无法以非特权用户身份运行privoxy

Here is what I did. I'm running the following commands as user, who is sudoer, on an Ubuntu 20.04.

安装

我创建了一个特定的用户。我想以该用户身份运行privoxy。他不随便。

sudo addgroup privoxy_user
sudo /sbin/adduser privoxy_user --system --no-create-home --ingroup privoxy_user

I downloaded the source files from sourceforge (privoxy-3.0.28-stable) and I put it in /tmp.

cd /tmp
wget privoxy-xxx.tar.gz
cd privoxy-xxx

然后,我运行以下命令。

autoheader
autoconf
./configure --prefix=/usr/local/privoxy --disable-toggle --disable-editor --disable-force --with-user=privoxy_user --with-group=privoxy_user 'CFLAGS=-O3 -m64 -mtune=native -pipe' 'LDFLAGS=-m64'
make -j 12
sudo make install

组态

我保存了实际的配置文件,并创建了一个新的干净文件。

sudo mv /usr/local/privoxy/etc/config /usr/local/privoxy/etc/config.save
sudo grep -o '^[^#]*' /usr/local/privoxy/etc/config.save > /tmp/config
sudo mv /tmp/config /usr/local/privoxy/etc/config

我编辑了privoxy配置文件。

sudo nano /usr/local/privoxy/etc/config

我添加了以下行(我的项目需要它)

forward-socks5t   /               127.0.0.1:9050 .

在启动时自动启动privoxy

然后,为了在启动时启动privoxy,我创建了一个systemd服务文件。

sudo nano /etc/systemd/system/privoxy_instance.service

我把这个贴在里面了。

[Unit]
Description=Anonymizer - Start Privoxy instance
After=network.target local-fs.target

[Service]
ExecStart=/usr/local/privoxy/sbin/privoxy --pidfile /tmp/privoxy.pid /usr/local/privoxy/etc/config
Restart=always
TimeoutStopSec=10
User=privoxy_user
Group=privoxy_user
RemainAfterExit=true

[Install]
WantedBy=multi-user.target

我启用,启动并检查了服务状态。

sudo systemctl enable /etc/systemd/system/privoxy_instance.service
sudo systemctl start privoxy_instance
sudo systemctl status privoxy_instance

Here is the output of systemctl status

$ systemctl -l status privoxy_instance
● privoxy_instance.service - Anonymizer - Start Privoxy instance
     Loaded: loaded (/etc/systemd/system/privoxy_instance.service; enabled; vendor preset: enabled)
     Active: active (exited) since Sat 2020-05-23 18:29:24 UTC; 2s ago
    Process: 27868 ExecStart=/usr/local/privoxy/sbin/privoxy --pidfile /tmp/privoxy.pid /usr/local/privoxy/etc/config (code=exited, status=0/SUCCESS)
   Main PID: 27868 (code=exited, status=0/SUCCESS)
      Tasks: 1 (limit: 2281)
     Memory: 724.0K
     CGroup: /system.slice/privoxy_instance.service
             └─27869 /usr/local/privoxy/sbin/privoxy --pidfile /tmp/privoxy.pid /usr/local/privoxy/etc/config

mai 23 18:29:24 117-anonymyzer2-ub-2004 systemd[1]: Started Anonymizer - Start Privoxy instance.
mai 23 18:29:24 117-anonymyzer2-ub-2004 privoxy[27869]: 2020-05-23 18:29:24.428 7fd01c1c4740 Error: Ignoring directive 'enforce-blocks'. FEATURE_FORCE_LOAD is disabled, blocks will always be enforced.

正如您在上面看到的那样,一切都正常进行。

Also, a netstat shows ne that privoxy is listening :

$ netstat -plant | grep 8118
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 127.0.0.1:8118          0.0.0.0:*               LISTEN      -

这是过程:

$ ps -aux | grep privoxy
privoxy+   28016  0.0  0.1   3428  2136 ?        Ss   18:51   0:00 /usr/local/privoxy/sbin/privoxy --pidfile /tmp/privoxy.pid /usr/local/privoxy/etc/config

这是我的第一个问题:

  • Why is the command ps -aux telling me that privoxy+ is running the process, when I used the parameter User=privoxy_user in the systemd service file ?

重要笔记

Now, if I edit my systemd service file and replace /usr/local/privoxy/sbin/privoxy --pidfile /tmp/privoxy.pid /usr/local/privoxy/etc/config by /usr/local/privoxy/sbin/privoxy --pidfile /tmp/privoxy.pid --user privoxy_user.privoxy_user /usr/local/privoxy/etc/config (I added --user privoxy_user.privoxy_user).

然后,我重新加载systemd服务并重新启动该服务。

sudo systemctl daemon-reload
sudo systemctl restart privoxy_instance

Then privoxy doesn't start and the service status tells me :

mai 23 18:30:30 117-anonymyzer2-ub-2004 privoxy[27953]: 2020-05-23 18:30:30.942 7f6b003c8740 Fatal error: initgroups() failed: Operation not permitted

然后我想某处存在许可问题,购买我不知道在哪里。

所以这是我的第二个问题:

  • Why the parameter --user privoxy_user.privoxy_user isn't working ?

感谢您日后的帮助!

评论