Sudo/root permissions not being accepted for access to /usr/local/share/tor-browser

[Priest_Apostate]

Currently attempting to install Tor to my Rocky Linux 9 system with the directions listed here, and here.
I was able to download the program, check the signature, and sig file, and extract the files from tar. However, to fully install the application (and have it recognized as a full-fledged program), it was mentioned to place the tor-browser folder into the /usr/local/share directory - once that is completed, transfer to said tor-browser directory, to register the app with the ./start-tor-browser.desktop --register-app command.

However, attempts to move to that directory fail, as I am blocked from changing to that directory either with my normal username - or when I use sudo. After switching to root with su -, I was able to transfer the tor-browser folder to /usr/local/share - but I am now unable to transfer to that /usr/local/share/tor-browser folder while using my normal login - even under sudo: I don't receive an error message - the system just doesn't transfer me any further than the /usr/local/share directory.

I checked /etc/sudoers to confirm that my login (for this issue I'll just list it as "test-user") is in the wheel group for sudo command execution - but even though that is confirmed, I can't get into the tor-browser folder with either the regular user login - or via sudo:

[test-user@XXXXX share]$ pwd
/usr/local/share
[test-user@XXXXX share]$ ls ./
applications  info  man  tor-browser
[test-user@XXXXX share]$ cd ./tor-browser/
bash: cd: ./tor-browser/: Permission denied
[test-user@XXXXX share]$ sudo !!
sudo cd ./tor-browser/
[sudo] password for test-user:
[test-user@XXXXX share]$ sudo cd ./tor-browser/
[test-user@XXXXX share]$

****************************************************

Attempts to run the command as root resulted in this:

[root@XXXXX share]# cd /usr/local/share/tor-browser
[root@XXXXX tor-browser]# ls ./
Browser  start-tor-browser.desktop
[root@XXXXX tor-browser]# ./start-tor-browser.desktop --register-app
Launching './Browser/start-tor-browser --detach --register-app'...
./Browser/start-tor-browser: line 28: [: : integer expression expected

(zenity:128507): dbind-WARNING **: 03:11:28.802: Couldn't register with accessibility bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
[root@XXXXX tor-browser]#

[test-user@XXXXX share]$ sudo -i
[root@XXXXX ~]# cd /usr/local/share/tor-browser
[root@XXXXX tor-browser]# ./start-tor-browser.desktop --register-app
Launching './Browser/start-tor-browser --detach --register-app'...
./Browser/start-tor-browser: line 28: [: : integer expression expected

(zenity:232875): dbind-WARNING **: 03:54:24.051: Couldn't register with accessibility bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

I'm trying to research this error - but not making much headway with the information found here, as the sudo -i command didn't improve things:



As the application passed its signature checks, I don't think that there is any issue there.
I've also confirmed with confirmed with ufw that port 9050 was open.

My system's setup is as such:

[test-user@XXXXX ~]$ neofetch
        #####           test-user@scion1208
       #######          -------------------
       ##O#O##          OS: Rocky Linux 9.3 (Blue Onyx) x86_64
       #######          Host: 700-074
     ###########        Kernel: 6.6.9-1.el9.elrepo.x86_64
    #############       Uptime: 12 hours, 35 mins
   ###############      Packages: 2392 (rpm), 25 (flatpak)
   ################     Shell: bash 5.1.8
  #################     Resolution: 1280x1024, 1920x1080
#####################   WM: KWin
#####################   Theme: Adwaita [GTK2/3]
  #################     Icons: Adwaita [GTK2/3]
Terminal: konsole
CPU: Intel i5-4430 (4) @ 3.200GHz
GPU: Intel HD Graphics
Memory: 8764MiB / 15660MiB

My current questions are:
1. why is my username not allowing access to the /usr/local/share/tor-browser folder, if I already confirmed that username as having sudo access?
and
2. has anyone experienced an issue in which you were blocked from areas on the OS even as sudo's root?

 

[Priest_Apostate]

Also attempted to chmod to commit recursive access to the start-tor-browser-desktop - no change:

[root@XXXXX tor-browser]# cd ..
[root@XXXXX share]# ls -l ./
total 4
drwxr-xr-x.  2 root root   28 Jan  4 13:04 applications
drwxr-xr-x.  2 root root    6 May 16  2022 info
drwxr-xr-x. 21 root root 4096 Feb 13  2023 man
drwx------.  3 root root   54 Dec 31  1999 tor-browser
[root@XXXXX share]# cd ./tor-browser/
[root@XXXXX tor-browser]# ls -l ./
total 8
drwx------. 10 root root 4096 Dec 31  1999 Browser
-rwx------.  1 root root 1710 Dec 31  1999 start-tor-browser.desktop
[root@XXXXX tor-browser]# cd ..
[root@XXXXX share]# chmod -R 766 ./tor-browser/
[root@XXXXX share]# ls -la
total 4
drwxr-xr-x.  6 root root   68 Jan 13 14:13 .
drwxr-xr-x. 12 root root  131 Feb 13  2023 ..
drwxr-xr-x.  2 root root   28 Jan  4 13:04 applications
drwxr-xr-x.  2 root root    6 May 16  2022 info
drwxr-xr-x. 21 root root 4096 Feb 13  2023 man
drwxrw-rw-.  3 root root   54 Dec 31  1999 tor-browser
[root@XXXXX share]# chmod -R 777 ./tor-browser/
[root@XXXXX share]# exit
exit
[test-user@XXXXX share]$ sudo cd /usr/local/share
[sudo] password for test-user:
[test-user@XXXXX share]$ sudo cd /usr/local/share/tor-browser/
[test-user@XXXXX share]$ sudo ls -la /usr/local/share/tor-browser/
total 8
drwxrwxrwx.  3 root root   54 Dec 31  1999 .
drwxr-xr-x.  6 root root   68 Jan 13 14:13 ..
drwxrwxrwx. 10 root root 4096 Dec 31  1999 Browser
-rwxrwxrwx.  1 root root 1710 Dec 31  1999 start-tor-browser.desktop
[test-user@XXXXX share]$

 

[Condobloke]

instead of sudo....use sudo su

Just a thought.

 

[Tolkem]

If you just want to run tor-browser, place it on /opt directory or on /usr/local/bin. And stop messing around with sudo or root. There's no need at all to do any of the things you're doing.

 

[Priest_Apostate]

If you just want to run tor-browser, place it on /opt directory or on /usr/local/bin. And stop messing around with sudo or root. There's no need at all to do any of the things you're doing.

I don't wish to just run the tor browser - I wish to have the program fully installed upon the system (and have it recognized by same as an application).

I am unable to cd to the /usr/local/share/tor-browser directory with my username. I don't receive an error message - the system just doesn't transfer me any further than the /usr/local/share directory. While I could just transfer to the /opt directory, I am curious as to why is the system not allowing me to access the /usr/local/share/tor-browser directory under my normal login - or via sudo, as per the documentation.

 

[Priest_Apostate]

instead of sudo....use sudo su

Just a thought.

Root allows me to access the folder - but then refuses to complete the --register-app command, without giving the error message, and warning popup to not run tor under root.

[test-user@XXXXX ~]$ sudo su
[sudo] password for test-user:  
[test-user@XXXXX home]# pwd
/home/
[root@XXXXX home]# cd /usr/local/share/tor-browser
[root@XXXXX tor-browser]# ./start-tor-browser.desktop --register-app
Launching './Browser/start-tor-browser --detach --register-app'...
./Browser/start-tor-browser: line 28: [: : integer expression expected

(zenity:316303): dbind-WARNING **: 12:39:07.511: Couldn't register with accessibility bus: Did not receive a reply.
 Possible causes include: the remote application did not send a reply, the message bus security policy blocked the
reply, the reply timeout expired, or the network connection was broken.

[root@XXXXX tor-browser]#

 

[Tolkem]

I am unable to cd to the /usr/local/share/tor-browser

You don't have to. Read here https://www.golinuxcloud.com/install-tor-browser-on-rocky-linux/

 

[osprey]

Tor's instructions for installation are here:

INSTALLATION | Tor Project | Tor Browser Manual

Defend yourself against tracking and surveillance. Circumvent censorship. | INSTALLATION

tb-manual.torproject.org

In particular, if the graphical instructions aren't congruent with your Rocky installation, the command line method is the simplest and does work. If you use that command line method to get "proof of concept" that tor works, you can then integrate it into your Rocky desktop.

You need to know that running a browser as root is a security risk for your system, because it potentially exposes root of your system to online intruders so it's best not done.

When you install tor, the instructions are to make its own directory. This can be in a directory within your home directory. It doesn't need to be in the system files, though if you have other users on the system that you wish to be able to use tor, then you can place it in /opt (as suggested in post #4 by @Tolkem), which is used for such purposes, then create a link from /usr/local/bin to the tor executable under /opt.

Changing the permissions in the tor files with chmod is not a good idea at all and will likely lead to trouble because the tor browser is a finely crafted bit of software with high security in mind which means that the permissions of each file in its software likely needs to have just those permissions that have been set in it's original downloaded form.

Perhaps clearing any existing tor software, and starting again with the verified tarball using the tor website instructions might be useful.

Also useful is to read the file: start-tor-browser.desktop under the tor top directory.

 

[Priest_Apostate]

Tor's instructions for installation are here:

INSTALLATION | Tor Project | Tor Browser Manual

Defend yourself against tracking and surveillance. Circumvent censorship. | INSTALLATION

tb-manual.torproject.org

In particular, if the graphical instructions aren't congruent with your Rocky installation, the command line method is the simplest and does work. If you use that command line method to get "proof of concept" that tor works, you can then integrate it into your Rocky desktop.

You need to know that running a browser as root is a security risk for your system, because it potentially exposes root of your system to online intruders so it's best not done.

When you install tor, the instructions are to make its own directory. This can be in a directory within your home directory. It doesn't need to be in the system files, though if you have other users on the system that you wish to be able to use tor, then you can place it in /opt (as suggested in post #4 by @Tolkem), which is used for such purposes, then create a link from /usr/local/bin to the tor executable under /opt.

Changing the permissions in the tor files with chmod is not a good idea at all and will likely lead to trouble because the tor browser is a finely crafted bit of software with high security in mind which means that the permissions of each file in its software likely needs to have just those permissions that have been set in it's original downloaded form.

Perhaps clearing any existing tor software, and starting again with the verified tarball using the tor website instructions might be useful.

Also useful is to read the file: start-tor-browser.desktop under the tor top directory.

I seem to be explaining things poorly. I am unable to access the /usr/local/share/tor-browser under my regular profile - which is what I was originally trying to resolve. Under said profile, I am only able to access the /usr/local/share directory. Attempts to go one level further to the tor-browser directory with my regular profile fail: I am only able to go as far as the /usr/local/share directory. As such, I attempted with root, as neither the regular profile, or using sudo under my regular profile allowed access to the /usr/local/share/tor-browser directory (no error message was provided - the command is just ignored).

I know that using root is a security risk - I was just using that as a way to investigate as to what was going on.
My end-goal desire is to have the application recognized as such for the OS. I also wish to said program to be accessible for any users logging into the system.
I also wanted to find out what was the issue with my regular profile being blocked from accesing said directory (which is why I tried chmod).

I was able to use the tor application as a portable application - one that wasn't actually installed to the system (said application was run from the desktop): as such, I don't think that there is anything installed (although I could be wrong).

I will attempt using the /opt directory as recommended - but I was trying to investigate why I was blocked from accessing the /usr/local/share directory, as per the documentation that I originally used.

I'll also examine the documentation that you provided from the torproject.org site.

 

[Tolkem]

My end-goal desire is to have the application recognized as such for the OS.

Here https://www.golinuxcloud.com/install-tor-browser-on-rocky-linux/ clearly says that you don't need to be root to do that, just cd into the tor-browser dir (the one that got created after extracting the .tar file you downloaded) and run

./start-tor-browser.desktop --register-app

and according to that tutorial "You will see the message "Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/." You can now see the Tor browser app in the applications menu." Have you tried that?

 

[Condobloke]

So, you double click on home....then on File system....then right click on usr and select open as root...pwd etc

Then locate Local...dble click there...and then locate share.....

Does this approximate the system in Rocky ?

If not....ignore.

 

[Priest_Apostate]

You don't have to. Read here https://www.golinuxcloud.com/install-tor-browser-on-rocky-linux/

This is where I'm getting confused, as that was one of the two links that I referenced in my original post:

As I don't read cues very well, I am thinking that you're maybe telling me that I am overlooking something on that page - so I will re-examine it to make sure that I am not missing anything (if I am wrong, please let me know). The main goal is for me to have this program recognized as an application to the OS (as opposed to it just being a portable program).

 

[osprey]

I was trying to investigate why I was blocked from accessing the /usr/local/share directory, as per the documentation that I originally used.

That sounds like a permissions issue.

The directory /usr/local/share, and the directories under it have permissions: 755, as follows:

[tom@min /usr/local/share]$ ls -al
total 28
drwxr-xr-x  7 root root  4096 Dec 26 08:38 .
drwxr-xr-x 10 root root  4096 Nov 15 08:21 ..
drwxr-xr-x  2 root root  4096 Nov 15 08:29 ca-certificates
drwxrwsr-x  2 root staff 4096 Nov 15 08:29 fonts
drwxr-xr-x  3 root root  4096 Nov 18 06:41 man
drwxr-xr-x  7 root root  4096 Nov 15 08:29 sgml
drwxr-xr-x  6 root root  4096 Dec 26 08:38 xml

So, if you have a tor directory there, perhaps try to give it the same permissions: chmod 755 tor-browser.

I can confirm however, that if you had created this directory, tor-browser, in your home directory, by installing there where you have access to all files, the permissions are: 700, as follows:

drwx------ 3 tom tom 4.0K Jan 15 07:45 tor-browser

so if tor was unpacked in /usr/share/local, it would likely have set itself under 700 permissions. If you change the top permission to find out if it makes a change for you, no other permissions ought to be changed for reasons already mentioned. To run the tor browser though, it's best to restore its original permission of 700 and run the startup command from elsewhere.

 

[Condobloke]

Does Rocky Linux have a software manager ? (Click menu and type in software manager?...or it may be listed under applications??)

 

[Condobloke]

When you get the chance....Read this:

How to Install Tor Browser on Rocky Linux EL9 or EL8 - LinuxCapable

Learn how to install Tor Browser on Rocky Linux 9 or 8 using Manual download or Flatpak with Flathub installation.

www.linuxcapable.com

 

[Priest_Apostate]

One other thing that just came up:
Attempts to install Tor with Method 2 on the link provided (https://www.golinuxcloud.com/install-tor-browser-on-rocky-linux/) seem to cause the install to complete - but the application doesn't appear in the application list, after performing the dnf update && dnf upgrade -y command.

 

[Priest_Apostate]

Does Rocky Linux have a software manager ? (Click menu and type in software manager?...or it may be listed under applications??)

I can try that now, after I remove the earlier install attempts. If that works, that is great - but I would like to isolate why my attempts to install from Bash are failing.

[test-user@XXXXX ~]$ sudo dnf install tor
[sudo] password for test-user:  
Last metadata expiration check: 0:33:39 ago on Sun 14 Jan 2024 06:54:00 PM PST.
Dependencies resolved.
===================================================================================================================
 Package                    Architecture             Version                          Repository              Size
===================================================================================================================
Installing:
tor                        x86_64                   0.4.8.10-1.el9                   Tor                    3.3 M
Installing dependencies:
torsocks                   x86_64                   2.4.0-1.el9                      epel                    68 k

Transaction Summary
===================================================================================================================
Install  2 Packages

Total download size: 3.3 M
Installed size: 19 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): torsocks-2.4.0-1.el9.x86_64.rpm                                              65 kB/s |  68 kB     00:01    
(2/2): tor-0.4.8.10-1.el9.x86_64.rpm                                               648 kB/s | 3.3 MB     00:05    
-------------------------------------------------------------------------------------------------------------------
Total                                                                              605 kB/s | 3.3 MB     00:05      
Tor for Enterprise Linux 9 - x86_64                                                3.2 kB/s | 3.8 kB     00:01    
Importing GPG key 0x3621CD35:
 Userid     : "Kushal Das (RPM Signing key) <[email protected]>"
 Fingerprint: 999E C8E3 14BC 8D46 022D 6C7D E217 C30C 3621 CD35
 From       : https://rpm.torproject.org/centos/public_gpg.key
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                           1/1  
  Installing       : torsocks-2.4.0-1.el9.x86_64                                                               1/2  
  Running scriptlet: tor-0.4.8.10-1.el9.x86_64                                                                 2/2  
  Installing       : tor-0.4.8.10-1.el9.x86_64                                                                 2/2  
  Running scriptlet: tor-0.4.8.10-1.el9.x86_64                                                                 2/2  
  Verifying        : tor-0.4.8.10-1.el9.x86_64                                                                 1/2  
  Verifying        : torsocks-2.4.0-1.el9.x86_64                                                               2/2  

Installed:
  tor-0.4.8.10-1.el9.x86_64                               torsocks-2.4.0-1.el9.x86_64                              

Complete!
[test-user@XXXXX ~]$ sudo dnf update && sudo dnf upgrade -y
Last metadata expiration check: 0:34:41 ago on Sun 14 Jan 2024 06:54:00 PM PST.
Dependencies resolved.
Nothing to do.
Complete!
Last metadata expiration check: 0:34:43 ago on Sun 14 Jan 2024 06:54:00 PM PST.
Dependencies resolved.
Nothing to do.
Complete!

I tried removing the previous installs, and reinstalling from scratch, using the commands above, which seems to have worked - but I can't find the program in the GUI's Applications list

 

[Tolkem]

I am overlooking something on that page

Yes, I think you are. You either misread or got confused. I read that twice trying to find any reference to any of the things you've done and couldn't find any. By the way, in post #6 you posted a screenshot that seems to indicate that you're using KDE Plasma? If so, this can be a lot easier.

 

[Priest_Apostate]

Yes, I think you are. You either misread or got confused. I read that twice trying to find any reference to any of the things you've done and couldn't find any. By the way, in post #6 you posted a screenshot that seems to indicate that you're using KDE Plasma? If so, this can be a lot easier.

That's fair - but the steps that I attempted were performed to try to fix the problem of being unable to to access the /usr/local/share/tor-browser directory, in order to perform the --register-app command under my normal, non-root/sudo login.
The original idea was to attempt to download and install the tor browser from Bash.

 

[Tolkem]

The original idea was to attempt to download and install the tor browser from Bash.

And you can: Download, extract, cd into the newly created directory, and run:

./start-tor-browser.desktop --register-app