Opened 6 months ago

Last modified 4 months ago

#29499 needs_information defect

permission error: nyx requires executable permission bit for `/var/lib/tor`

Reported by: cypherpunks Owned by:
Priority: Very Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.3.4.9
Severity: Minor Keywords: nyx
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Offending logs from strace:

stat("/var/lib/tor/control_auth_cookie", 0x7ffca7ba61f0) = -1 EACCES (Permission denied)
stat("/var/lib/tor/control_auth_cookie", 0x7ffca7ba61f0) = -1 EACCES (Permission denied)
write(1, "We were unable to read tor's aut"..., 176We were unable to read tor's authentication cookie...

  Path: /var/lib/tor/control_auth_cookie
  Issue: Authentication failed: '/var/lib/tor/control_auth_cookie' doesn't exist) = 176

Permissions on /var/lib/tor:
drwx------ 3 tor tor 4.0K Feb 14 17:04 tor

Permissions for cookie file:
-rw-r----- 1 tor tor 32 Feb 13 06:36 control_auth_cookie

A quick fix on the user part is to add the executable bit for group, but in general the cookie file should be accessible without the executable bit set so as long as the cookie file is configured to be readable by group (i.e. 'CookieAuthFileGroupReadable 1' written in /etc/tor/torrc).

Child Tickets

Change History (3)

comment:1 Changed 6 months ago by atagar

Component: - Select a componentCore Tor/Tor

I'm not spotting anything here that's nyx specific. Sending this over to the network team. The executable bit shouldn't matter - all that matters is that controller applications can read the cookie.

comment:2 Changed 6 months ago by nickm

I'm a little leery of making all of the DataDirectory group-readable automatically just because the control_auth_cookie was placed there. If you want it to be group-readable, maybe set DataDirectoryGroupReadable?

comment:3 Changed 4 months ago by nickm

Milestone: Tor: unspecified
Status: newneeds_information

Does that approach work for you?

Note: See TracTickets for help on using tickets.