# Cannot read TOR's control_auth_cookie



## oitdmser (Jan 8, 2019)

Here's my situation. Been trying to us `nyx` to manage my TOR instance. Theoretically `nyx` only needs to be run as by a user that has group permissions to the tor group, on FreeBSD that appears to be _tor. My `/usr/local/etc/torrc` has the following lines included:


```
CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/db/tor/control_auth_cookie                  
DataDirectoryGroupReadable 1
```

My user is a member of the _tor group:

```
BSDTor:/var/db % id joe
uid=1002(joe) gid=1002(joe) groups=1002(joe),1003(sudo),256(_tor)
```

I run tor once:

```
Starting tor.
Jan 07 17:25:31.643 [notice] Tor 0.3.4.9 (git-4ac3ccf2863b86e7) running on FreeBSD with Libevent 2.1.8-stable, OpenSSL 1.1.1a-freebsd, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.5.
Jan 07 17:25:31.645 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jan 07 17:25:31.647 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Jan 07 17:25:31.738 [notice] Scheduler type KISTLite has been enabled.
Jan 07 17:25:31.739 [notice] You configured a non-loopback address '192.168.200.104:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jan 07 17:25:31.739 [notice] Opening Socks listener on 127.0.0.1:9050
Jan 07 17:25:31.740 [notice] Opening Control listener on 127.0.0.1:9051
Jan 07 17:25:31.740 [warn] Fixing permissions on directory /var/db/tor
```

When I try to run `nyx` I get the following error:

```
We were unable to read tor's authentication cookie...
  Path: /var/db/tor/control_auth_cookie
  Issue: Authentication failed: '/var/db/tor/control_auth_cookie' doesn't exist
```

But the cookie file exists and has group read permissions:

```
cd /var/db/tor
ls -la
-rw-------   1 _tor  _tor   1979270 Jan  7 16:44 cached-microdesc-consensus
-rw-------   1 _tor  _tor   3477070 Jan  4 12:01 cached-microdescs
-rw-------   1 _tor  _tor   1035916 Jan  7 16:44 cached-microdescs.new
-rw-r-----   1 _tor  _tor        32 Jan  7 17:48 control_auth_cookie
drwx------   2 _tor  _tor       512 Jan  4 11:31 keys
-rw-------   1 _tor  _tor         0 Jan  7 17:48 lock
-rw-------   1 _tor  _tor      3993 Jan  7 17:46 state
```

tor is not making the /var/db/tor directory group readable though:

```
master@BSDTor:/ % cd /var/db
master@BSDTor:/var/db % ls -la
drwxr-xr-x   2 root      wheel         512 Dec  6 19:09 ports
drwxr-xr-x   2 root      wheel         512 Dec  6 19:09 portsnap
-rw-r--r--   1 root      wheel     2097920 Dec  6 19:28 services.db
drwx--x--x   3 root      wheel         512 Dec 16 18:00 sudo
drwx------   3 _tor      _tor          512 Jan  7 17:31 tor
drwxr-xr-x   3 root      wheel         512 Dec  6 19:09 zfsd
master@BSDTor:/var/db %
```

If I `sudo chmod 750 /var/db/tor` `nyx` runs fine.

Question #1: Why can't `nyx` read the `control_auth_cookie` when it has read permissions? I seem to remember tor on Linux makes the data directory 700 but the control_auth_cookie 710 and nyx runs without error.

Question #2: Why is `tor` not making `/var/db/tor group` readable?


----------



## oitdmser (Jan 8, 2019)

As per This discussion for ZeroNet it appears I need `CacheDirectoryGroupReadable 1` not 
`DataDirectoryGroupReadable 1`. Switching both in /usr/local/etc/tor/torrc and restarting tor fixes the issue. 

As a FreeBSD noob I'm curious: What is different about FreeBSD that nyx needs/var/db/tor to be readable in order to run, when on Linux it only needed the file itself (not the directory) to be readable. Is there something different about how FreeBSD handles file requests?


----------

