DataDirectoryGroupReadable enabled does not have effect
View options
On RedHat based systems the defaultrc includes DataDirectoryGroupReadable set to 1. But when starting up the daemon this is ignored and chmod of /var/lib/tor is set back to 0700.
This can be demostrated by the following test using vagrant:
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'centos/7'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'centos/7' is up to date...
==> default: Setting the name of the VM: tor-bug_default_1532356217662_9318
==> default: Fixed port collision for 22 => 2222. Now on port 2200.
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 22 (guest) => 2200 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2200
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: No guest additions were detected on the base box for this VM! Guest
default: additions are required for forwarded ports, shared folders, host only
default: networking, and more. If SSH fails on this machine, please install
default: the guest additions and repackage the box to continue.
default:
default: This is not an error message; everything may continue to work properly,
default: in which case you may ignore this message.
==> default: Rsyncing folder: /home/mh/fedora/tor-bug/ => /vagrant
==> default: Running provisioner: shell...
default: Running: inline script
default: Installing tor
default: Loaded plugins: fastestmirror
default: Determining fastest mirrors
default: * base: mirror.spreitzer.ch
default: * extras: mirror.spreitzer.ch
default: * updates: mirror.spreitzer.ch
default: Resolving Dependencies
default: --> Running transaction check
default: ---> Package tor.x86_64 0:0.3.3.9-1.el7 will be installed
default: --> Processing Dependency: torsocks for package: tor-0.3.3.9-1.el7.x86_64
default: --> Running transaction check
default: ---> Package torsocks.x86_64 0:2.2.0-1.el7.centos will be installed
default: --> Finished Dependency Resolution
default:
default: Dependencies Resolved
default:
default: ================================================================================
default: Package Arch Version Repository Size
default: ================================================================================
default: Installing:
default: tor x86_64 0.3.3.9-1.el7 maha-tor-latest 2.8 M
default: Installing for dependencies:
default: torsocks x86_64 2.2.0-1.el7.centos maha-tor-latest 65 k
default:
default: Transaction Summary
default: ================================================================================
default: Install 1 Package (+1 Dependent package)
default:
default: Total download size: 2.9 M
default: Installed size: 13 M
default: Downloading packages:
default: Public key for torsocks-2.2.0-1.el7.centos.x86_64.rpm is not installed
default: warning: /var/cache/yum/x86_64/7/maha-tor-latest/packages/torsocks-2.2.0-1.el7.centos.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID fe1432b1: NOKEY
default: --------------------------------------------------------------------------------
default: Total 1.4 MB/s | 2.9 MB 00:02
default: Retrieving key from https://copr-be.cloud.fedoraproject.org/results/maha/tor-latest/pubkey.gpg
default: Importing GPG key 0xFE1432B1:
default: Userid : "maha_tor-latest (None) <maha#tor-latest@copr.fedorahosted.org>"
default: Fingerprint: ddc6 1efd 56fa 03e5 e2d8 fa26 03f9 1145 fe14 32b1
default: From : https://copr-be.cloud.fedoraproject.org/results/maha/tor-latest/pubkey.gpg
default: Running transaction check
default: Running transaction test
default: Transaction test succeeded
default: Running transaction
default: Installing : torsocks-2.2.0-1.el7.centos.x86_64 1/2
default:
default: Installing : tor-0.3.3.9-1.el7.x86_64 2/2
default:
default: Verifying : torsocks-2.2.0-1.el7.centos.x86_64 1/2
default:
default: Verifying : tor-0.3.3.9-1.el7.x86_64 2/2
default:
default:
default: Installed:
default: tor.x86_64 0:0.3.3.9-1.el7
default:
default: Dependency Installed:
default: torsocks.x86_64 0:2.2.0-1.el7.centos
default:
default: Complete!
default:
default: ls -la /var/lib/tor
default: total 4
default: drwxr-x---. 2 toranon root 6 Jul 14 09:59 .
default: drwxr-xr-x. 29 root root 4096 Jul 23 14:31 ..
default:
default: Grep Data
default: /etc/tor/torrc:## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
default: /etc/tor/torrc:#DataDirectory /var/lib/tor
default: /usr/share/tor/defaults-torrc:DataDirectory /var/lib/tor
default: /usr/share/tor/defaults-torrc:DataDirectoryGroupReadable 1
default:
default: starting tor
default:
default: tor logs
default: -- Logs begin at Mon 2018-07-23 14:30:24 UTC, end at Mon 2018-07-23 14:31:08 UTC. --
default: Jul 23 14:31:07 localhost.localdomain systemd[1]: Starting Anonymizing overlay network for TCP...
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.126 [notice] Tor 0.3.3.9 (git-45028085ea188baf) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2k-fips, Zlib 1.2.7, Liblzma N/A, and Libzstd N/A.
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.127 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.127 [notice] Read configuration file "/usr/share/tor/defaults-torrc".
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.127 [notice] Read configuration file "/etc/tor/torrc".
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.135 [warn] Fixing permissions on directory /var/lib/tor
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Configuration was valid
default: Jul 23 14:31:08 localhost.localdomain systemd[1]: Started Anonymizing overlay network for TCP.
default:
default: ls -la /var/lib/tor
default: total 4
default: drwx------. 2 toranon root 6 Jul 14 09:59 .
default: drwxr-xr-x. 29 root root 4096 Jul 23 14:31 ..Using the following Vagrantfile:
$ cat Vagrantfile
script = <<-SCRIPT
curl -s -o /etc/yum.repos.d/maha-tor-latest-epel-7.repo https://copr.fedorainfracloud.org/coprs/maha/tor-latest/repo/epel-7/maha-tor-latest-epel-7.repo
echo Installing tor
yum install tor -y
echo 'Log debug stderr' >> /etc/tor/torrc
echo
echo ls -la /var/lib/tor
ls -la /var/lib/tor
echo
echo "Grep Data"
grep Data /etc/tor/torrc /usr/share/tor/defaults-torrc
echo
echo starting tor
systemctl start tor
echo
echo tor logs
journalctl -u tor -n 2000 --no-pager
echo
echo ls -la /var/lib/tor
ls -la /var/lib/tor
SCRIPT
Vagrant.configure("2") do |config|
config.vm.box = "centos/7"
config.vm.provision "shell", inline: script
endTrac:
Username: maha