Skip to content
Snippets Groups Projects

OpenbsdChrootedTorControlScript

Last edited by Alexander Færøy

After some frustrating attempts to get a usable control script for my chrooted OpenBSD system I hacked together some mods for the default torctl file (that tor.sh points at). In the end I did not alter (or use for that matter) tor.sh because it doesn't play nice with torctl on my system. Here is my file and the changes I made are commented below. You can also set your /etc/rc.local to execute 'torctl start' so it will load on boot. Also, if you execute this torctl file and have duplicate settings in your torrc you stand a good chance of seeing duplicate log messages which can be annoying. My suggestion is to EITHER remove the $TORARGS part of the START line (see below) and move all necessary settings into your torrc OR remove your log directive from your torrc. For the sack of legibility I remove some comments.

Any improvements are welcome.


# Name of the executable
EXEC=tor

    #added this:

CHROOT="/var/tor"    # the path to the chroot directory

    #changed this... this is within the chroot when called:

TORBIN="/bin/$EXEC"   # the path to your binary, including options if necessary

    #changed this... this is within the chroot when called:

TORCONF="/etc/tor/torrc"     # the path to the configuration file

    #changed this... this is within the chroot when called:

PIDFILE="/var/lib/tor/tor.pid"     # the path to your PID file

    #changed this... this is within the chroot when called:

LOGFILE="/var/log/notices.log"      # The path to the log file

    #changed this... this is within the chroot when called:

TORDATA="/var/lib/tor"      # The path to the datadirectory

TORARGS="--pidfile $PIDFILE --log \"notice file $LOGFILE\" --runasdaemon 1"
TORARGS="$TORARGS --datadirectory $TORDATA"

    #commented out these lines as useless/undesirable

#if [ "x`id -u`" = "x0" ]; then

#    TORUSER=_tor

#fi

#if [ "x$TORUSER" != "x" ]; then

#    TORARGS="$TORARGS --user $TORUSER"

#fi

    #changed this, if you specify the arguments in your torrc you can take out "$TORARGS":

START="/usr/sbin/chroot -u _tor /var/tor $TORBIN -f $TORCONF $TORARGS"

#
# --------------------                              --------------------
# ||||||||||||||||||||   END CONFIGURATION SECTION  ||||||||||||||||||||

ERROR=0
ARGV="$@"
if [ "x$ARGV" = "x" ] ; then
    ARGS="help"
fi

checkIfRunning ( ) {
    # check for pidfile
    PID=unknown
    if [ -f $CHROOT/$PIDFILE ] ; then                   #changed this so script will follow proper path
        PID=`/bin/cat $CHROOT/$PIDFILE`                 #changed this so script will follow proper path

        if [ "x$PID" != "x" ] ; then
            if kill -0 $PID 2>/dev/null ; then
               STATUS="$EXEC (pid $PID) running"
               RUNNING=1
            else
                STATUS="PID file ($CHROOT/$PIDFILE) present, but $EXEC ($PID) not running"      #changed this so script will follow proper path
                RUNNING=0
            fi
        else
            STATUS="$EXEC (pid $PID?) not running"
            RUNNING=0
        fi
    else
       STATUS="$EXEC apparently not running (no pid file)"
       RUNNING=0
    fi
    return
}

for ARG in $@ $ARGS
do
    checkIfRunning

    case $ARG in
    start)
        if [ $RUNNING -eq 1 ]; then
            echo "$0 $ARG: $EXEC (pid $PID) already running"
            continue
        fi
        if eval "$START" ; then
            echo "$0 $ARG: $EXEC started"
            # Make sure it stayed up!
            /bin/sleep 1
            checkIfRunning
            if [ $RUNNING -eq 0 ]; then
                echo "$0 $ARG: $EXEC (pid $PID) quit unexpectedly"
            fi
        else
            echo "$0 $ARG: $EXEC could not be started"
            ERROR=3
        fi
        ;;
    stop)
        if [ $RUNNING -eq 0 ]; then
            echo "$0 $ARG: $STATUS"
            continue
        fi
        if kill -15 $PID ; then
            echo "$0 $ARG: $EXEC stopped"
        else
            /bin/sleep 1
            if kill -9 $PID ; then
                echo "$0 $ARG: $EXEC stopped"
            else
                echo "$0 $ARG: $EXEC could not be stopped"
                ERROR=4
            fi
        fi
        # Make sure it really died!
        /bin/sleep 1
        checkIfRunning
        if [ $RUNNING -eq 1 ]; then
            echo "$0 $ARG: $EXEC (pid $PID) unexpectedly still running"
            ERROR=4
        fi
        ;;
    restart)
        $0 stop start
        ;;
    reload)
        if [ $RUNNING -eq 0 ]; then
            echo "$0 $ARG: $STATUS"
            continue
        fi
        if kill -1 $PID; then
            /bin/sleep 1
            echo "$EXEC (PID $PID) reloaded"
        else
            echo "Can't reload $EXEC"
            ERROR=3
        fi
        ;;
    status)
        echo $STATUS
        if [ $RUNNING -eq 1 ]; then
            ERROR=0
        else
            ERROR=1
        fi
        ;;
    log)
        cat $LOGFILE
        ;;
    help)
        echo "usage: $0 (start|stop|restart|status|help)"
        /bin/cat <<EOF

start      - start $EXEC
stop       - stop $EXEC
restart    - stop and restart $EXEC if running or start if not running
reload     - cause the running process to reinitialize itself
status     - tell whether $EXEC is running or not
log        - display the contents of the log file
help       - this text

EOF
        ERROR=0
        ;;
    *)
        $0 help
        ERROR=2
        ;;

    esac

done

exit $ERROR

Comments

    Please register or sign in to add a comment.