Delivery-Date: Wed, 12 Aug 2015 20:03:43 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,URIBL_BLACK autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 2F9F61E0CA7;
	Wed, 12 Aug 2015 20:03:42 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E168E36478;
	Thu, 13 Aug 2015 00:03:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A5F9E363E2
 for <tor-talk@lists.torproject.org>; Thu, 13 Aug 2015 00:03:28 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id yG9H_yqhKi0v for <tor-talk@lists.torproject.org>;
 Thu, 13 Aug 2015 00:03:28 +0000 (UTC)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com
 [162.222.225.18])
 by eugeni.torproject.org (Postfix) with ESMTP id 8955B36214
 for <tor-talk@lists.torproject.org>; Thu, 13 Aug 2015 00:03:28 +0000 (UTC)
Received: from [0.0.0.0] (unknown [171.25.193.25])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 (Authenticated sender: s7r@sky-ip.org)
 by outbound.mailhostbox.com (Postfix) with ESMTPSA id 1E4A478473E
 for <tor-talk@lists.torproject.org>; Thu, 13 Aug 2015 00:03:23 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org;
 s=20110108; t=1439424205;
 bh=z+jqQdHEpOIjf5H4r1QmBS6XQFNF11mvtqytNe8c7QI=;
 h=Reply-To:Subject:References:To:From:Date:In-Reply-To;
 b=IJeJ/TlR/7sb7+vnBs6aVDywX7nPqAwitugqrlwkbVd+96d/a/Yt8xMdfsVjqsQes
 vy3qeb5sFSzaWsudHcBFE9+0MwnjpVRPPTJ25JYlUKR/PuBmBWTTCJirzo917R6Hw2
 EhTT9kMtKz9eOJAlpUhfS7s92Z5l0NXH3BPSaEtk=
References: <mailman.390.1439336562.3050.tor-talk@lists.torproject.org>
 <55CBAA03.8090008@canaglie.org>
To: tor-talk@lists.torproject.org
From: s7r <s7r@sky-ip.org>
X-Enigmail-Draft-Status: N1110
Message-ID: <55CBDEC5.9020901@sky-ip.org>
Date: Thu, 13 Aug 2015 03:03:17 +0300
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <55CBAA03.8090008@canaglie.org>
X-CTCH-RefID: str=0001.0A020201.55CBDECD.00D6, ss=1, re=0.000, recu=0.000,
 reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Rules: 
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: s7r@sky-ip.org
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.1 cv=YL9iskyx c=1 sm=1 tr=0
 a=dtSGLGm2Mw/Om7wdNULuFA==:117 a=dtSGLGm2Mw/Om7wdNULuFA==:17
 a=-NIMs_s3AAAA:8 a=bvjBBkZ6AAAA:8 a=JAI3OqB5mnwA:10 a=N659UExz7-8A:10
 a=AwIQbDszAAAA:8 a=JofzUr8j6qtH_iTW0uoA:9 a=8Si6qw59d1Vt_T4A:21
 a=FMB4IYvayau8LKDI:21 a=pILNOxqGKmIA:10
Subject: Re: [tor-talk] Problem with where hidden_services able to be
 placed/permissions.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I understand.

In Debian, if installed via apt-get, Tor will run under user debian-tor.

If you create the hidden service directory in /home/user/Documents,
this doesn't give the permissions to the user running Tor, which is as
I said 'debian-tor' and not 'user'.

Please follow up below and see comments inline:

On 8/12/2015 11:18 PM, MaQ wrote:
> Yes, running Tor 0.2.6.10.'Do you see there files like 
> cached-microdesc-consensus, lock, state, etc.?' Files do exist in 
> /var/lib/tor. The pertinent torrc:
> 
> 'HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80
> 127.0.0.1:80'
> 
> The '/var/lib/tor' by default is limited to root. I did some tests 
> deleting 'hidden_service' to regenerate new .onion addresses. All
> fine.
> 

OK, this is normal.

> The normal 'user' of system can't access '/var/lib/tor'. I changed 
> permissions of folder. Tor wouldn't generate new hidden_services
> files or connect. I created a new folder 'hidden_service' in
> user's '/home/user/Documents' and changed torrc to 
> '/home/user/Documents/hidden_service'. Tor wouldn't generate new 
> hidden_services files or connect.
> 

Tor cannot generate new hidden service files in
/home/user/Documents/hidden_service because this is owned by 'user'
and Tor is run by 'debian-tor'.

Do this: leave in torrc:
HiddenServiceDir /home/user/Documents/hidden_service

And run these commands:
chown -R debian-tor:debian-tor /home/user/Documents/hidden_service

chown -R debian-tor:debian-tor /home/user/Documents/hidden_service/*


> Changed everything back, back to normal... What I'm trying to do is
> have a fresh OS, that when a new user starts for first time, a
> unique .onion address is generated for them and it is easily
> displayed on a start page, without them having to fish around in
> files or having to use editor, terminal, etc.
> 

This won't work unless Tor is also started/reloaded (so it'll generate
the hidden service files), and you need to add each time entries in
torrc for each user for this to happen:

HiddenServiceDir /home/user1/Documents/hidden_service/
HiddenServicePort 80 127.0.0.1:80 # or whatever you use

HiddenServiceDir /home/user2/Documents/hidden_service/
HiddenServicePort 80 127.0.0.1:80 # or whatever you use

You also need to change the owner of all hidden_service folders for
each user to debian-tor using the commands above.


> (On another note, the tor lists has been the quickest
> response/most helpful for a novice, that I've encountered. Thank
> you all.)
> 
> ----------
> 
> Hi,
> 
> If you installed from deb.torproject.org I assume you are using
> Tor 0.2.6.10, correct? (run # tor --version to check this).
> 
> Please explain once again what you did, I don't exactly
> understand. Have you restored a hidden service for which you had
> backups of private_key and hostname files? Or did you leave Tor to
> create a new hidden service? What do you mean by 'set-up a
> directory in user's Documents folder'?
> 
> If you have installed via apt, your datadirectory should be 
> /var/lib/tor, unless you didn't change it by modifying torrc. Do
> you see there files like cached-microdesc-consensus, lock, state,
> etc.? Also, the username who should run Tor on your system is
> debian-tor.
> 
> Please provide more details and torrc entries.
> 
> On 8/10/2015 11:49 PM, MaQ wrote:
>> I tried a couple of things.
>> 
>> Gave complete permissions to user at 
>> /var/lib/tor/hidden_services/hostname recursively AND
>> 
>> set-up a directory in user's Documents folder.
>> 
>> In both instances Tor would not make a connection. Had to revert 
>> all settings back to only allowing files to be placed with root 
>> restrictions in /var/lib/tor/ (torrc was correctly set to best
>> of knowledge in both instances).
>> 
>> I'm using Debian, Tor was installed from apt repositories using 
>> instructions from torproject.org, with adding line to
>> sources.list and keyring, etc.
>> 
>> Need user to have access to hostname file.
>> 
>> Did read something about differences in privileges depending if 
>> using apt or downloading tarball?
>> 
>> What is solution?
> 
> tor-talk-request@lists.torproject.org:
>> Re: [tor-talk] Problem with where hidden_services able to be 
>> placed/permissions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVy97FAAoJEIN/pSyBJlsRaggH/j/UWNoRRQ+BVI9W0314H8mL
93QA4fZ/m1g5uBdDD3sWXTkMcPViXe9xGIFgwb3wKLvM9SEIMGk+qqCs4P8fdFfC
BTiSWjY7NQB0lAINH3LkPosMeZgwudkq6lXNnTlsdGNJP9E6YteS9Pr8t/rJ2YAr
VKqstsNfbROsDRCfdBwcmTUPSYRnAWlNIM8gCvgb9yKdeobpoMac32Uig45GCdKB
1tnSPR1Z3YyWrjeOfsfrGT7n594Pl4BAVegObIXrNA+Ot33VOijgOaAVR2Hm3Fxd
vzsaQbRyBGLHI+FL8Sm/aqQVFY9/9JXPjMFURzOAR7q9Y3mY+okCDw60UTPvY0o=
=UOoW
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

