Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#68849 - [tor] daemon starts as root instead of tor user and group
Attached to Project:
Community Packages
Opened by Twek Da Tweaker (twek) - Friday, 04 December 2020, 13:06 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 04 December 2020, 13:53 GMT
Opened by Twek Da Tweaker (twek) - Friday, 04 December 2020, 13:06 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 04 December 2020, 13:53 GMT
|
DetailsDescription:
I've updated twice and both times the unit file at /usr/lib/systemd/system/tor.service was overwritten and the User=tor and Group=tor was removed. The tor daemon then fails to bootstrap and retries until the tor network receives too many requests and prevents you from making more. Additional info: * package version(s) tor 0.4.4.6-1 * config and/or log files etc. Relevant output from journalctl -u tor: Dec 04 07:33:05 host systemd[1]: Starting Anonymizing overlay network for TCP... Dec 04 07:33:05 host tor[332]: Dec 04 07:33:05.880 [notice] Tor 0.4.4.6 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1h, Zlib 1.2.11, Liblzma 5.2.5, and Libzstd 1.4.5. Dec 04 07:33:05 host tor[332]: Dec 04 07:33:05.880 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Dec 04 07:33:05 host tor[332]: Dec 04 07:33:05.881 [notice] Read configuration file "/etc/tor/torrc". Dec 04 07:33:05 host tor[332]: Dec 04 07:33:05.887 [warn] /var/lib/tor is not owned by this user (root, 0) but by tor (43). Perhaps you are running Tor as the wrong user? Dec 04 07:33:05 host tor[332]: Dec 04 07:33:05.887 [warn] Failed to parse/validate config: Couldn't access private data directory "/var/lib/tor" Dec 04 07:33:05 host tor[332]: Dec 04 07:33:05.887 [err] Reading config failed--see warnings above. Dec 04 07:33:05 host systemd[1]: tor.service: Control process exited, code=exited, status=1/FAILURE Dec 04 07:33:05 host systemd[1]: tor.service: Failed with result 'exit-code'. Dec 04 07:33:05 host systemd[1]: Failed to start Anonymizing overlay network for TCP. Dec 04 07:33:06 host systemd[1]: tor.service: Scheduled restart job, restart counter is at 1. Dec 04 07:33:06 host systemd[1]: Stopped Anonymizing overlay network for TCP. Dec 04 07:33:06 host systemd[1]: Starting Anonymizing overlay network for TCP... Dec 04 07:33:06 host tor[368]: Dec 04 07:33:06.151 [notice] Tor 0.4.4.6 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1h, Zlib 1.2.11, Liblzma 5.2.5, and Libzstd 1.4.5. Dec 04 07:33:06 host tor[368]: Dec 04 07:33:06.152 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Dec 04 07:33:06 host tor[368]: Dec 04 07:33:06.152 [notice] Read configuration file "/etc/tor/torrc". Dec 04 07:33:06 host tor[368]: Dec 04 07:33:06.155 [warn] /var/lib/tor is not owned by this user (root, 0) but by tor (43). Perhaps you are running Tor as the wrong user? Dec 04 07:33:06 host tor[368]: Dec 04 07:33:06.157 [warn] Failed to parse/validate config: Couldn't access private data directory "/var/lib/tor" Dec 04 07:33:06 host tor[368]: Dec 04 07:33:06.157 [err] Reading config failed--see warnings above. Dec 04 07:33:06 host systemd[1]: tor.service: Control process exited, code=exited, status=1/FAILURE Dec 04 07:33:06 host systemd[1]: tor.service: Failed with result 'exit-code'. Dec 04 07:33:06 host systemd[1]: Failed to start Anonymizing overlay network for TCP. Dec 04 07:33:06 host systemd[1]: tor.service: Scheduled restart job, restart counter is at 2. Dec 04 07:33:06 host systemd[1]: Stopped Anonymizing overlay network for TCP. Dec 04 07:33:06 host systemd[1]: Starting Anonymizing overlay network for TCP... ... Dec 04 07:33:06 host systemd[1]: Starting Anonymizing overlay network for TCP... Dec 04 07:33:07 host tor[650]: Dec 04 07:33:07.000 [notice] Tor 0.4.4.6 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1h, Zlib 1.2.11, Liblzma 5.2.5, and Libzstd 1.4.5. Dec 04 07:33:07 host tor[650]: Dec 04 07:33:07.004 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Dec 04 07:33:07 host tor[650]: Dec 04 07:33:07.004 [notice] Read configuration file "/etc/tor/torrc". Dec 04 07:33:07 host tor[650]: Dec 04 07:33:07.008 [warn] /var/lib/tor is not owned by this user (root, 0) but by tor (43). Perhaps you are running Tor as the wrong user? Dec 04 07:33:07 host tor[650]: Dec 04 07:33:07.010 [warn] Failed to parse/validate config: Couldn't access private data directory "/var/lib/tor" Dec 04 07:33:07 host tor[650]: Dec 04 07:33:07.010 [err] Reading config failed--see warnings above. Dec 04 07:33:07 host systemd[1]: tor.service: Control process exited, code=exited, status=1/FAILURE Dec 04 07:33:07 host systemd[1]: tor.service: Failed with result 'exit-code'. Dec 04 07:33:07 host systemd[1]: Failed to start Anonymizing overlay network for TCP. Dec 04 07:33:07 host systemd[1]: tor.service: Scheduled restart job, restart counter is at 5. Dec 04 07:33:07 host systemd[1]: Stopped Anonymizing overlay network for TCP. Dec 04 07:33:07 host systemd[1]: tor.service: Start request repeated too quickly. Dec 04 07:33:07 host systemd[1]: tor.service: Failed with result 'exit-code'. Dec 04 07:33:07 host systemd[1]: Failed to start Anonymizing overlay network for TCP. I fixed the issue by simply adding the parameters back. Here is the corrected unit file: # tor.service -- this systemd configuration file for Tor sets up a # relatively conservative, hardened Tor service. You may need to # edit it if you are making changes to your Tor configuration that it # does not allow. Package maintainers: this should be a starting point # for your tor.service; it is not the last point. [Unit] Description=Anonymizing overlay network for TCP After=syslog.target network.target nss-lookup.target [Service] Type=notify NotifyAccess=all ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config ExecStart=/usr/bin/tor -f /etc/tor/torrc ExecReload=/bin/kill -HUP ${MAINPID} KillSignal=SIGINT TimeoutSec=60 Restart=on-failure WatchdogSec=1m LimitNOFILE=32768 # Hardening User=tor Group=tor PrivateTmp=yes PrivateDevices=yes ProtectHome=yes ProtectSystem=full ReadOnlyDirectories=/ ReadWriteDirectories=-/var/lib/tor ReadWriteDirectories=-/var/log/tor NoNewPrivileges=yes CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH [Install] WantedBy=multi-user.target Steps to reproduce: updating or removing the User=tor and Group=tor lines from the unit file Side note: I don't know how to check which version of the package originally made the change or if it was this file that was changed and not something else. |
This task depends upon
Closed by Doug Newgard (Scimmia)
Friday, 04 December 2020, 13:53 GMT
Reason for closing: Not a bug
Additional comments about closing: pacnew files are immportant. So is searching for closed duplicate tickets.
Friday, 04 December 2020, 13:53 GMT
Reason for closing: Not a bug
Additional comments about closing: pacnew files are immportant. So is searching for closed duplicate tickets.