Opened 15 years ago

#198 closed defect (Not a bug)

Cannot run Tor as windows services

Reported by: mashizilla Owned by:
Priority: High Milestone:
Component: Tor - Tor Control Panel Version:
Severity: Keywords:
Cc: mashizilla, ePokruphos, edmanm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


When I uses TorCP setting tools to install Tor as windows service, it alerts message like this 'The Tor service failed to install'.

[Automatically added by flyspray2trac: Operating System: Windows 2k/XP]

Child Tickets

Change History (11)

comment:1 Changed 15 years ago by edmanm

Did you move your torrc into the same directory as your tor.exe? (TorCP doesn't do this for
you. Logically, it probably should, but it doesn't.)

Also, the ability to install (and maybe even control) Tor running as an NT Service
is slated to be removed in the next cut of TorCP, since this is slowly becoming
the non-recommended way to run Tor.

comment:2 Changed 15 years ago by ePokruphos

What is the rationale for the removal of this feature? Sorry, I haven't been following the mailinglist or anything =[

comment:3 Changed 15 years ago by edmanm

Note that I say that feature is likely to be removed from TorCP; I can't speak for Tor itself. But,
the developers of Tor do realize that running Tor as a service on Windows can be somewhat clunky to
install and may not be the best way to run Tor. This topic comes up from time to time in the IRC
channel or on or-talk, so I'll try to summarize some of the issues with running Tor as a service. If
you have a solution to these problems, the Tor developers would probably like to hear it. (and see
your submitted patch :)

For starters, currently the Tor service runs as SYSTEM, so if someone finds an exploitable bug
in Tor (remember Tor is still relatively new and under active development), that may make you
sad that you ran Tor as a service.

So why not just run the Tor service as LOCAL SERVICE? This is perhaps a little safer than running
as SYSTEM, but we still have a problem due to the fact that Tor-as-a-service looks in one folder for its
DataDirectory, but Tor-as-a-little-command-window looks in another since they run as two different
accounts. So, someone gets their Tor server working while running it as a normal console application
and is happy, but then they go to install Tor as a service and all of a sudden their server no longer
works since it has a new default DataDirectory and has generated a new identity key and the user is sad.

So why not just tell people to move the contents of their DataDirectory to the correct directory when
they want to run Tor as a service? This has been tried with a FAQ entry, but unfortunately the phrase
"move your torrc" still confuses lots of people. (and perhaps it's unreasonable to ask users to have to
do such a thing)

So why not just use "All Users\Application Data" as Tor's default DataDirectory? This means that
Tor-as-service and Tor-as-console-app can certainly share the same DataDirectory, but it also means
that any other user on the machine can also read and play with your Tor server's private keys which may
not be the sort of security you're looking for.

The easiest and perhaps safest solution to all of this mess is just to say that Windows users
should use a GUI controller that can run Tor as a normal, non-service application, but hide the little
console window so Windows users don't get angry. Unfortunately, at the moment this means that you
would have to use TorCP whether you liked it or not, but hopefully there will be some snazzy
submissions to Tor's GUI Competition so you can pick your favorite controller.

comment:4 Changed 15 years ago by ePokruphos

Thanks for that synopsis, Matt. While it may be relatively difficult (not really) to set up Tor as a Windows service, my main reason for using it was to automatically resurrect the process whenever it died (which is often at this stage in the code. Damn that WSAENOBUFS bug!) so I wouldn't have to babysit it all the time. Hopefully, my cumulative uptime on the network will be much longer now.

comment:5 Changed 15 years ago by edmanm

Could the original submitter please confirm if moving your torrc to the same directory as tor.exe
fixed your problem?

comment:6 Changed 15 years ago by edmanm

ePokruphos: Perhaps TorCP should (optionally) be attempting to restart Tor if if it dies, instead of just
showing you a tray icon indicating that it died and expecting a human to fix things? I'll think about
this some more, but it could be a good suggestion.

comment:7 Changed 15 years ago by edmanm

Could the original submitter please confirm if moving your torrc to the same directory as tor.exe
fixed your problem? Or if you found a different solution?

comment:8 Changed 15 years ago by ePokruphos

I came across another disconcerting problem for me. I've set my ORPort and
DirPort to certain ports in my torrc, but whenever TorCP is running, I believe
TorCP changes those ports to whatever is in its own configuration (defaults:
ORPort=9001, DirPort=9030). I believe I've confirmed this by looking at the
message log output. Now, that wouldn't be such an issue if I could edit TorCP's
config for the ORPort (it's grayed-out in the GUI). Unfortunately, I don't know
where that information is stored (registry?).

comment:9 Changed 15 years ago by edmanm

TorCP doesn't store any of "its own configuration"; it asks Tor (via the controller interface) what
Tor's configuration is.

What concerns me is that, if you indeed are running a server (i.e., have defined an ORPort
and Nickname), then those options shouldn't be grayed out in TorCP. Can you please make this
a new bug report so I can close this one because I suspect the original submitter's problem
has been solved.

comment:10 Changed 15 years ago by edmanm

Hm. I just tried this out and it worked fine (TorCP un-grayed the config options and Tor used the
correct ORPort and DirPort values I put in my torrc). Are you sure your Tor is using the right

comment:11 Changed 15 years ago by edmanm

flyspray2trac: bug closed.
I think the original submitter just hadn't moved his torrc to the same dir as his tor.exe. In any case, he hasn't responded to my requests for more info for a few weeks.

Note: See TracTickets for help on using tickets.