Page 1 of 1
configure tor and arm
Posted: 8. Jan 2015, 21:16
by jsfarinet
I've running tor and i control it using arm (=anonymizing relay monitor , a command line tool to control tor).Now, when i run arm i'm getting this msg
Code: Select all
[ARM NOTICE] We were unable to us any of our system's resolvers to
get tor's connections. This is fine, but means that the conncetions
page will be empty. This is usually permission related so if you would
like to fix this then run arm with the same user as tor (ie., "sudo -u <tor
user> arm")
Now, effectively, if i do so, all is fine. But how could i do this "automatically"? I run arm as a fluxbox autostart program - but i do not know how to do a "sudo" within fluxbox/startup ? Or maybe, there is another workaround to start arm with the same rights as tor (which is started on boot ie. from root)?
TIA
Re: configure tor and arm
Posted: 8. Jan 2015, 21:41
by gapan
You'll have to give more details about how arm is started right now. I don't know anything about it. I'm guessing you could stop starting it as root, and just start it the same way you're starting tor from fluxbox autostart.
Re: configure tor and arm
Posted: 8. Jan 2015, 23:50
by jsfarinet
gapan wrote:You'll have to give more details about how arm is started right now. I don't know anything about it. I'm guessing you could stop starting it as root, and just start it the same way you're starting tor from fluxbox autostart.
Tor is started on boot (i.e. by root as i presume) from /etc/rc.d/rc.tor (it was automatically created during the installation of tor). As for now (and where/when i get the msg i posted before) is started by fluxbox startup:
Code: Select all
xterm -title TorControl -e arm & kdocker -i /usr/share/pixmaps/onion.png -n TorControl &
(to get it in the systray; i also configured it in fluxbox apps this way:
Code: Select all
[app] (title=TorControl)
[Position] (CENTER) {0 0}
[FocusHidden] {yes}
[Sticky] {yes}
[Minimized] {yes}
[Layer] {2}
[end]
Re: configure tor and arm
Posted: 9. Jan 2015, 00:08
by gapan
So, I'm guessing, if you want to stop tor from starting on boot, you just run:
and then only start it from fluxbox. Does tor need to be started as a service by the root user?
Re: configure tor and arm
Posted: 9. Jan 2015, 01:04
by laprjns
If tor was installed using the slackbuild script (i.e sourcery or slapt-src) then when started with the rc script it runs as user "tor". The stock configuration script, torrc, installed in /etc/tor as part of the Slackbuild package has this as default.
Code: Select all
## On startup, setuid to this user and setgid to their primary group.
User tor
Both the user "tor" and group "tor" had to be created prior to building tor using the slackbuild script or it would have failed. So if tor was installed using the slackbuild script the the only way to start it is to used the service script (/etc/rc.d/rc.tor) or sudo.
Re: configure tor and arm
Posted: 9. Jan 2015, 08:31
by jsfarinet
laprjns wrote:If tor was installed using the slackbuild script (i.e sourcery or slapt-src) then when started with the rc script it runs as user "tor". The stock configuration script, torrc, installed in /etc/tor as part of the Slackbuild package has this as default.
Code: Select all
## On startup, setuid to this user and setgid to their primary group.
User tor
Both the user "tor" and group "tor" had to be created prior to building tor using the slackbuild script or it would have failed. So if tor was installed using the slackbuild script the the only way to start it is to used the service script (/etc/rc.d/rc.tor) or sudo.
That's exactly what i did. Tor, user and group, are set (uid=220, gid=220) as the installation script advised. So, my question rather is: Is there a way to start in an "automatised" way 'arm' as the same user as tor? I don't know - i'm not knowledged enough, unfortunately
- if it's possible to trick around.
When i "ddg'ed" i found something like "runuser" which should be part of linux-utils (but in the slackware version obviously it does not exist (?) (In some distributions there are tools like "sux" or similar).
Or, is it possible (or is it ingenuous thinking) to create something like a user and a group "arm" whereto i can give then rights and access to tor (user&group)?
Re: configure tor and arm
Posted: 9. Jan 2015, 09:09
by jsfarinet
An add-on:
In the related Readme is said:
Code: Select all
This script requires a 'tor' user/group to exist before running.
The recommended UID/GID is 220. You can create these like so:
groupadd -g 220 tor
useradd -u 220 -g 220 -c "The Onion Router" -d /dev/null -s /bin/false tor
You can pass another user/group to the script; this is however, less safe:
TOR_USER=nobody TOR_GROUP=nogroup sh tor.SlackBuild
I tried out by building a user/group arm (UID/GID=230); i added then the user arm to the group tor but apparently to no extent. So, that seems to not be a way.
If, e.g. i'd set Tor_USER=<myusername> TOR_GROUP=<mygroup> i'd have tor running as me, correct? Would that create problems for other programs, to use tor? Not as long as the programs are started out of MY xsession, i presume (?). Is that correct thinking?
If so, that would be a viable solution as long as the computer is "NOT" a server or used by more than one user (a portable personal device), isn't it? But not for a desktop, which is used by more than one member (in an office, a family etc.pp.) . . .
TIA for your patience!
Re: configure tor and arm
Posted: 9. Jan 2015, 11:57
by gapan
jsfarinet wrote:If, e.g. i'd set Tor_USER=<myusername> TOR_GROUP=<mygroup> i'd have tor running as me, correct? Would that create problems for other programs, to use tor? Not as long as the programs are started out of MY xsession, i presume (?). Is that correct thinking?
That should work.
Another option (probably better) is to run the arm command as the tor user with sudo:
after you've allowed your user to run it without a password as user tor. To do that you can add this to your sudoers file (edit with visudo command)
Code: Select all
jsfarinet ALL=(tor) NOPASSWD: /usr/bin/arm
Re: configure tor and arm
Posted: 9. Jan 2015, 19:56
by jsfarinet
gapan wrote:...
Another option (probably better) is to run the arm command as the tor user with sudo:
after you've allowed your user to run it without a password as user tor. To do that you can add this to your sudoers file (edit with visudo command)
Code: Select all
jsfarinet ALL=(tor) NOPASSWD: /usr/bin/arm
Excellent idea!!!! Thanks i'll go immediately to try it out and report back the results!