Hidden service directory permissions prevent Vidalia from displaying the hidden service hostname
Usecase: create and publish a new hidden service with Vidalia.
(Note for those who would like to reproduce this bug: the selected hidden service directory must be owned by the user who runs the system-wide Tor (e.g. debian-tor
), which is not made clear, but this is Vidalia UI issue is orthogonal to the current one and will be addressed separately.)
=> Vidalia shows "Directory not found" in the "Onion Address" column, and the user has no easy way to get and share her hidden service hostname.
This is because Tor chmod's 700 this directory:
`[warn] Fixing permissions on directory /tmp/hidden`
check_private_dir
being called from rend_service_load_keys
.
It seems like the hostname cannot be asked by Vidalia using the control protocol, so the user who runs Vidalia needs to be allowed to read the "hostname" file in the configured hidden service directory.
When using a system-wide Tor daemon and cookie authentication, CookieAuthFileGroupReadable
is generally enabled, and the Vidalia user is generally a member of the system-wide Tor group (e.g. debian-tor
). This is e.g. the case in T(A)ILS.
I thus propose we add a new Tor option that could be called HiddenServiceDirGroupReadable
or HiddenServiceHostnameGroupReadable
, and work like
CookieAuthFileGroupReadable
. The exact semantics shall of course be specified more accurately, which I volunteer to do if we decide to go this way. In that case, I also volunteer to write the needed patch.
On the implementation side, adding a group_readable
boolean argument to the check_private_dir
function may be needed.
What do you think?