Directory permission problem

Hello,

I am using Debian 13.3 and the latest version of Tor. I can’t verify the Tor configuration file using the root user:

root@Tor-VPN:/home/tor# tor --verify-config
Feb 18 16:36:31.026 [notice] Tor 0.4.9.5 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.5.4, Zlib 1.3.1, Liblzma 5.8.1, Libzstd 1.5.7 and Glibc 2.41 as libc.
Feb 18 16:36:31.026 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at Tor Browser best practices - Security - Tor Browser — Tor
Feb 18 16:36:31.026 [notice] Read configuration file “/etc/tor/torrc”.
Feb 18 16:36:31.031 [warn] /var/lib/tor is not owned by this user (root, 0) but by debian-tor (101). Perhaps you are running Tor as the wrong user?
Feb 18 16:36:31.031 [warn] Failed to parse/validate config: Couldn’t access private data directory “/var/lib/tor”
Feb 18 16:36:31.031 [err] Reading config failed–see warnings above.

root@Tor-VPN:/home/tor# ls -l /var/lib/tor
total 65216
-rw------- 1 debian-tor debian-tor 20442 Feb 18 02:18 cached-certs
-rw------- 1 debian-tor debian-tor 3501221 Feb 18 15:21 cached-microdesc-consensus
-rw------- 1 debian-tor debian-tor 62429561 Feb 18 08:48 cached-microdescs
-rw------- 1 debian-tor debian-tor 803876 Feb 18 15:22 cached-microdescs.new
drwx–S— 2 debian-tor debian-tor 4096 Feb 11 14:14 keys
-rw------- 1 debian-tor debian-tor 0 Feb 13 19:58 lock
-rw------- 1 debian-tor debian-tor 7137 Feb 18 16:23 state

I know that the reason is that the user debian-tor has permissions on the directory. Is this standard? What should I do if I change the configuration file and want to verify it while I am logged in as root or if I want to restart the Tor server?

Thanks.

Did you make sure to write all Tor directories to the root-user?

It’s a really bad idea to run Tor as root by the way.

On (re)starting the tor service, the tor program will check whether the configuration is sound, and throw error(s) if the config contains errors. By (re)starting the tor service (systemctl (re)start tor@default) you should be able to find out whether you configured tor correctly. Check systemd journal (journalctl -xeu tor@default) to see the exact problems if the former command reported any error.

Users with advanced knowledge might feel tempted to switch to debian-tor user to check, but it’s highly discouraged, because this debian-tor user is only supposed to be used by the tor service, and it requires changing system configurations that might damage system integrity and/or stability.