DataDirectoryGroupReadable enabled does not have effect
On RedHat based systems the defaultrc includes DataDirectoryGroupReadable set to 1. But when starting up the daemon this is ignored and chmod of /var/lib/tor is set back to 0700.
This can be demostrated by the following test using vagrant:
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'centos/7'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'centos/7' is up to date...
==> default: Setting the name of the VM: tor-bug_default_1532356217662_9318
==> default: Fixed port collision for 22 => 2222. Now on port 2200.
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 22 (guest) => 2200 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2200
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: No guest additions were detected on the base box for this VM! Guest
default: additions are required for forwarded ports, shared folders, host only
default: networking, and more. If SSH fails on this machine, please install
default: the guest additions and repackage the box to continue.
default:
default: This is not an error message; everything may continue to work properly,
default: in which case you may ignore this message.
==> default: Rsyncing folder: /home/mh/fedora/tor-bug/ => /vagrant
==> default: Running provisioner: shell...
default: Running: inline script
default: Installing tor
default: Loaded plugins: fastestmirror
default: Determining fastest mirrors
default: * base: mirror.spreitzer.ch
default: * extras: mirror.spreitzer.ch
default: * updates: mirror.spreitzer.ch
default: Resolving Dependencies
default: --> Running transaction check
default: ---> Package tor.x86_64 0:0.3.3.9-1.el7 will be installed
default: --> Processing Dependency: torsocks for package: tor-0.3.3.9-1.el7.x86_64
default: --> Running transaction check
default: ---> Package torsocks.x86_64 0:2.2.0-1.el7.centos will be installed
default: --> Finished Dependency Resolution
default:
default: Dependencies Resolved
default:
default: ================================================================================
default: Package Arch Version Repository Size
default: ================================================================================
default: Installing:
default: tor x86_64 0.3.3.9-1.el7 maha-tor-latest 2.8 M
default: Installing for dependencies:
default: torsocks x86_64 2.2.0-1.el7.centos maha-tor-latest 65 k
default:
default: Transaction Summary
default: ================================================================================
default: Install 1 Package (+1 Dependent package)
default:
default: Total download size: 2.9 M
default: Installed size: 13 M
default: Downloading packages:
default: Public key for torsocks-2.2.0-1.el7.centos.x86_64.rpm is not installed
default: warning: /var/cache/yum/x86_64/7/maha-tor-latest/packages/torsocks-2.2.0-1.el7.centos.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID fe1432b1: NOKEY
default: --------------------------------------------------------------------------------
default: Total 1.4 MB/s | 2.9 MB 00:02
default: Retrieving key from https://copr-be.cloud.fedoraproject.org/results/maha/tor-latest/pubkey.gpg
default: Importing GPG key 0xFE1432B1:
default: Userid : "maha_tor-latest (None) <maha#tor-latest@copr.fedorahosted.org>"
default: Fingerprint: ddc6 1efd 56fa 03e5 e2d8 fa26 03f9 1145 fe14 32b1
default: From : https://copr-be.cloud.fedoraproject.org/results/maha/tor-latest/pubkey.gpg
default: Running transaction check
default: Running transaction test
default: Transaction test succeeded
default: Running transaction
default: Installing : torsocks-2.2.0-1.el7.centos.x86_64 1/2
default:
default: Installing : tor-0.3.3.9-1.el7.x86_64 2/2
default:
default: Verifying : torsocks-2.2.0-1.el7.centos.x86_64 1/2
default:
default: Verifying : tor-0.3.3.9-1.el7.x86_64 2/2
default:
default:
default: Installed:
default: tor.x86_64 0:0.3.3.9-1.el7
default:
default: Dependency Installed:
default: torsocks.x86_64 0:2.2.0-1.el7.centos
default:
default: Complete!
default:
default: ls -la /var/lib/tor
default: total 4
default: drwxr-x---. 2 toranon root 6 Jul 14 09:59 .
default: drwxr-xr-x. 29 root root 4096 Jul 23 14:31 ..
default:
default: Grep Data
default: /etc/tor/torrc:## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
default: /etc/tor/torrc:#DataDirectory /var/lib/tor
default: /usr/share/tor/defaults-torrc:DataDirectory /var/lib/tor
default: /usr/share/tor/defaults-torrc:DataDirectoryGroupReadable 1
default:
default: starting tor
default:
default: tor logs
default: -- Logs begin at Mon 2018-07-23 14:30:24 UTC, end at Mon 2018-07-23 14:31:08 UTC. --
default: Jul 23 14:31:07 localhost.localdomain systemd[1]: Starting Anonymizing overlay network for TCP...
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.126 [notice] Tor 0.3.3.9 (git-45028085ea188baf) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2k-fips, Zlib 1.2.7, Liblzma N/A, and Libzstd N/A.
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.127 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.127 [notice] Read configuration file "/usr/share/tor/defaults-torrc".
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.127 [notice] Read configuration file "/etc/tor/torrc".
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.135 [warn] Fixing permissions on directory /var/lib/tor
default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Configuration was valid
default: Jul 23 14:31:08 localhost.localdomain systemd[1]: Started Anonymizing overlay network for TCP.
default:
default: ls -la /var/lib/tor
default: total 4
default: drwx------. 2 toranon root 6 Jul 14 09:59 .
default: drwxr-xr-x. 29 root root 4096 Jul 23 14:31 ..Using the following Vagrantfile:
$ cat Vagrantfile
script = <<-SCRIPT
curl -s -o /etc/yum.repos.d/maha-tor-latest-epel-7.repo https://copr.fedorainfracloud.org/coprs/maha/tor-latest/repo/epel-7/maha-tor-latest-epel-7.repo
echo Installing tor
yum install tor -y
echo 'Log debug stderr' >> /etc/tor/torrc
echo
echo ls -la /var/lib/tor
ls -la /var/lib/tor
echo
echo "Grep Data"
grep Data /etc/tor/torrc /usr/share/tor/defaults-torrc
echo
echo starting tor
systemctl start tor
echo
echo tor logs
journalctl -u tor -n 2000 --no-pager
echo
echo ls -la /var/lib/tor
ls -la /var/lib/tor
SCRIPT
Vagrant.configure("2") do |config|
config.vm.box = "centos/7"
config.vm.provision "shell", inline: script
endTrac:
Username: maha