Opened 3 years ago

Last modified 14 months ago

#17928 new enhancement

Warnings in syslog for wrong permissions on hidden service dir are misleading

Reported by: throwaway232344 Owned by:
Priority: Very Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.2.7.5
Severity: Trivial Keywords: tor-hs permissions chmod logging easy? usability
Cc: Actual Points:
Parent ID: Points: 2
Reviewer: Sponsor:

Description

I had the wrong permissions on my hidden service directory which caused the tor service to fail starting. Logging doesn't work when the permissions are not set properly, so I could only get info from the syslog. I see the following errors:

Dec 24 00:46:28 ArchLaptop tor[7297]: Dec 24 00:46:28.460 [notice] Read configuration file "/etc/tor/torrc".
Dec 24 00:46:28 ArchLaptop tor[7297]: Dec 24 00:46:28.465 [warn] Permissions on directory /home/merito/hidden_service/ are too permissive.
Dec 24 00:46:28 ArchLaptop tor[7297]: Dec 24 00:46:28.465 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Dec 24 00:46:28 ArchLaptop tor[7297]: Dec 24 00:46:28.465 [err] Reading config failed--see warnings above.
Dec 24 00:46:28 ArchLaptop systemd[1]: tor.service: Main process exited, code=exited, status=1/FAILURE

Maybe the log entry on the permissions for the directory should be of level err? A warning seems to suggest that this is acceptable, so I tried to find an issue in the parsing of the config, thinking there might be some kind of complicated problem with configuring rendezvous options.

Child Tickets

Change History (19)

comment:1 Changed 3 years ago by nickm

Milestone: Tor: 0.2.8.x-final

comment:2 Changed 3 years ago by nickm

Milestone: Tor: 0.2.8.x-finalTor: 0.2.9.x-final

It is impossible that we will fix all 226 currently open 028 tickets before 028 releases. Time to move some out. This is my second pass through the "new" and tickets, looking for things to move to 0.2.9.

comment:3 Changed 2 years ago by nickm

Points: small/medium

comment:4 Changed 2 years ago by dgoulet

Keywords: tor-hs added; logging permissions removed
Sponsor: SponsorR-can

comment:5 Changed 2 years ago by moosehadley

Status: newneeds_review

comment:6 Changed 2 years ago by nickm

Keywords: review-group-2 added

Create a review-group-2 from (most of the) tickets in 0.2.8 or 0.2.9 or 029-nickm-says-yes listed as needs_review,

comment:7 Changed 2 years ago by nickm

Keywords: review-group-2 removed
Status: needs_reviewnew

Wait, this doesn't belong in needs_review. There is no patch here.

comment:8 Changed 2 years ago by nickm

Points: small/medium2

small/medium => 2.

comment:9 Changed 2 years ago by dgoulet

Status: newneeds_information

This is a bit more complicated. The warning is a general one that is used for different purposes. So we can't really error because there is this mode where we can also auto fix it for you thus the warning makes sense in that case.

Ok, maybe we could do that for the hidden service directory actually, auto-fixing it. We would simply need to call check_private_dir without the CPD_CHECK_MODE_ONLY so once it realizes that the perms are incorrect, it could then go on and fix them to 0700.

Should we?

comment:10 Changed 2 years ago by isabela

Keywords: isaremoved added
Milestone: Tor: 0.2.9.x-finalTor: 0.2.???

comment:11 Changed 21 months ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:12 Changed 20 months ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:13 Changed 17 months ago by nickm

Status: needs_informationnew

I see nothing wrong with fixing the permissions here if we find them incorrect, rather than prompting the user to do so.

comment:14 Changed 15 months ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:15 Changed 15 months ago by nickm

Keywords: isaremoved removed

comment:16 Changed 15 months ago by dgoulet

Sponsor: SponsorR-can

comment:17 Changed 14 months ago by arma

I am a fan of auto fixing permissions when we would otherwise fail.

comment:18 Changed 14 months ago by nickm

Keywords: permissions chmod logging usability added

comment:19 Changed 14 months ago by nickm

Keywords: easy? added
Note: See TracTickets for help on using tickets.