I want to move ownership of my running relay from root to a user with less privilege but don’t know what packages to chown. Is there a simple way to do this or do I have to track down multiple folders and files?
If I miss some will that break the relay?
Any advice, pls?
1 Like
What instructions did you use to deploy your Tor relay?
Hi,
Yeah, sorry, that would have been helpful and my system details:
It’s a vps running Debian 11. I used the instructions here:
including those found here - (from the link in the above):
so it updates automatically.
1 Like
As far as I am aware, you only have /etc/tor to deal with.
Thanks @FranklyFlawless ,
Yeah, I guess it doesn’t matter who ‘owns’ things like /var/log/tor and the torrc file. Different ownership shouldn’t make any difference to the running of the relay . . . right?
So long as the torrc file exists Tor will read configurations from it and it will send logs to the log file, ownership irrelevant. . .
1 Like
By default debian-tor is the user running Tor. It’s not a privileged account. The folders it needs access are /var/lib/tor and if you set a log file /var/log/tor. /etc/Tor is owned by root, but that’s fine because systemd starts Tor at boot.
1 Like
Thanks @sunshinecowboy and sorry for lateness of reply,
So Tor’s fine. This is just a matter of whether I login with: ssh root@<ip_address> or ssh user@<ip_address> .
logging in as root is poor practice but doesn’t effect Tor.
I have to admit I’ve not been able to see the fuss. We all know, ‘you should login and run apps at the lowest level of privilege you need to and escalate only if necessary’. But in this use case; running nothing but Tor on the server, there’s no difference.
To get everything an attacker can attack the OS, Tor, ssh or the passphrase. Makes no difference if I use root or a user account.
So I can mark this as solved . . ?
1 Like
Yes, if you correctly setup Tor as a systemd service debian-tor will be the default user unless you specify otherwise in your torrc file. If you do ‘sudo ls -l /var/lib’ you should find that debian-tor is the owner of the subdirectory ‘tor’. This is done by default when Tor is initially installed. If you run Tor with another user you would have to change ownership of the directory, but you wouldn’t as root. As mentioned you should avoid running processes as root. The reasoning behind this is that if an attacker found a potential vulnerability in the application they could use it as a vector to compromise the rest of your system.
2 Likes
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.