edit a temporary copy of the torrc instead of the directly editing it.

Question

edit a temporary copy of the torrc instead of the directly editing it.

Closed this issue 2 years ago · 3 comments

Benefits:

not editing the main configuration directly is safer
verifying its config before running is safer
restarting/reloading the configuration only after verifying it is ok is safer to not make the tor daemon fail

To get a hold of what it does, see:

function safe_edit, will create a temporary copy of any file inside the temporary directory if writable
function verify_config_tor, only show warns and if wrong, exit without modifying the default torrc
function signal_tor the calls verify_config_tor and if ok, procede to signal tor to reload/restart.
usage of the temp file that will save its name as a variable and use it to reference on the script.

It also don't put the temp file back in place if there is no difference, using the cmp -s command. But I still signal tor either way because it is not only the torrc that could be changed, but also the files inside the tor data dir.

I think this can be done to TorBox when editing the torrc. It is like a vidoas/visudo but for the torrc through the advanced configuration editor.

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, performs basic validity checks, and checks for syntax errors before installing the edited file. If the sudoers file is currently being edited you will receive a message to try again later.

So the plan is the following:

Implement the above functions for every modification of the torrc through scripts, this will take some time but it is worth it.
Implement visudotor to save a temp file, modify it with the EDITOR, verify it, if ok save to default location and signal tor. It is almost the same as the above but includes the editor part.

Answer 1 · 2021-12-25T00:38:03.000Z

I created vitor now: https://github.com/nyxnor/onionjuggler/blob/main/bin/vitor, is is very tiny, less than 100 lines of code so there should be no problems. Also, it is portable so you should just need to save it to PATH (/usr/local/bin for example and all good).
It should be run as root using sudo or doas and you if you don't specify the file, it fallback tor /etc/tor/torrc. The tor_user must be specified (debian-tor for debian systems) if the User option is not contained in that configuration.
Vitor is just the editor part, the post above is still valid for other scripts that don't use the editor but sed the torrc for example.

Answer 2 · 2022-01-01T13:40:24.000Z

Wow, great tool!
I implemented it in the local copy of TorBox v.0.5.0 and it will be commited when I'm finished with the TFS integration.

Answer 3 · 2022-01-22T09:43:45.000Z

I changed vitor repo to be on its own as it does not have entirely to do with OnionJuggler and HiddenServices but with torrc on a whole.

https://github.com/nyxnor/vitor

Also made a lot of improvemens and fixes. Log messages are more helpful.