search

vimagick / dockerfiles

:whale: A curated list of delicious docker recipes 🇺🇦🇮🇱 (Let's Fight Against Dictatorship)
https://hub.docker.com/u/vimagick/
3.13k stars 786 forks source link

tor is running as root - warning #4

Closed chriswayg closed 8 years ago

chriswayg commented 9 years ago

Hi, you made a nice collection of Dockerfiles there!

I'm getting this when starting tor:

[warn] You are running Tor as root. You don't need to, and you probably shouldn't.

Why is it not running as a user?

Chris

vimagick commented 9 years ago

Run docker container without --privileged and --cap-add options, quite secure.

To use a different user, please take a look at this Dockerfile.

chriswayg commented 9 years ago

Good, I did something similar in my version of the Dockerfile for Tor:

https://github.com/chriswayg/dockerfiles/blob/master/tor/Dockerfile

Chris

vimagick commented 8 years ago

I'm running tor as tor. No warning any more. :tada: 

$ docker-compose logs
Attaching to tor_tor_1
tor_1 | Sep 28 07:45:34.135 [notice] Tor v0.2.6.10 (git-58c51dc6087b0936) running on Linux with Libevent 2.0.22-stable, Ope
nSSL 1.0.2d and Zlib 1.2.8.
tor_1 | Sep 28 07:45:34.135 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject
.org/download/download#warning
tor_1 | Sep 28 07:45:34.136 [notice] Read configuration file "/etc/tor/torrc".
tor_1 | Sep 28 07:45:34.139 [notice] Based on detected system memory, MaxMemInQueues is set to 559 MB. You can override thi
s by setting MaxMemInQueues by hand.
tor_1 | Sep 28 07:45:34.139 [notice] Opening OR listener on 0.0.0.0:9001
tor_1 | Sep 28 07:45:34.000 [notice] We use pluggable transports but the Extended ORPort is disabled. Tor and your pluggabl
e transports proxy communicate with each other via the Extended ORPort so it is suggested you enable it: it will also allow
 your Bridge to collect statistics about its clients that use pluggable transports. Please enable it using the ExtORPort to
rrc option (e.g. set 'ExtORPort auto').
tor_1 | Sep 28 07:45:34.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
tor_1 | Sep 28 07:45:34.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
tor_1 | Sep 28 07:45:34.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be writte
n to the data directory in 24 hours from now.
tor_1 | Sep 28 07:45:34.000 [notice] You are running a new relay. Thanks for helping the Tor network! If you wish to know w
hat will happen in the upcoming weeks regarding its usage, have a look at https://blog.torproject.org/blog/lifecycle-of-a-n
ew-relay