2

I installed Tor in Ubuntu 14.04 x64 and try to setup a hidden service via Apache virtual host (I know Apache is unsafe for hidden service, but I'm out of options). I'm confused with the folder permission. The hidden service is located at /var/wwwhidden. In /etc/tor/torrc config file, I have the following lines only:

HiddenServiceDir /var/wwwhidden
HiddenServicePort 80 127.0.0.1:8082

I created the folder /var/wwwhidden with the following permission:

drwxrwx---  2 debian-tor debian-tor 4096 May  4 19:13 wwwhidden

Then the log in /var/tor/tor/log tells:

May 05 11:23:48.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening log file.
May 05 11:23:48.000 [warn] Fixing permissions on directory /var/wwwhidden
May 05 11:23:48.000 [warn] Could not chmod directory /var/wwwhidden: Permission denied
May 05 11:23:48.000 [warn] Error loading rendezvous service keys
May 05 11:23:48.000 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying.

Then I try to chmod the folder to 700 drwx------, and restart the Tor service, the log then tells:

May 05 11:33:13.000 [notice] Tor 0.2.4.27 (git-412e3f7dc9c6c01a) opening log file.
May 05 11:33:13.000 [warn] Couldn't open "/var/wwwhidden/private_key.tmp" (/var/wwwhidden/private_key) for writing: Permission denied
May 05 11:33:13.000 [err] Couldn't write generated key to "/var/wwwhidden/private_key".
May 05 11:33:13.000 [warn] Error loading rendezvous service keys
May 05 11:33:13.000 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying.

What permission should I use & how can I make the Tor service (planned to run as service) to generate private_key and hostname ? Thanks.

Raptor
  • 123
  • 1
  • 5

1 Answers1

5

Tor should control the hidden service private key, it has nothing at all to do with the httpd so you shouldn't be putting the private key or setting the hidden service directory anywhere related to the httpd, e.g. inside /var/www

Instead use a folder like /var/lib/tor/hidden_service. This is inside a folder that tor already controls and can set the appropriate permission for. It is not required or desirable that the private key for the hidden service be readable by anything except the user the tor process is running as. Tor will generate both the private_key for you and then derive the hostname from it.

edit: as an aside, that's an oldish version of Tor you're running, you should probably consider following the guide to use the Tor Projects ubuntu repos, as ubuntu tends to ship outdated versions of Tor: https://www.torproject.org/docs/debian.html#ubuntu

cacahuatl
  • 11,047
  • 2
  • 17
  • 39