configure tor and arm

You have a problem with Salix? Post here and we'll do what we can to help.
Post Reply
User avatar
jsfarinet
Posts: 305
Joined: 23. Nov 2014, 07:32

configure tor and arm

Post by jsfarinet »

I've running tor and i control it using arm (=anonymizing relay monitor , a command line tool to control tor).Now, when i run arm i'm getting this msg

Code: Select all

[ARM NOTICE] We were unable to us any of our system's resolvers to
get tor's connections. This is fine, but means that the conncetions
page will be empty. This is usually permission related so if you would
like to fix this then run arm with the same user as tor (ie., "sudo -u <tor
user> arm")
Now, effectively, if i do so, all is fine. But how could i do this "automatically"? I run arm as a fluxbox autostart program - but i do not know how to do a "sudo" within fluxbox/startup ? Or maybe, there is another workaround to start arm with the same rights as tor (which is started on boot ie. from root)?

TIA
Top
User avatar
gapan
Salix Wizard
Posts: 6362
Joined: 6. Jun 2009, 17:40

Re: configure tor and arm

Post by gapan »

You'll have to give more details about how arm is started right now. I don't know anything about it. I'm guessing you could stop starting it as root, and just start it the same way you're starting tor from fluxbox autostart.
Image
Image
Top
User avatar
jsfarinet
Posts: 305
Joined: 23. Nov 2014, 07:32

Re: configure tor and arm

Post by jsfarinet »

gapan wrote:You'll have to give more details about how arm is started right now. I don't know anything about it. I'm guessing you could stop starting it as root, and just start it the same way you're starting tor from fluxbox autostart.
Tor is started on boot (i.e. by root as i presume) from /etc/rc.d/rc.tor (it was automatically created during the installation of tor). As for now (and where/when i get the msg i posted before) is started by fluxbox startup:

Code: Select all

xterm -title TorControl -e arm & kdocker -i /usr/share/pixmaps/onion.png -n TorControl &
(to get it in the systray; i also configured it in fluxbox apps this way:

Code: Select all

[app] (title=TorControl)
  [Position]	(CENTER)	{0 0}
  [FocusHidden]	{yes}
  [Sticky]	{yes}
  [Minimized]	{yes}
  [Layer]	{2}
[end]
Top
User avatar
gapan
Salix Wizard
Posts: 6362
Joined: 6. Jun 2009, 17:40

Re: configure tor and arm

Post by gapan »

So, I'm guessing, if you want to stop tor from starting on boot, you just run:

Code: Select all

sudo service stop tor
and then only start it from fluxbox. Does tor need to be started as a service by the root user?
Image
Image
Top
User avatar
laprjns
Salix Warrior
Posts: 1113
Joined: 28. Aug 2009, 01:30
Location: Connecticut USA

Re: configure tor and arm

Post by laprjns »

If tor was installed using the slackbuild script (i.e sourcery or slapt-src) then when started with the rc script it runs as user "tor". The stock configuration script, torrc, installed in /etc/tor as part of the Slackbuild package has this as default.

Code: Select all

## On startup, setuid to this user and setgid to their primary group.
User tor
Both the user "tor" and group "tor" had to be created prior to building tor using the slackbuild script or it would have failed. So if tor was installed using the slackbuild script the the only way to start it is to used the service script (/etc/rc.d/rc.tor) or sudo.
“The past was erased, the erasure was forgotten, the lie became the truth.”
― George Orwell, 1984
Top
User avatar
jsfarinet
Posts: 305
Joined: 23. Nov 2014, 07:32

Re: configure tor and arm

Post by jsfarinet »

laprjns wrote:If tor was installed using the slackbuild script (i.e sourcery or slapt-src) then when started with the rc script it runs as user "tor". The stock configuration script, torrc, installed in /etc/tor as part of the Slackbuild package has this as default.

Code: Select all

## On startup, setuid to this user and setgid to their primary group.
User tor
Both the user "tor" and group "tor" had to be created prior to building tor using the slackbuild script or it would have failed. So if tor was installed using the slackbuild script the the only way to start it is to used the service script (/etc/rc.d/rc.tor) or sudo.
That's exactly what i did. Tor, user and group, are set (uid=220, gid=220) as the installation script advised. So, my question rather is: Is there a way to start in an "automatised" way 'arm' as the same user as tor? I don't know - i'm not knowledged enough, unfortunately :-( - if it's possible to trick around.

When i "ddg'ed" i found something like "runuser" which should be part of linux-utils (but in the slackware version obviously it does not exist (?) (In some distributions there are tools like "sux" or similar).

Or, is it possible (or is it ingenuous thinking) to create something like a user and a group "arm" whereto i can give then rights and access to tor (user&group)?
Top
User avatar
jsfarinet
Posts: 305
Joined: 23. Nov 2014, 07:32

Re: configure tor and arm

Post by jsfarinet »

An add-on:

In the related Readme is said:

Code: Select all

This script requires a 'tor' user/group to exist before running.
The recommended UID/GID is 220. You can create these like so:
  groupadd -g 220 tor
  useradd -u 220 -g 220 -c "The Onion Router" -d /dev/null -s /bin/false tor

You can pass another user/group to the script; this is however, less safe:
  TOR_USER=nobody TOR_GROUP=nogroup sh tor.SlackBuild
I tried out by building a user/group arm (UID/GID=230); i added then the user arm to the group tor but apparently to no extent. So, that seems to not be a way.

If, e.g. i'd set Tor_USER=<myusername> TOR_GROUP=<mygroup> i'd have tor running as me, correct? Would that create problems for other programs, to use tor? Not as long as the programs are started out of MY xsession, i presume (?). Is that correct thinking?

If so, that would be a viable solution as long as the computer is "NOT" a server or used by more than one user (a portable personal device), isn't it? But not for a desktop, which is used by more than one member (in an office, a family etc.pp.) . . .

TIA for your patience!
Top
User avatar
gapan
Salix Wizard
Posts: 6362
Joined: 6. Jun 2009, 17:40

Re: configure tor and arm

Post by gapan »

jsfarinet wrote:If, e.g. i'd set Tor_USER=<myusername> TOR_GROUP=<mygroup> i'd have tor running as me, correct? Would that create problems for other programs, to use tor? Not as long as the programs are started out of MY xsession, i presume (?). Is that correct thinking?
That should work.

Another option (probably better) is to run the arm command as the tor user with sudo:

Code: Select all

sudo -u tor arm
after you've allowed your user to run it without a password as user tor. To do that you can add this to your sudoers file (edit with visudo command)

Code: Select all

jsfarinet ALL=(tor) NOPASSWD: /usr/bin/arm
Image
Image
Top
User avatar
jsfarinet
Posts: 305
Joined: 23. Nov 2014, 07:32

Re: configure tor and arm

Post by jsfarinet »

gapan wrote:...

Another option (probably better) is to run the arm command as the tor user with sudo:

Code: Select all

sudo -u tor arm
after you've allowed your user to run it without a password as user tor. To do that you can add this to your sudoers file (edit with visudo command)

Code: Select all

jsfarinet ALL=(tor) NOPASSWD: /usr/bin/arm
Excellent idea!!!! Thanks i'll go immediately to try it out and report back the results!
Top
Post Reply

Return to “Problems”