[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Tor error: Your Tor config file contains at least one error. - /var/lib/tor/.tor cannot be read: Permission denied

Hello,

I’ve just made a new TCP proxyVM using this guide ‘‘https://www.qubes-os.org/doc/vpn/’’. I’m on Qubes 3.2 with whonix 14.

This is the terminal ‘‘whonixcheck’’ results:

user@host:~$ whonixcheck
[INFO] [whonixcheck] sys-whonix | Whonix-Gateway | whonix-gw-14 TemplateBased ProxyVM | Wed Oct 24 16:59:36 UTC 2018
[ERROR] [whonixcheck] Tor Config Check Result:
Your Tor config file contains at least one error.

(Tor exit code: 1)

Tor concise reports (below warns and errors must be fixed before you can use Tor):
Oct 24 16:59:38.898 [warn] Directory /var/lib/tor/.tor cannot be read: Permission denied
Oct 24 16:59:38.898 [warn] Failed to parse/validate config: Couldn’t access private data directory “/var/lib/tor/.tor”
Oct 24 16:59:38.898 [err] Reading config failed–see warnings above.

Tor full reports:
Oct 24 16:59:38.895 [notice] Tor 0.3.4.8 (git-5da0e95e4871a0a1) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
Oct 24 16:59:38.895 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 24 16:59:38.895 [notice] Read configuration file “/etc/tor/torrc”.
Oct 24 16:59:38.898 [warn] Directory /var/lib/tor/.tor cannot be read: Permission denied
Oct 24 16:59:38.898 [warn] Failed to parse/validate config: Couldn’t access private data directory “/var/lib/tor/.tor”
Oct 24 16:59:38.898 [err] Reading config failed–see warnings above.

Try to look at this report yourself by running.

dom0 -> Start Menu -> ServiceVM: sys-whonix -> Terminal

sudo -u debian-tor tor --verify-config

To try to fix this, please open your Tor config file.

dom0 -> Start Menu -> ServiceVM: sys-whonix -> Torrc                                                                                                                                        
or in Terminal: sudo nano /usr/local/etc/torrc.d/50_user.conf

Please restart Tor after fixing this error.

dom0 -> Start Menu -> ServiceVM: sys-whonix -> Restart Tor
or in Terminal: sudo service tor@default restart

Restart whonixcheck after fixing this error.

dom0 -> Start Menu -> ServiceVM: sys-whonix -> Whonix Check
or in Terminal: whonixcheck

If you know what you are doing, feel free to disable this check.
Create a file /etc/whonix.d/50_whonixcheck_user.conf and add:
whonixcheck_skip_functions+=" check_tor_config "

Hi zerop

A few questions.

  • You are using bridges? Did you recnetly chance your bridge configuration in your torcc?

  • Have you been able to connect just using your VPN?

  • Have you tried connecting just using bridges?

  1. Take the VPN out of the equation. Then focus on connecting with your bridge.

  2. After connecting with bridges, Try with VPN.

Once again, IMO not benefit to using both VPN and bridges in first 2 hops.

Note: If any other changes have been made to your system it would be helpfull to know.

1 Like

@patrick

This seams to be when upgrading Whonix 13 to 14. I’ll have to restore a whonix 13 image from backup and upgrade to 14. See if I can reproduce.

Realted:

1 Like

Hi 0brand,

  1. I have done some changes to my bridge before, I used this guide: www.whonix.org/wiki/bridges
    Also I have added a command line into my torrc once and later removed it. I don’t remember what exacly I had typed, but it was something like ‘‘Network 0’’. I later removed the command from my torrc file.

  2. Connecting only using a VPN have been working since I made a new proxy VM with TCP. It has been working without any problems since yesterday. Sys-net -> sys-firewall -> VPN -> AppVM. Whonix has not been working so it’s not in the equation.

  3. I have not tried just using bridges, would that be testing my internet connection with sys-whonix only without VPN? I made a new appVM connected to sys-whonix that is connected to my firewall. I had no internet access during this testing.

The reason I use VPN and bridges is because I want the bridge to hide the fact that I am using tor.

Yes, I did upgrade my whonix from 13 to 14. I’m going to follow up the ‘‘https://www.whonix.org/wiki/Tor#Permissions_Fix’’ guide and see if it solves my issue.

Edit: I tried following the guide, but I ran into an error very early. Here is my terminal:

user@host:~$ sudo chown --recursive debian-tor:debian-tor /var/run/tor
user@host:~$ sudo service tor@default restart
Job for tor@default.service failed because the control process exited with error code.
See "systemctl status tor@default.service" and "journalctl -xe" for details.
user@host:~$ anon-verify
/===================================================================\
|                      Report Summary                               |
\===================================================================/
Your Tor config files contain at least one error.
Tor verify exit code: 1
/===================================================================\
|                    Tor Concise Report                             |
\===================================================================/
Below warns and errors must be fixed before you can use Tor:
Oct 25 12:35:07.460 [warn] Directory /var/lib/tor cannot be read: Permission denied
Oct 25 12:35:07.460 [warn] Failed to parse/validate config: Couldn't access private data directory "/var/lib/tor"
Oct 25 12:35:07.460 [err] Reading config failed--see warnings above.
/===================================================================\
|                      Tor Full Report                              |
\===================================================================/
Oct 25 12:35:07.455 [notice] Tor 0.3.4.8 (git-5da0e95e4871a0a1) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
Oct 25 12:35:07.455 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 25 12:35:07.455 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".                                                                                               
Oct 25 12:35:07.455 [notice] Read configuration file "/etc/tor/torrc".                                                                                                                          
Oct 25 12:35:07.459 [notice] You configured a non-loopback address 'X' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.                                                                                                                                                                                
Oct 25 12:35:07.459 [notice] You configured a non-loopback address 'X' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.                                                                                                                                                                              
Oct 25 12:35:07.460 [warn] Directory /var/lib/tor cannot be read: Permission denied                                                                                                             
Oct 25 12:35:07.460 [warn] Failed to parse/validate config: Couldn't access private data directory "/var/lib/tor"
Oct 25 12:35:07.460 [err] Reading config failed--see warnings above.
/===================================================================\
|                 Used Tor Configuration Files                      |
\===================================================================/
5 files are used as Tor configuration files: 
/usr/share/tor/tor-service-defaults-torrc /etc/tor/torrc /etc/torrc.d/95_whonix.conf /usr/local/etc/torrc.d/40_tor_control_panel.conf /usr/local/etc/torrc.d/50_user.conf
=====================================================================

It all seems to get down to that I have an error in one of my Tor config files. Can I reset them to solve this issue, or should I maybe try to open all config files with nano and paste the content in here?

Yes

There is no reason to use both bridges and VPN. Arbitrarily increasing tunnel length by increasing the number of hops i.e adding more Tor relays, VPN tunnels. proxyies - will not strengthen anonymity or make it more difficult for your ISP to see that you are using Tor. One method used to do this is Deep Packet Inspection DPI. If your goal is to hid that fact you are using Tor go with bridges.

Could you please post your torrc. Make sure to redact your bridge IPs and any sensitive information. Its possible there could be 2 issues here. It could be mistake in your torrc and “Directory /var/lib/tor/.tor cannot be read: Permission denied” issue

In sys-whonix konsole, run.

cat /usr/local/etc/torrc.d/50_user.conf

HI zerop

Looks like the issue was solved?

https://forums.whonix.org/t/tor-cant-start-after-qubes-whonix-templates-reinstall-warn-directory-var-lib-tor-tor-cannot-be-read-permission-denied/6202/14

user@host:~$ cat /usr/local/etc/torrc.d/50_user.conf
# Tor user specific configuration file
#
# Add user modifications below this line:
############################################



user@host:~$ 

Like you said it should be IPs and more info in the config file, but it’s completly empty :frowning:

sudo chown --recursive debian-tor:debian-tor /var/lib/tor

Should I type this in my sys-whonix? copied from the other thread.

zerop:

sudo chown --recursive debian-tor:debian-tor /var/lib/tor

Should I type this in my sys-whonix?

Yes. ( https://www.whonix.org/wiki/Tor#Permissions_Fix )

Hi Patrick,

Sorry for late reply. I have been busy with private issues.

Anyways; I ran the last command and ran into this issue instead:

user@host:~$ sudo whonixcheck
[INFO] [whonixcheck] sys-whonix | Whonix-Gateway | whonix-gw-14 TemplateBased ProxyVM | Sat Nov  3 21:26:36 UTC 2018
[ERROR] [whonixcheck] Tor Pid Check Result:
Tor not running. (tor_pid_message: Pid file /var/run/tor/tor.pid does not exist.)

You have to fix this error, before you can use Tor.

Please restart Tor after fixing this error.

   dom0 -> Start Menu -> ServiceVM: sys-whonix -> Restart Tor
    or in Terminal: sudo service tor@default restart

Restart whonixcheck after fixing this error.

   dom0 -> Start Menu -> ServiceVM: sys-whonix -> Whonix Check
    or in Terminal: whonixcheck

Still can’t connect to tor :confused:

Here is my results from running a:

sudo service tor@default status

user@host:~$ sudo service tor@default status
● tor@default.service - Anonymizing overlay network for TCP
   Loaded: loaded (/lib/systemd/system/tor@default.service; static; vendor preset: enabled)
  Drop-In: /lib/systemd/system/tor@default.service.d
           └─30_qubes.conf, 40_obfs4proxy-workaround.conf, 40_qubes.conf, 50_controlsocket-workaround.conf
        /etc/systemd/system/tor@default.service.d
           └─override.conf
   Active: failed (Result: exit-code) since Thu 2018-10-25 12:34:50 UTC; 1 weeks 2 days ago
  Process: 20315 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, status=1/FAILURE)
  Process: 20313 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /var/run/tor (code=exited, status=0/SUCCESS)

Oct 25 12:34:49 host systemd[1]: tor@default.service: Control process exited, code=exited status=1
Oct 25 12:34:49 host systemd[1]: Failed to start Anonymizing overlay network for TCP.
Oct 25 12:34:49 host systemd[1]: tor@default.service: Unit entered failed state.
Oct 25 12:34:49 host systemd[1]: tor@default.service: Failed with result 'exit-code'.
Oct 25 12:34:50 host systemd[1]: tor@default.service: Service hold-off time over, scheduling restart.
Oct 25 12:34:50 host systemd[1]: Stopped Anonymizing overlay network for TCP.
Oct 25 12:34:50 host systemd[1]: tor@default.service: Start request repeated too quickly.
Oct 25 12:34:50 host systemd[1]: Failed to start Anonymizing overlay network for TCP.
Oct 25 12:34:50 host systemd[1]: tor@default.service: Unit entered failed state.
Oct 25 12:34:50 host systemd[1]: tor@default.service: Failed with result 'exit-code'.

Hi zerop

Can you please run these commands . Run both in sys-whonix konsole.

anon-verify …Any errors?

sudo ls -l /var/lib/tor

1 Like

Hi brand,

No error running the anon-verify command:

user@host:~$ anon-verify
/===================================================================\
|                      Report Summary                               |
\===================================================================/
No error detected in your Tor configuration.
Tor verify exit code: 0
/===================================================================\
|                      Tor Full Report                              |
\===================================================================/
Nov 04 00:02:26.741 [notice] Tor 0.3.4.8 (git-5da0e95e4871a0a1) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
Nov 04 00:02:26.741 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 04 00:02:26.741 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Nov 04 00:02:26.741 [notice] Read configuration file "/etc/tor/torrc".
Nov 04 00:02:26.745 [notice] You configured a non-loopback address '10.137.3.1:5300' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Nov 04 00:02:26.745 [notice] You configured a non-loopback address '10.137.3.1:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Configuration was valid
/===================================================================\
|                 Used Tor Configuration Files                      |
\===================================================================/
5 files are used as Tor configuration files: 
/usr/share/tor/tor-service-defaults-torrc /etc/tor/torrc /etc/torrc.d/95_whonix.conf /usr/local/etc/torrc.d/40_tor_control_panel.conf /usr/local/etc/torrc.d/50_user.conf
=====================================================================

And this is the results from ‘‘sudo ls -l /var/lib/tor’’

user@host:~$ sudo ls -l /var/lib/tor
total 7540
-rw------- 1 debian-tor debian-tor   20442 Oct 19 13:20 cached-certs
-rw------- 1 debian-tor debian-tor 2039492 Oct 23 19:35 cached-microdesc-consensus
-rw------- 1 debian-tor debian-tor 5320714 Oct 22 20:23 cached-microdescs
-rw------- 1 debian-tor debian-tor  324899 Oct 23 19:57 cached-microdescs.new
-rw------- 1 debian-tor debian-tor       0 Oct 23 20:16 lock
-rw------- 1 debian-tor debian-tor    6815 Oct 23 20:33 state

Could you please check Tor’s log as per https://www.whonix.org/wiki/Tor#Log_Analysis?

Hi Patrick,

I try to run all three commands. But my logs are completly empty; when trying to run ‘‘sudo tail -f /var/run/tor/log’’ I get:

tail: cannot open ‘/var/run/tor/log’ for reading: No such file or directory
tail: no files remaining

The first two commands just gives me empty logs.

My issue might have been solved with a sudo service tor@default restart.

It told me I had a connection with tor, running a restart and then whonixcheck. I am updating my whonix gw-14 and will check if it’s working!

All my previous issues are now solved!

I wanna thank you both Brand and Patrick. You’re doing an amazing work and I really do appreciate all time you’ve spent helping me out.

I do still have an issue and I hope you can continue assisting me; I’ll make a new thread about it.

^ I hope this won’t be causing issues in future such as when user/group changes from debian-tor to something else (very unlikely?) or when advanced users change user/group ownership for some reason (very unlikely?). //cc @HulaHoop

Unlikely but best to keep group name configurable (if easy to do) in case a need arises.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]