4

Context

When I try to install tor without sudo, using apt install tor Ubuntu 20.04 returns:

E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)
E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?

When I install it with sudo apt install tor it works.

When I try to run it without sudo, using tor start, it returns:

[warn] Command-line option 'start' with no value. Failing.
[err] Reading config failed--see warnings above.

When I run it with sudo, using sudo tor start, it works and returns:

[warn] You are running Tor as root. You don't need to, and you probably shouldn't.

Question

How can I ensure I am able to run tor without sudo? I think I should add permissions of the user-account to some group for tor, but I did not yet exactly find out how.

a.t.
  • 153
  • 5

2 Answers2

1

It's a normal error: the dpkg needs to obtain a global and system-wide lock to be sure that no installation process will mess one another, so they will be done in a serial way being run one by one. It's also true for any mainstream package manager like yum, rpm et cetera. It's OK to do a sudo for install: the installation script will create a separate isolated user for Tor and the config will drop the privileges just to it, so it's not a security hole at all

Alexey Vesnin
  • 6,385
  • 3
  • 15
  • 36
0

An effective solution was found by running:

sudo touch /etc/tor/torrc
sudo chmod 777 /etc/tor/torrc

This allowed tor to be ran without sudo.

Hidden Services

To also allow hidden services whilst running tor without sudo priviliges, I had to include:

sudo chmod 700 -R /var/lib/tor/
sudo chown -R "$normal_username" /var/lib/tor/

where $normal_username is the name of the user from which you want to run tor, e.g. the output of $(whoami).

An example of such a hidden service can be an onion domain to allow one to ssh into the device, where the onion domain for ssh is located in /var/lib/tor/ssh/hostname.

After this, you should be able to run tor without it throwing an error (assuming sudo tor worked before).

a.t.
  • 153
  • 5