Running tor as a regular user

K

kovacs

I have two questions about tor. I have successfully got tor to work from ports using Freebsd 8.0 RELEASE-p3.


1) When I add:

Code: 
tor_enable="yes"

to rc.conf and reboot, tor loads correctly (running as the _tor user).

However, I want to run tor as my regular user, 'kovacs'. The reason for this is that I need to be able send a SIGHUP to the tor process from scripts running as my regular user, in order to make tor reload and start using a new IP. In /usr/local/etc/tor/torrc, I add the line:

Code: 
User kovacs

as the tor manual appears to indicate.

However, on rebooting, tor does not load. Trying to run tor manually, as root and as my regular user, yields these results:

Code: 
freebsd1# tor
Jun 02 21:09:30.252 [notice] Tor v0.2.1.26. This is experimental software. Do not rely on it for strong anonymity. (Running on FreeBSD i386)
Jun 02 21:09:30.254 [notice] Initialized libevent version 1.4.13-stable using method kqueue. Good.
Jun 02 21:09:30.254 [notice] Opening Socks listener on 127.0.0.1:9050
Jun 02 21:09:30.256 [warn] Error creating directory /root/.tor: Permission denied
Jun 02 21:09:30.256 [warn] Failed to parse/validate config: Couldn't access/create private data directory "/root/.tor"
Jun 02 21:09:30.256 [err] Reading config failed--see warnings above.
freebsd1# exit
exit
kovacs@~ $ tor
Jun 02 21:09:33.361 [notice] Tor v0.2.1.26. This is experimental software. Do not rely on it for strong anonymity. (Running on FreeBSD i386)
Jun 02 21:09:33.363 [notice] Initialized libevent version 1.4.13-stable using method kqueue. Good.
Jun 02 21:09:33.363 [notice] Opening Socks listener on 127.0.0.1:9050
Jun 02 21:09:33.365 [warn] Error setting groups to gid 0: "Operation not permitted".
Jun 02 21:09:33.366 [warn] Tor is already running as kovacs.  You do not need the "User" option if you are already running as the user you 
want to be.  (If you did not set the User option in your torrc, check whether it was specified on the command line by a startup script.)
Jun 02 21:09:33.366 [warn] Failed to parse/validate config: Problem with User value. See logs for details.
Jun 02 21:09:33.366 [err] Reading config failed--see warnings above.

From what I have read on the net, if you want to run tor as a different user, you have to start tor as root, because only root can then setuid to whatever user you want to run as. However, I'm not sure what I'm doing wrong here.



2) What is the advantage of running tor in daemon mode, ie. adding:

Code: 
RunAsDaemon 1

to your torrc file.


Any input would be greatly appreciated!
 
I have solved the first part of this problem.

I was looking at it from the wrong way around: by default on Freebsd, tor already runs neatly as the _tor user, so instead of trying to get tor to run as my user, the logical thing to do was just to add my user to sudoers with no password for the kill command.

For anyone else who is interested, I just installed sudo from ports and then added this to /usr/local/etc/sudoers using the visudo command:

Code: 
kovacs ALL = (_tor) NOPASSWD: /bin/kill

allowing my user kovacs to sudo to the _tor user and issue a kill command without a password. Now, as my regular user kovacs, I can restart tor from scripts or the command line by just issuing:

Code: 
sudo -u _tor kill -SIGHUP $PSID

where $PSID is the process id of tor.


Now if anyone could explain what the point of

RunAsDaemon 1

is then I'll be really happy!
 
You must log in or register to reply here.
Back
Top