Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Tor
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 329
    • Issues 329
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 31
    • Merge requests 31
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • TorTor
  • Issues
  • #26913
Closed
Open
Issue created Jul 23, 2018 by Trac@tracbot

DataDirectoryGroupReadable enabled does not have effect

On RedHat based systems the defaultrc includes DataDirectoryGroupReadable set to 1. But when starting up the daemon this is ignored and chmod of /var/lib/tor is set back to 0700.

This can be demostrated by the following test using vagrant:

$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'centos/7'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'centos/7' is up to date...
==> default: Setting the name of the VM: tor-bug_default_1532356217662_9318
==> default: Fixed port collision for 22 => 2222. Now on port 2200.
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
==> default: Forwarding ports...
    default: 22 (guest) => 2200 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2200
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: No guest additions were detected on the base box for this VM! Guest
    default: additions are required for forwarded ports, shared folders, host only
    default: networking, and more. If SSH fails on this machine, please install
    default: the guest additions and repackage the box to continue.
    default: 
    default: This is not an error message; everything may continue to work properly,
    default: in which case you may ignore this message.
==> default: Rsyncing folder: /home/mh/fedora/tor-bug/ => /vagrant
==> default: Running provisioner: shell...
    default: Running: inline script
    default: Installing tor
    default: Loaded plugins: fastestmirror
    default: Determining fastest mirrors
    default:  * base: mirror.spreitzer.ch
    default:  * extras: mirror.spreitzer.ch
    default:  * updates: mirror.spreitzer.ch
    default: Resolving Dependencies
    default: --> Running transaction check
    default: ---> Package tor.x86_64 0:0.3.3.9-1.el7 will be installed
    default: --> Processing Dependency: torsocks for package: tor-0.3.3.9-1.el7.x86_64
    default: --> Running transaction check
    default: ---> Package torsocks.x86_64 0:2.2.0-1.el7.centos will be installed
    default: --> Finished Dependency Resolution
    default: 
    default: Dependencies Resolved
    default: 
    default: ================================================================================
    default:  Package       Arch        Version                   Repository            Size
    default: ================================================================================
    default: Installing:
    default:  tor           x86_64      0.3.3.9-1.el7             maha-tor-latest      2.8 M
    default: Installing for dependencies:
    default:  torsocks      x86_64      2.2.0-1.el7.centos        maha-tor-latest       65 k
    default: 
    default: Transaction Summary
    default: ================================================================================
    default: Install  1 Package (+1 Dependent package)
    default: 
    default: Total download size: 2.9 M
    default: Installed size: 13 M
    default: Downloading packages:
    default: Public key for torsocks-2.2.0-1.el7.centos.x86_64.rpm is not installed
    default: warning: /var/cache/yum/x86_64/7/maha-tor-latest/packages/torsocks-2.2.0-1.el7.centos.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID fe1432b1: NOKEY
    default: --------------------------------------------------------------------------------
    default: Total                                              1.4 MB/s | 2.9 MB  00:02     
    default: Retrieving key from https://copr-be.cloud.fedoraproject.org/results/maha/tor-latest/pubkey.gpg
    default: Importing GPG key 0xFE1432B1:
    default:  Userid     : "maha_tor-latest (None) <maha#tor-latest@copr.fedorahosted.org>"
    default:  Fingerprint: ddc6 1efd 56fa 03e5 e2d8 fa26 03f9 1145 fe14 32b1
    default:  From       : https://copr-be.cloud.fedoraproject.org/results/maha/tor-latest/pubkey.gpg
    default: Running transaction check
    default: Running transaction test
    default: Transaction test succeeded
    default: Running transaction
    default:   Installing : torsocks-2.2.0-1.el7.centos.x86_64                           1/2
    default:  
    default:   Installing : tor-0.3.3.9-1.el7.x86_64                                     2/2
    default:  
    default:   Verifying  : torsocks-2.2.0-1.el7.centos.x86_64                           1/2
    default:  
    default:   Verifying  : tor-0.3.3.9-1.el7.x86_64                                     2/2
    default:  
    default: 
    default: Installed:
    default:   tor.x86_64 0:0.3.3.9-1.el7                                                    
    default: 
    default: Dependency Installed:
    default:   torsocks.x86_64 0:2.2.0-1.el7.centos                                          
    default: 
    default: Complete!
    default: 
    default: ls -la /var/lib/tor
    default: total 4
    default: drwxr-x---.  2 toranon root    6 Jul 14 09:59 .
    default: drwxr-xr-x. 29 root    root 4096 Jul 23 14:31 ..
    default: 
    default: Grep Data
    default: /etc/tor/torrc:## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
    default: /etc/tor/torrc:#DataDirectory /var/lib/tor
    default: /usr/share/tor/defaults-torrc:DataDirectory /var/lib/tor
    default: /usr/share/tor/defaults-torrc:DataDirectoryGroupReadable 1
    default: 
    default: starting tor
    default: 
    default: tor logs
    default: -- Logs begin at Mon 2018-07-23 14:30:24 UTC, end at Mon 2018-07-23 14:31:08 UTC. --
    default: Jul 23 14:31:07 localhost.localdomain systemd[1]: Starting Anonymizing overlay network for TCP...
    default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.126 [notice] Tor 0.3.3.9 (git-45028085ea188baf) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2k-fips, Zlib 1.2.7, Liblzma N/A, and Libzstd N/A.
    default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.127 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
    default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.127 [notice] Read configuration file "/usr/share/tor/defaults-torrc".
    default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.127 [notice] Read configuration file "/etc/tor/torrc".
    default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Jul 23 14:31:08.135 [warn] Fixing permissions on directory /var/lib/tor
    default: Jul 23 14:31:08 localhost.localdomain tor[2563]: Configuration was valid
    default: Jul 23 14:31:08 localhost.localdomain systemd[1]: Started Anonymizing overlay network for TCP.
    default: 
    default: ls -la /var/lib/tor
    default: total 4
    default: drwx------.  2 toranon root    6 Jul 14 09:59 .
    default: drwxr-xr-x. 29 root    root 4096 Jul 23 14:31 ..

Using the following Vagrantfile:

$ cat Vagrantfile 
script = <<-SCRIPT
curl -s -o /etc/yum.repos.d/maha-tor-latest-epel-7.repo https://copr.fedorainfracloud.org/coprs/maha/tor-latest/repo/epel-7/maha-tor-latest-epel-7.repo
echo Installing tor
yum install tor -y
echo 'Log debug stderr' >> /etc/tor/torrc
echo
echo ls -la /var/lib/tor
ls -la /var/lib/tor
echo
echo "Grep Data"
grep Data /etc/tor/torrc /usr/share/tor/defaults-torrc
echo
echo starting tor
systemctl start tor
echo
echo tor logs
journalctl -u tor -n 2000 --no-pager
echo
echo ls -la /var/lib/tor
ls -la /var/lib/tor
SCRIPT

Vagrant.configure("2") do |config|
  config.vm.box = "centos/7"
  config.vm.provision "shell", inline: script
end

Trac:
Username: maha

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking