Fedora/CentOS starts the tor service as root and drops privileges to user 'toranon' due to the torrc 'User' parameter by default.
Also by default the tor service runs in a SELinux confined domain (tor_t). That means root in that domain can NOT access just any files regardless of DAC filesystem permissions (DAC_OVERRIDE is not granted by default). Which results in the situation that during startup (before privileges are dropped and user is switched to 'toranon') tor can not access the hiddenservicedir without allowing DAC_OVERRIDE or changing filesystem permissions, but it could if at that point privileges were already switched to the user specified in the torrc file. From my point of view the nicest solution would be if tor drops privileges before it accesses anything on the filesystem - which would solve above problem. Would that introduce other problems? Is there a specific reason why tor drops privileges later? (this is about running tor and tor in --verify-config mode) context: https://bugzilla.redhat.com/show_bug.cgi?id=1602171 (I consider this problem solved via the workaround but I'm still interested in the above question) -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
