Opened 9 years ago

Closed 9 years ago

#1274 closed defect (fixed)

Tor is not running as user tor

Reported by: Anmibe Owned by: erinn
Priority: Low Milestone: Tor: 0.2.2.x-final
Component: Applications/Tor bundles/installation Version: 0.2.2.7-alpha
Severity: Keywords:
Cc: Anmibe, nickm, Sebastian, arma, phobos, erinn Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by phobos)

After installing a tor relay with newest expert package Tor-0.2.2.9-alpha-i386-Bundle I wondered why tor is running as $USER, but not as tor.
I new user _tor is created and the group daemon exists as well.
A quick look at the script addsysuser gives a hint:
At least the lines 58 & 69 …

gid=niutil -readprop $ROOTPROP /groups/daemon gid
uiddef=nidump passwd / | cut -d: -f3 | sort -n | grep -v '!^[56789]..' |grep -v '!^....$' | tail -n 1

…can’t work properly (besides others) with Snowleopard since nituil and nidump doesn't exist anymore. As far as I know there are substituted by dscl.

[Automatically added by flyspray2trac: Operating System: OSX 10.6 Snow Leopard]

Child Tickets

Change History (14)

comment:1 Changed 9 years ago by Sebastian

ugh. I'd love to drop this package entirely, if we find a good way to
run a Tor daemon without requiring a user being logged in...

suggestions?

comment:2 Changed 9 years ago by Anmibe

hmm, looking at the list of relays, MacOS X relays are seldom, even concerning the rate of MacOS X in general. But most MacOS X machines aren't real servers and the users are normal users. For them installing a Tor relay is difficult to handle, the torrc is heavy stuff, since words like socks, port etc. are far beyond their scope. But even on these machines it could be useful to run a Tor relay, at least during daytime.

Anyhow I can be wrong but the install scripts are still from 2007 and it looks as if they need some refreshments.

1.) MacOS X has moved to launchd. Therefor we need a LaunchDaemon xml-file in /Library/LaunchDaemons which should in bash script as here document look alike:

#!/usr/bin/env bash

# other code

cat >> /Library/LaunchDaemons/org.torproject.tor.plist << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-AppleDTD PLIST 1.0EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>

<key>GroupName</key>
<string>daemon</string>
<key>Label</key>
<string>org.torproject.tor/</string>
<key>Program</key>
<string>/usr/bin/tor</string>
<key>ProgramArguments</key>
<array>

<string>/usr/bin/tor</string>
<string>--runasdaemon 1</string>

</array>
<key>RunAtLoad</key>
<true/>
<key>UserName</key>
<string>_tor</string>
<key>WorkingDirectory</key>
<string>/Library/Application Support/Tor</string>

</dict>
</plist>
EOF

# Ownership and permissions for the plist
sudo chown root:wheel /Library/LaunchDaemons/org.torproject.tor.plist
sudo chmod 0444 /Library/LaunchDaemons/org.torproject.tor.plist

return 0

I used here already the maclike working directory as proposed by me in #1275.

2.) No suggestions to nituil and nidump, since I don’t know the output to these programs.

comment:3 Changed 9 years ago by Anmibe

No edit in here?

Ok, the plist with masked tags:
&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;!DOCTYPE plist PUBLIC "-AppleDTD PLIST 1.0EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt;
&lt;plist version="1.0"&gt;
&lt;dict&gt;

&lt;key&gt;GroupName&lt;/key&gt;
&lt;string&gt;daemon&lt;/string&gt;
&lt;key&gt;Label&lt;/key&gt;
&lt;string&gt;org.torproject.tor/&lt;/string&gt;
&lt;key&gt;Program&lt;/key&gt;
&lt;string&gt;/usr/bin/tor&lt;/string&gt;
&lt;key&gt;ProgramArguments&lt;/key&gt;
&lt;array&gt;

&lt;string&gt;/usr/bin/tor&lt;/string&gt;
&lt;string&gt;--runasdaemon 1&lt;/string&gt;

&lt;/array&gt;
&lt;key&gt;RunAtLoad&lt;/key&gt;
&lt;true/&gt;
&lt;key&gt;UserName&lt;/key&gt;
&lt;string&gt;_tor&lt;/string&gt;
&lt;key&gt;WorkingDirectory&lt;/key&gt;
&lt;string&gt;/Library/Application Support/Tor&lt;/string&gt;

&lt;/dict&gt;
&lt;/plist&gt;

comment:4 Changed 9 years ago by phobos

Description: modified (diff)
Milestone: Tor: 0.2.2.x-final
Owner: set to phobos
Status: newaccepted

comment:5 Changed 9 years ago by phobos

Unfortunately, i think the answer is to run the vidalia bundle. OS X requires a gui anyway. If you want to run a tor relay from cli, you could also compile the source yourself.

I'll try to hack out a dscl vs. nidump/niutil fix into the expert installer. I'd rather just dump the mac installer and go with drag and drop altogether.

comment:6 Changed 9 years ago by arma

Doing triage: it looks like this might be a new bug to 0.2.2.x, so maybe we'll want to try to resolve it during the lifetime of 0.2.2. The best fix might be to drop support for expert bundles for osx altogether.

It shouldn't block the release candidate in any case.

comment:7 Changed 9 years ago by phobos

Owner: changed from phobos to erinn
Status: acceptedassigned

comment:8 Changed 9 years ago by erinn

I'd be perfectly happy to drop the expert bundle altogether. Are there any objections?

comment:9 Changed 9 years ago by Sebastian

Status: assignedneeds_review

I still think we should drop them. Branch remove-osx-expert-package in my repo removes everything from tor.git that still references the package. Erinn you should make sure that you have everything that gets removed here saved somewhere to put it into your build instructions repository (and we should indeed first make sure everything is already committed and pushed before we remove it here).

comment:10 Changed 9 years ago by Sebastian

Erinn, any comments?

comment:11 Changed 9 years ago by erinn

I will check this week to make sure and report back. (I do have everything saved.)

comment:12 Changed 9 years ago by arma

Sounds like a fine plan to me. Waiting on Erinn's report-back.

comment:13 Changed 9 years ago by erinn

Yep, remove it. All my stuff works without it.

comment:14 Changed 9 years ago by nickm

Resolution: Nonefixed
Status: needs_reviewclosed
Note: See TracTickets for help on using tickets.