I am using Debian 13.3 and the latest version of Tor. I can’t verify the Tor configuration file using the root user:
root@Tor-VPN:/home/tor# tor --verify-config
Feb 18 16:36:31.026 [notice] Tor 0.4.9.5 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.5.4, Zlib 1.3.1, Liblzma 5.8.1, Libzstd 1.5.7 and Glibc 2.41 as libc.
Feb 18 16:36:31.026 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at Tor Browser best practices - Security - Tor Browser — Tor
Feb 18 16:36:31.026 [notice] Read configuration file “/etc/tor/torrc”.
Feb 18 16:36:31.031 [warn] /var/lib/tor is not owned by this user (root, 0) but by debian-tor (101). Perhaps you are running Tor as the wrong user?
Feb 18 16:36:31.031 [warn] Failed to parse/validate config: Couldn’t access private data directory “/var/lib/tor”
Feb 18 16:36:31.031 [err] Reading config failed–see warnings above.
root@Tor-VPN:/home/tor# ls -l /var/lib/tor
total 65216
-rw------- 1 debian-tor debian-tor 20442 Feb 18 02:18 cached-certs
-rw------- 1 debian-tor debian-tor 3501221 Feb 18 15:21 cached-microdesc-consensus
-rw------- 1 debian-tor debian-tor 62429561 Feb 18 08:48 cached-microdescs
-rw------- 1 debian-tor debian-tor 803876 Feb 18 15:22 cached-microdescs.new
drwx–S— 2 debian-tor debian-tor 4096 Feb 11 14:14 keys
-rw------- 1 debian-tor debian-tor 0 Feb 13 19:58 lock
-rw------- 1 debian-tor debian-tor 7137 Feb 18 16:23 state
I know that the reason is that the user debian-tor has permissions on the directory. Is this standard? What should I do if I change the configuration file and want to verify it while I am logged in as root or if I want to restart the Tor server?
On (re)starting the tor service, the tor program will check whether the configuration is sound, and throw error(s) if the config contains errors. By (re)starting the tor service (systemctl (re)start tor@default) you should be able to find out whether you configured tor correctly. Check systemd journal (journalctl -xeu tor@default) to see the exact problems if the former command reported any error.
Users with advanced knowledge might feel tempted to switch to debian-tor user to check, but it’s highly discouraged, because this debian-tor user is only supposed to be used by the tor service, and it requires changing system configurations that might damage system integrity and/or stability.
# ls -la /usr/lib/systemd/system/tor*
-rw-r–r-- 1 root root 1068 Mar 25 23:33 /usr/lib/systemd/system/tor@default.service
-rw-r–r-- 1 root root 312 Mar 25 23:33 /usr/lib/systemd/system/tor.service
-rw-r–r-- 1 root root 1293 Mar 25 23:33 /usr/lib/systemd/system/tor@.service
# tor --version Tor version 0.4.9.6. This build of Tor is covered by the GNU General Public License (The GNU General Public License v3.0 - GNU Project - Free Software Foundation) Tor is running on Linux with Libevent 2.1.12-stable, OpenSSL 3.5.6, Zlib 1.3.1, Liblzma 5.8.1, Libzstd 1.5.7 and Glibc 2.41 as libc. Tor compiled with GCC version 14.2.0
# ls -l /var/lib/tor total 48652 -rw------- 1 debian-tor debian-tor 20442 Apr 5 09:12 cached-certs -rw------- 1 debian-tor debian-tor 3703783 May 6 12:38 cached-microdesc-consensus -rw------- 1 debian-tor debian-tor 39588922 May 6 12:46 cached-microdescs -rw------- 1 debian-tor debian-tor 6473835 May 6 12:46 cached-microdescs.new drwx–S— 2 debian-tor debian-tor 4096 Feb 11 14:14 keys -rw------- 1 debian-tor debian-tor 0 May 6 13:07 lock -rw------- 1 debian-tor debian-tor 17464 May 6 13:06 state
Please manage tor you installed in Debian with systemd unit name tor@default (i.e. restarting tor with systemctl restart tor@default). Tor installed on Debian systems have a multi-instance manager, allowing running multiple tor instances with different configurations. If you’re not using the multi-instance manager, you should just restart tor using tor@default.
Can’t tell what’s wrong from just one line. Please send more logs, if appropirate. Start from this line (or something similar):
Tor 0.4.9.6 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.5.5, Zlib 1.3.1, Liblzma 5.8.1, Libzstd 1.5.7 and Glibc 2.41 as libc.
# cat /var/log/tor/notices.log
May 09 09:11:54.000 [notice] Interrupt: exiting cleanly.
May 09 09:11:54.000 [notice] Tor 0.4.9.6 opening log file.
May 09 09:11:54.742 [notice] We compiled with OpenSSL 30500050: OpenSSL 3.5.5 27 Jan 2026 and we are running with OpenSSL 30500060: 3.5.6. These two versions should be binary compatible.
May 09 09:11:54.747 [notice] Tor 0.4.9.6 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.5.6, Zlib 1.3.1, Liblzma 5.8.1, Libzstd 1.5.7 and Glibc 2.41 as libc.
May 09 09:11:54.747 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at
May 09 09:11:54.747 [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
May 09 09:11:54.747 [notice] Read configuration file “/etc/tor/torrc”.
May 09 09:11:54.752 [notice] You configured a non-loopback address ‘172.20.2.54:9051’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
May 09 09:11:54.752 [notice] Opening Socks listener on 172.20.2.54:9051
May 09 09:11:54.752 [notice] Opened Socks listener connection (ready) on 172.20.2.54:9051
May 09 09:11:54.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
May 09 09:11:55.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
May 09 09:11:55.000 [notice] Set list of supported TLS groups to: ?*X25519MLKEM768 / ?SecP256r1MLKEM768 / *P-256:?X25519:P-224
May 09 09:11:55.000 [notice] Bootstrapped 0% (starting): Starting
May 09 09:11:56.000 [notice] Starting with guard context “default”
May 09 09:11:56.000 [notice] Signaled readiness to systemd