Purpose: Tor obfs4 bridge privileged rights for job running as a non-root user
Source with instructions this is based on can be found here
Ocurring error:
Editing “/etc/systemd/system/tor@.service.d/override.conf” canceled: temporary file is empty
Statement producing the error: [code] ```
sudo systemctl edit tor@.service tor@default.service
Part of the instruction to be followed to achieve a non-root user can use privileged ports:
> (Optional) Configure systemd to allow obfs4 binding on privileged ports.
> What is more or less says is:
>
> If you decide to use a fixed obfs4 port smaller than 1024 (for example 80 or 443), you will need to configure systemd and give
> obfs4 CAP_NET_BIND_SERVICE capabilities to bind the port with a non-root user, enter the command:
>
> sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
>
> To work around systemd hardening, you will also need to edit and change the configuration.
While executing the command for editing, you will get something like the screen presented below. (I did not include the complete file here, only the upper part.)
The asterisks (*) are not part of it, they are meant to show the boundaries.
Neither are the line numbers, if put those in reference.
Running the command below gives are error when saving the editted file:
> 1 ### Editing /etc/systemd/system/tor@default.service.d/override.conf
> 2 ### Anything between here and the comment below will become the new contents of the file
> 3
> 4
> 5 ### Lines below this comment will be discarded
> 6
> 7 ### /lib/systemd/system/tor@default.service
> 8 # [Unit]
> 9 # Description=Anonymizing overlay network for TCP
> 10 # After=network-online.target nss-lookup.target
> 11 # PartOf=tor.service
> 12 # ReloadPropagatedFrom=tor.service
> 13 #
> 14 # [Service]
> 15 # Type=notify
> 16 # NotifyAccess=all
> The manual page says:
> In the editor, enter the following text, then save and quit.
> [Service]
> NoNewPrivileges=no
>
> In the second editor that appears, enter the same text, then save and quit.
> [Service]
> NoNewPrivileges=no
What I did, that what was causing the error, was uncommenting line 14 # [Service] and inserted a line below with:
NoNewPrivileges=no
Then I'll get the error like mentioned above, when trying to save the file.
When reading the upper 2 commented lines (line 1 and 2) closely, where it starts with 1 "### Editing /etc/"
I finally grasped the intention. (I know, stupid me)
Just put the lines you have to add beneath those 2 upper lines and save the file. That all you have to do.
After doing that has to look like this (Again, I show only the upper part and left the line number out this time):
### Editing /etc/systemd/system/tor@default.service.d/override.conf
### Anything between here and the comment below will become the new contents of the file
[Service]
NoNewPrivileges=no
### Lines below this comment will be discarded
### /lib/systemd/system/tor@default.service
# [Unit]
# Description=Anonymizing overlay network for TCP
# After=network-online.target nss-lookup.target
# PartOf=tor.service
# ReloadPropagatedFrom=tor.service
#
# [Service]
# Type=notify
# NotifyAccess=all