Tor puts its authentication cookie at /var/lib/tor/data/control_auth_cookie, but this file is not readable to any users other than the tor user itself, not even to users in the tor group. Kinda defeats the purpose...
(In reply to Luke-Jr from comment #0) > Tor puts its authentication cookie at /var/lib/tor/data/control_auth_cookie, > but this file is not readable to any users other than the tor user itself, > not even to users in the tor group. Kinda defeats the purpose... All the files under /var/lib/data should only be readable by tor. Can you give steps to show what precisely is broken here?
Run any software that connects with Tor (eg, net-p2p/bitcoin-qt) as a normal user and it will fail because it can't read the control_auth_cookie file.
(In reply to Luke-Jr from comment #2) > Run any software that connects with Tor (eg, net-p2p/bitcoin-qt) as a normal > user and it will fail because it can't read the control_auth_cookie file. If you have line `User tor` in `/etc/tor/torrc` then tor will run as user tor and will be able to read that file which should belong to tor. bitcoin-qt (or any other program) should not try to read that file directly, but should connect to the tor process which *can* read that file. As for your test, I run programs (browsers) which connect to tor all the time and they work just fine. I'm thinking something is misconfigured on your end.
(In reply to Anthony Basile from comment #3) > If you have line `User tor` in `/etc/tor/torrc` then tor will run as user > tor and will be able to read that file which should belong to tor. > bitcoin-qt (or any other program) should not try to read that file directly, > but should connect to the tor process which *can* read that file. The entire purpose of the file, is to authenticate connections between Tor and other programs (which MUST read the file to connect). See section 5.1 of https://gitweb.torproject.org/torspec.git/tree/control-spec.txt > As for your test, I run programs (browsers) which connect to tor all the > time and they work just fine. I'm thinking something is misconfigured on > your end. This is mainly used for accepting incoming connections on hidden services (ie, running servers). Browsers typically only connect out (ie, as a client only).