One disadvantage (or advantage in other terms) of using systemctl is the error message is too general. Usually Tor fails because there is corrupted torrc settings but it never says. It would be helpful if we can at least inform user it is some corrupted torrc setting that make Tor fails to start, like this:
sudo /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config ; echo $?
Mar 15 [notice] Tor 0.3.2.10 (git-0edaa32732ec8930) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd N/A.
Mar 15 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Mar 15 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Mar 15 [notice] Read configuration file "/etc/tor/torrc".
Mar 15 [warn] Failed to parse/validate config: Unknown option 'ds'. Failing.
Mar 15 [err] Reading config failed--see warnings above.
1
Sorry for the confusion. Above error is what I intentionally made by writing garbage in /etc/tor/torrc, so no worries.
sudo tor V.S. sudo -u debian-tor tor
There is a torrc option User which is in the torrc:
user@host:~$ cat /usr/share/tor/tor-service-defaults-torrc | grep User
User debian-tor
When User option is set, we can simply use sudo tor and tor will be run as debian-tor.
When User option is set, when we do sudo -u debian-tor tor, tor will fail to start and complain:
Mar 15 14:56:22.015 [warn] Error setting groups to gid 115: "Operation not permitted".
Mar 15 14:56:22.015 [warn] Tor is already running as debian-tor. You do not need the "User" option if you are already running as the user you want to be. (If you did not set the User option in your torrc, check whether it was specified on the command line by a startup script.)
Mar 15 14:56:22.015 [warn] Failed to parse/validate config: Problem with User value. See logs for details.
Mar 15 14:56:22.015 [err] Reading config failed--see warnings above.
Considering User debian-tor option is used by default in Whonix and Debian package, we may use sudo tor here.
Sorry for the confusion. Above error is what I intentionally made by writing garbage in /etc/tor/torrc, so no worries.
sudo tor V.S. sudo -u debian-tor tor
There is a torrc option User which is in the torrc:
user@host:~$ cat /usr/share/tor/tor-service-defaults-torrc | grep User
User debian-tor
When User option is set, we can simply use sudo tor and tor will be run as debian-tor.
When User option is set, when we do sudo -u debian-tor tor, tor will fail to start and complain:
Mar 15 14:56:22.015 [warn] Error setting groups to gid 115: "Operation not permitted".
Mar 15 14:56:22.015 [warn] Tor is already running as debian-tor. You do not need the "User" option if you are already running as the user you want to be. (If you did not set the User option in your torrc, check whether it was specified on the command line by a startup script.)
Mar 15 14:56:22.015 [warn] Failed to parse/validate config: Problem with User value. See logs for details.
Mar 15 14:56:22.015 [err] Reading config failed--see warnings above.
Considering User debian-tor option is used by default in Whonix and Debian package, we may use sudo tor here.
If we run under user debian-tor most likely we should run tor --verify-config without sudo user change?
Debian original cat /usr/share/tor/tor-service-defaults-torrc includes
User debian-tor
So I wouldn’t want to remove it from /usr/share/tor/tor-service-defaults-torrc.anondist. I would like to abolish /usr/share/tor/tor-service-defaults-torrc.anondist and go back to original /usr/share/tor/tor-service-defaults-torrc as soon as torrc.d is sorted.
To clarify, we assume user in Whonix will run Tor using sudo but under user, right? If so, there is no need to and we should not remove User debian-tor from default torrc because everything just works as expected.
To clarify, we assume user in Whonix will run Tor using sudo but under user, right? If so, there is no need to and we should not remove User debian-tor from default torrc because everything just works as expected.
Whonix runs Tor under systemd unit file by tor package with defaults
torrc by tor package. We don’t run Tor using sudo.
I would love to post a RFP. But I think anon-connection-wizard is not generic, robust, beautiful enough to get into Debian, currently. I will focus on the further improvement after Whonix 14 is released. And then do a RFP.
Yes! That is a secret desire of mine.
I totally agree.
I am not sure if it generic enough to be uploaded to Debian. But, well we have a goal now.
