Creating private_key/hostname fails with "RO filesystem" message but target dir is actually RW
Version: 0.2.9.10 (git-e28303bcf90b842d) on debian jessie live iso
Problem
Apr 28 10:22:58.000 [warn] Couldn't open "/var/tor/hidden_site/private_key.tmp" (/var/tor/hidden_site/private_key) for writing: Read-only file system
Apr 28 10:22:58.000 [err] Couldn't write generated key to "/var/tor/hidden_site/private_key".
Wanted behaviour
These files are to be written in a directory which IS writable by the designated running user
These error/warning message seem wrong, and the creating of the hidden service is rendered impossible, if running through systemd
Steps to reproduce
-
run debian-live-8.7.1-amd64-standard.iso is live mode
-
run following commands
gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
cat << "EOF" | sudo tee /etc/apt/sources.list.d/tor.list
deb http://deb.torproject.org/torproject.org jessie main
deb-src http://deb.torproject.org/torproject.org jessie main
EOF
sudo apt-get update
sudo apt-get install deb.torproject.org-keyring
sudo apt-get install tor
sudo systemctl stop tor
sudo mkdir -p /var/tor
sudo mount -t tmpfs tmpfs /var/tor/
sudo mkdir -p /var/tor/hidden_site
sudo chmod 700 /var/tor/hidden_site
sudo chown debian-tor:debian-tor /var/tor/hidden_site
cat << "EOF" | sudo tee /etc/tor/torrc
HiddenServiceDir /var/tor/hidden_site
HiddenServicePort 80 127.0.0.1:8080
EOF
sudo -u debian-tor tor --verify-config
sudo systemctl start tor
NOTE: mounting a tmpfs is just an attempt at making sure no RO filesystem was in the game...
- tor log
Apr 28 10:22:58.000 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) opening log file.
Apr 28 10:22:58.067 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
Apr 28 10:22:58.067 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Apr 28 10:22:58.067 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Apr 28 10:22:58.067 [notice] Read configuration file "/etc/tor/torrc".
Apr 28 10:22:58.071 [notice] Opening Socks listener on 127.0.0.1:9050
Apr 28 10:22:58.000 [warn] Couldn't open "/var/tor/hidden_site/private_key.tmp" (/var/tor/hidden_site/private_key) for writing: Read-only file system
Apr 28 10:22:58.000 [err] Couldn't write generated key to "/var/tor/hidden_site/private_key".
Apr 28 10:22:58.000 [warn] Error loading rendezvous service keys
Apr 28 10:22:58.000 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.2.9.10 )
Actual mountpoints
aufs on / type aufs (rw,noatime,si=2cb2b7e036b24d5d,noxino)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devtmpfs on /dev type devtmpfs (rw,nosuid,size=10240k,nr_inodes=124323,mode=755)
/dev/sr0 on /lib/live/mount/medium type iso9660 (ro,noatime)
tmpfs on /lib/live/mount/overlay type tmpfs (rw,noatime,mode=755)
tmpfs on /lib/live/mount/overlay type tmpfs (rw,relatime)
/dev/loop0 on /lib/live/mount/rootfs/filesystem.squashfs type squashfs (ro,noatime)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=22,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
tmpfs on /run type tmpfs (rw,nosuid,relatime,size=204864k,mode=755)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime)
tmpfs on /var/tor type tmpfs (rw,relatime)
Manual run
If instead of running tor via systemctl, we then launch it manually in shell through ssh :
sudo /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
ps auxf
confirms it runs as debian-tor
.
Here everything goes fine :
Apr 28 13:00:41.281 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
Apr 28 13:00:41.281 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Apr 28 13:00:41.281 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Apr 28 13:00:41.282 [notice] Read configuration file "/etc/tor/torrc".
Apr 28 13:00:41.286 [notice] Opening Socks listener on 127.0.0.1:9050
Apr 28 13:00:41.000 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) opening log file.
Apr 28 13:00:41.281 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
Apr 28 13:00:41.281 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Apr 28 13:00:41.281 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Apr 28 13:00:41.282 [notice] Read configuration file "/etc/tor/torrc".
Apr 28 13:00:41.286 [notice] Opening Socks listener on 127.0.0.1:9050
Apr 28 13:00:41.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Apr 28 13:00:41.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Apr 28 13:00:41.000 [notice] Bootstrapped 0%: Starting
Apr 28 13:00:41.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Apr 28 13:00:42.000 [notice] Opening Socks listener on /var/run/tor/socks
Apr 28 13:00:42.000 [notice] Opening Control listener on /var/run/tor/control
Apr 28 13:00:42.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Apr 28 13:00:42.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Apr 28 13:00:43.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Apr 28 13:00:43.000 [notice] Bootstrapped 100%: Done
The hidden service files are created :
sudo find /var/tor -ls
31802 0 drwxrwxrwt 3 root root 60 Apr 28 12:30 /var/tor
31841 0 drwx------ 2 debian-tor debian-tor 80 Apr 28 13:00 /var/tor/hidden_site
36795 4 -rw------- 1 debian-tor debian-tor 23 Apr 28 13:00 /var/tor/hidden_site/hostname
36794 4 -rw------- 1 debian-tor debian-tor 887 Apr 28 13:00 /var/tor/hidden_site/private_key
Trac:
Username: nipil