:_tor /var/lib/tor/site/

fixed it for me.

Marathi answered 27/11, 2021 at 23:22 Comment(0)

Recommended topics

Hot tags