Running TOR on Centos 6

Darkness.su asked:

I’m the operator of the XMPP server on darkness.su.The server runs on Centos 6.

I installed TOR and configured it to provide a hidden service access to the server.It was working fine at first,but ever since an update a few months ago it started giving me these errors:

    799  May 25 14:19:37.060 [warn] Permissions on directory /var/lib/tor/hidden_service are too permissive.
  800  May 25 14:19:37.060 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
  801  May 25 14:19:37.060 [err] Reading config failed--see warnings above.

I tried to check the logs,but I can’t find them,and setting one doesn’t seem to work.I’ve tried removing TOR and wiping all its folder,then reinstalling it.Same thing.

I’m installing through yum from TOR Project’s repository.

With chmod 700 on the hidden service directory(owned by TOR):

Jul 24 21:39:05.573 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied
Jul 24 21:39:05.573 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Jul 24 21:39:05.573 [err] Reading config failed--see warnings above

After changing directory owner to root:

Jul 24 22:11:36.236 [warn] /var/lib/tor/hidden_service/ is not owned by this user (_tor, 496) but by root (0). Perhaps you are running Tor as the wrong user?
Jul 24 22:11:36.236 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Jul 24 22:11:36.236 [err] Reading config failed--see warnings above.

My answer:


You need to check three things:

  1. The file ownership should be correct.

    If you use Tor from torproject.org, this should be _tor. If you use Tor from EPEL or Fedora, this should be toranon.

    chown -R _tor:_tor /var/lib/tor
    

    or

    chown -R toranon:toranon /var/lib/tor
    
  2. The permissions should be correct.

    The hidden service directory must be readable only by the Tor user.

    find /var/lib/tor/hidden_service -type d | xargs chmod u+rwx,go=
    find /var/lib/tor/hidden_service -type f | xargs chmod u+rw,go=
    
  3. SELinux contexts must be set correctly. In recent releases of RHEL/CentOS, Tor has an SELinux policy applied to it.

    To fix broken SELinux labels:

    restorecon -r -v /var/lib/tor
    

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.