Loading the Tor configuration file

Hello,
I created a tor configuration file named torrc2, but when I reboot the system only the main tor configuration file is loaded. Why?

Thank you.

       -f, --torrc-file FILE
           Specify a new configuration file to contain further Tor configuration options, or pass - to make Tor read its configuration from standard input.
           (Default: /etc/tor/torrc, or $HOME/.torrc if that file is not found.)

Hello,
Thank you so much for your reply.
I know I can load the file manually using tor -f --torrc-file, but I want it to be done automatically.

Did you take a look at tor-instance-create?

Hello,
Thank you so much for your reply.
I did:

# tor-instance-create tor2

And in the torrc file located in the /etc/tor/instances/tor2 directory, I added the following two lines.

DataDirectory /var/lib/tor2
Log notice file /var/log/tor/tor2.log

But I got the following error:

# systemctl start tor@tor2
Job for tor@tor2.service failed because the control process exited with error code.
See "systemctl status tor@tor2.service" and "journalctl -xeu tor@tor2.service" for details.

When I delete the two lines above, the error is resolved!
Why?

Thank you.

So have you run the two troubleshooting commands? Please post the output.

Hello,
Thank you so much for your reply.
The results of the commands are as follows:

# systemctl status tor@tor2.service
× tor@tor2.service - Anonymizing overlay network for TCP (instance tor2)
     Loaded: loaded (/lib/systemd/system/tor@.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Wed 2024-01-17 01:06:06 EST; 1min 0s ago
   Duration: 2min 39.278s
    Process: 614 ExecStartPre=/usr/bin/install -Z -m 02755 -o _tor-tor2 -g _tor-tor2 -d /run/tor-instances/tor2 (code=exited, status=0/SUCCESS)
    Process: 615 ExecStartPre=/bin/sed -e s/@@NAME@@/tor2/g; w /run/tor-instances/tor2.defaults /usr/share/tor/tor-service-defaults-torrc-instances (code=exited, status=0/SUCCESS)
    Process: 616 ExecStartPre=/usr/bin/tor --defaults-torrc /run/tor-instances/tor2.defaults -f /etc/tor/instances/tor2/torrc --verify-config (code=exited, status=1/FAILURE)
        CPU: 68ms

Jan 17 01:06:06 Original tor[616]: Jan 17 01:06:06.117 [warn] Directory /var/lib/tor2 cannot be read: Permission denied
Jan 17 01:06:06 Original tor[616]: Jan 17 01:06:06.117 [warn] Failed to parse/validate config: Couldn't access private data directory "/var/lib/tor2"
Jan 17 01:06:06 Original tor[616]: Jan 17 01:06:06.117 [err] Reading config failed--see warnings above.
Jan 17 01:06:06 Original systemd[1]: tor@tor2.service: Failed with result 'exit-code'.
Jan 17 01:06:06 Original systemd[1]: Failed to start tor@tor2.service - Anonymizing overlay network for TCP (instance tor2).
Jan 17 01:06:06 Original systemd[1]: tor@tor2.service: Scheduled restart job, restart counter is at 5.
Jan 17 01:06:06 Original systemd[1]: Stopped tor@tor2.service - Anonymizing overlay network for TCP (instance tor2).
Jan 17 01:06:06 Original systemd[1]: tor@tor2.service: Start request repeated too quickly.
Jan 17 01:06:06 Original systemd[1]: tor@tor2.service: Failed with result 'exit-code'.
Jan 17 01:06:06 Original systemd[1]: Failed to start tor@tor2.service - Anonymizing overlay network for TCP (instance tor2).

And:

# journalctl -xeu tor@tor2.service
░░ Subject: A stop job for unit tor@tor2.service has finished
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A stop job for unit tor@tor2.service has finished.
░░ 
░░ The job identifier is 1973 and the job result is done.
Jan 17 01:08:19 Original systemd[1]: tor@tor2.service: Start request repeated too quickly.
Jan 17 01:08:19 Original systemd[1]: tor@tor2.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ The unit tor@tor2.service has entered the 'failed' state with result 'exit-code'.
Jan 17 01:08:19 Original systemd[1]: Failed to start tor@tor2.service - Anonymizing overlay network for TCP (instance tor2).
░░ Subject: A start job for unit tor@tor2.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit tor@tor2.service has finished with a failure.
░░ 
░░ The job identifier is 1973 and the job result is failed.

The answer to this lies in the systemd file /usr/lib/systemd/system/tor@.service . Systemd creates those based on the instance you are running, so when you hardcode it in the config file you run into permission issues and conflicting settings against the systemd file.

Jan 17 01:06:06 Original tor[616]: Jan 17 01:06:06.117 [warn] Directory /var/lib/tor2 cannot be read: Permission denied
Jan 17 01:06:06 Original tor[616]: Jan 17 01:06:06.117 [warn] Failed to parse/validate config: Couldn't access private data directory "/var/lib/tor2"

What are the permissions and owner of /var/lib/tor2 ? According to the error messages, Tor cannot write to that directory.

Please adjust permissions and owner so they are the same as for /var/lib/tor.

Hello,
Thanks again.
The owner of the /var/lib/tor2 directory is root:

# ls -l /var/lib/tor2
total 27996
-rw------- 1 root root    18209 Jan  7 05:13 cached-certs
-rw------- 1 root root  2886065 Jan  9 06:36 cached-microdesc-consensus
-rw------- 1 root root 22758121 Jan  7 05:26 cached-microdescs
-rw------- 1 root root  2984442 Jan  9 06:36 cached-microdescs.new
drwx------ 2 root root     4096 Jan  7 05:13 keys
-rw------- 1 root root        0 Jan  9 06:36 lock
-rw------- 1 root root     5016 Jan  9 06:37 state

And the owner of the /var/lib/tor directory is root debian-tor:

# ls -l /var/lib/tor
total 32372
-rwx------ 1 root debian-tor    18209 Jan  7 03:23 cached-certs
-rw------- 1 root debian-tor  2836642 Jan 17 05:26 cached-microdesc-consensus
-rw------- 1 root debian-tor 24641472 Jan 15 00:55 cached-microdescs
-rw------- 1 root debian-tor  5627834 Jan 17 01:28 cached-microdescs.new
drwx--S--- 2 root debian-tor     4096 Jan  7 03:23 keys
-rwx------ 1 root debian-tor        0 Jan 17 01:08 lock
-rw------- 1 root debian-tor    10830 Jan 17 02:01 state

I changed the owner of /var/lib/tor2 to root debian-tor:

# chown -R root:debian-tor /var/lib/tor2
#
# ls -l /var/lib/tor2
total 27996
-rw------- 1 root debian-tor    18209 Jan  7 05:13 cached-certs
-rw------- 1 root debian-tor  2886065 Jan  9 06:36 cached-microdesc-consensus
-rw------- 1 root debian-tor 22758121 Jan  7 05:26 cached-microdescs
-rw------- 1 root debian-tor  2984442 Jan  9 06:36 cached-microdescs.new
drwx------ 2 root debian-tor     4096 Jan  7 05:13 keys
-rw------- 1 root debian-tor        0 Jan  9 06:36 lock
-rw------- 1 root debian-tor     5016 Jan  9 06:37 state

But, I got the following error:

# systemctl status tor@tor2.service
× tor@tor2.service - Anonymizing overlay network for TCP (instance tor2)
     Loaded: loaded (/lib/systemd/system/tor@.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Wed 2024-01-17 06:21:12 EST; 19s ago
   Duration: 2min 39.278s
    Process: 897 ExecStartPre=/usr/bin/install -Z -m 02755 -o _tor-tor2 -g _tor-tor2 -d /run/tor-instances/tor2 (code=exited, status=0/SUCCESS)
    Process: 898 ExecStartPre=/bin/sed -e s/@@NAME@@/tor2/g; w /run/tor-instances/tor2.defaults /usr/share/tor/tor-service-defaults-torrc-instances (code=exited, status=0/SUCCESS)
    Process: 899 ExecStartPre=/usr/bin/tor --defaults-torrc /run/tor-instances/tor2.defaults -f /etc/tor/instances/tor2/torrc --verify-config (code=exited, status=1/FAILURE)
        CPU: 69ms

Jan 17 06:21:12 Original systemd[1]: tor@tor2.service: Scheduled restart job, restart counter is at 5.
Jan 17 06:21:12 Original systemd[1]: Stopped tor@tor2.service - Anonymizing overlay network for TCP (instance tor2).
Jan 17 06:21:12 Original systemd[1]: tor@tor2.service: Start request repeated too quickly.
Jan 17 06:21:12 Original systemd[1]: tor@tor2.service: Failed with result 'exit-code'.
Jan 17 06:21:12 Original systemd[1]: Failed to start tor@tor2.service - Anonymizing overlay network for TCP (instance tor2).

Hello,
I checked the configuration file:

# tor -f /etc/tor/instances/tor2/torrc --verify-config
Jan 20 00:55:18.298 [notice] Tor 0.4.7.13 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.0.9, Zlib 1.2.13, Liblzma 5.4.1, Libzstd 1.5.4 and Glibc 2.36 as libc.
Jan 20 00:55:18.298 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Jan 20 00:55:18.298 [warn] Tor was compiled with zstd 1.5.2, but is running with zstd 1.5.4. For safety, we'll avoid using advanced zstd functionality.
Jan 20 00:55:18.298 [notice] Read configuration file "/etc/tor/instances/tor2/torrc".
Jan 20 00:55:18.301 [notice] You configured a non-loopback address '10.8.0.1:53530' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jan 20 00:55:18.301 [warn] You specified a public address '20.8.0.1:53530' for DNSPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Jan 20 00:55:18.301 [notice] You configured a non-loopback address '10.8.0.1:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jan 20 00:55:18.301 [warn] You specified a public address '20.8.0.1:9040' for TransPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Jan 20 00:55:18.307 [warn] You are running Tor as root. You don't need to, and you probably shouldn't.
Configuration was valid

What is wrong?

Dear hack3rcon,

1. upgrade your Tor to the latest version, there’s reason why.
2. can post your torrc + torrc2?

Hello,
Thank you so much for your reply.
Sure. The torrc is as follows:

Log notice file /var/log/tor/notices.log
SocksPort 127.0.0.1:9050
RunAsDaemon 1
DataDirectory /var/lib/tor

And the /etc/tor/instances/tor2/torrc is as follows:

+SocksPort auto

DataDirectory /var/lib/tor2
RunAsDaemon 1

VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1

DNSPort 10.8.0.1:53530
TransPort 10.8.0.1:9040

Log notice file /var/log/tor/tor2.log

DNSPort 20.8.0.1:53530
TransPort 20.8.0.1:9040

The problem is the following lines:

DataDirectory /var/lib/tor2
Log notice file /var/log/tor/tor2.log

I’d recommend removing the following lines from your torrc file altogether as systemd takes care of it for each instance.

User
DataDirectory
LogFile Location

Hello,
Thank you so much for your reply.
User?
If I delete the line about Log then how do I debug the Tor?

The log file isn’t necessary as all debug info is logged by systemd. you would just have to do “sudo journalctl -xeu tor@tor2.service | tail -60” to debug. The log file itself isn’t an issue so long as you are giving permissions to the correct user, which happens to be Tor-tor2. However what is definately getting your instance hung up is the fact that recursive tor instances are created based on /usr/lib/systemd/system/tor@.service if you look at the file systemd sets up the PID, Data Directory, run locations, and the user based on the instance, identified in the file at %i. Hopefully that helps you get it up and running.

Hello,
Thank you so much for your reply.
But, Log notice file /var/log/tor/tor2.log tells me what percentage Tor is loaded.

Yes, and journalctl will provide this as well. If your preference is to have a physical log file for notices it can remain, however you need to have a separate log directory for tor2 because the user is not going to be debian-tor, rather the user Tor-tor2 is created for the second tor instance and permissions need to be set appropriately when hard coding parameters in the torrc file for the second instance. I would create a directory at /var/log/tor2 and chown -R Tor-tor2:Tor-tor2 /var/log/tor2 and set that as the log notice directory in the torrc.

Correction on the user name, it should be _tor-tor2 as should the group.