Purpose: Tor obfs4 bridge privileged rights for job running as a non-root user
Source with instructions this is based on can be found here
Ocurring error:
Editing “/etc/systemd/system/tor@.service.d/override.conf” canceled: temporary file is empty
Statement causing the error:
sudo systemctl edit tor@.service tor@default.service
I solved the error, but could find anywhere what was causing the problem.
That is the reason I like to add it to this forum,
admitting my stupidity and to prevent others making the same mistake.
I hope it is not overdone.
It is a typical example of not readling closely, often referred to as: RTFM (Read The Fucking Manual)
Part of interest in the Page with instructions:
(Optional) Configure systemd to allow obfs4 binding on privileged ports.
What is more or less says is:If you decide to use a fixed obfs4 port smaller than 1024 (for example 80 or 443), you will need to configure systemd and give
obfs4 CAP_NET_BIND_SERVICE capabilities to bind the port with a non-root user, enter the command:sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
To work around systemd hardening, you will also need to edit and change the configuration.
In the editor, enter the following text, then save and quit.
[Service]
NoNewPrivileges=noIn the second editor that appears, enter the same text, then save and quit.
[Service]
NoNewPrivileges=no
While editing, you will get something like the screen presented below. (I did not include the complete file here, only the upper part.)
I added line numbers in the post for reference, they do not exist in the real file.
1 ### Editing /etc/systemd/system/tor@default.service.d/override.conf
2 ### Anything between here and the comment below will become the new contents of the file
3
4
5 ### Lines below this comment will be discarded
6
7 ### /lib/systemd/system/tor@default.service
8 # [Unit]
9 # Description=Anonymizing overlay network for TCP
10 # After=network-online.target nss-lookup.target
11 # PartOf=tor.service
12 # ReloadPropagatedFrom=tor.service
13 #
14 # [Service]
15 # Type=notify
16 # NotifyAccess=all
What I did, that what was causing the error, was uncommenting line 14 # [Service] and inserted a line below with:
NoNewPrivileges=no
When saving the file I’ll get the error as mentioned above.
When reading the upper 2 commented lines (line 1 and 2) more closely, I finally grasped the intention. (I know, stupid me)
Just put the lines you have to add beneath those 2 upper lines and save the file. That all you have to do.
After doing that it has to look like this (Again, I show only the upper part and left the line number out this time):
### Editing /etc/systemd/system/tor@default.service.d/override.conf
### Anything between here and the comment below will become the new contents of the file
[Service]
NoNewPrivileges=no
### Lines below this comment will be discarded
### /lib/systemd/system/tor@default.service
# [Unit]
# Description=Anonymizing overlay network for TCP
# After=network-online.target nss-lookup.target
# PartOf=tor.service
# ReloadPropagatedFrom=tor.service
#
# [Service]
# Type=notify
# NotifyAccess=all
That solved my problem. Headbanging my head against a wall.