Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#35832 - [tor] 0.2.3.25-3 Service file should not start Tor as tor user

Attached to Project: Community Packages
Opened by Jon Gjengset (Jonhoo) - Monday, 17 June 2013, 12:44 GMT
Last edited by Lukas Fleischer (lfleischer) - Friday, 28 June 2013, 12:04 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
The Systemd service file shipped with Tor in Arch Linux includes User=tor.
This is incorrect as it disallows certain Tor configurations such as starting Tor on port 443 (which requires root).
Instead, users should set the User directive in /etc/tor/torrc to "tor" and privileges will be dropped after binding to the port.

Also, using the proposed upstream .service file should be considered:
https://trac.torproject.org/projects/tor/ticket/8368

Steps to reproduce:
1. Add QRPort 443 in /etc/tor/torrc
2. Run systemctl start tor
3. Observe that Tor fails to start with a Permission denied error upon binding to port 443
4. Remove User=tor in /usr/lib/systemd/system/tor.service
5. Add User tor to /etc/tor/torrc
6. Run systemctl start tor
7. Observe that Tor starts correctly
8. Run ps aux | grep tor and note that the process runs as user tor as expected
This task depends upon

Closed by  Lukas Fleischer (lfleischer)
Friday, 28 June 2013, 12:04 GMT
Reason for closing:  Not a bug
Comment by Lukas Fleischer (lfleischer) - Tuesday, 18 June 2013, 09:28 GMT
You can easily adjust systemd service files by putting a custom version in "/etc/systemd/system/". If upstream ships an official systemd unit file, we should probably switch to that, though...
Comment by Jon Gjengset (Jonhoo) - Tuesday, 18 June 2013, 11:51 GMT
Sure, but I'd consider this a bug in the default systemd service file, no?

The upstream one hasn't been merged yet, but seems to he well on its way to be.
Comment by Lukas Fleischer (lfleischer) - Tuesday, 18 June 2013, 13:21 GMT
I don't think so. The default service file works fine with the default Tor config. If you use a custom config, you need to create a custom service file. There's too many ways to configure Tor -- we cannot cover them all in the default service file.

Loading...