6

I have found this entry in /etc/passwd:

debian-tor:x:117:123::/var/lib/tor:/bin/false

But there is no /var/lib/tor folder. This is on a server not a desktop.

Kulfy
  • 17,416
  • 26
  • 64
  • 103
fndtn357
  • 163
  • 5

1 Answers1

6

This is a user that is created by installing tor or tor-browser.

For instance, if you look into postinst script of tor package, you'll see:

# checking debian-tor account

uid=`getent passwd debian-tor | cut -d ":" -f 3`
home=`getent passwd debian-tor | cut -d ":" -f 6`

# if there is the uid the account is there and we can do
# the sanit(ar)y checks otherwise we can safely create it.

if [ "$uid" ]; then
    if [ "$home" = "/var/lib/tor" ]; then
        :
        #echo "debian-tor homedir check: ok"
    else
        echo "ERROR: debian-tor account has an unexpected home directory!"
        echo "It should be '/var/lib/tor', but it is '$home'."
        echo "Removing the debian-tor user might fix this, but the question"
        echo "remains how you got into this mess to begin with."
        exit 1
    fi
else
    adduser --quiet \
        --system \
        --disabled-password \
        --home /var/lib/tor \
        --no-create-home \
        --shell /bin/false \
        --group \
        debian-tor
fi


for i in lib log; do
    if ! [ -d "/var/$i/tor" ]; then
        echo "Something or somebody made /var/$i/tor disappear."
        echo "Creating one for you again."
        mkdir "/var/$i/tor"
    fi
done

which restorecon >/dev/null 2>&1 && restorecon /var/lib/tor
chown debian-tor:debian-tor /var/lib/tor
chmod 02700 /var/lib/tor

which restorecon >/dev/null 2>&1 && restorecon /var/log/tor
chown debian-tor:adm /var/log/tor
chmod 02750 /var/log/tor

But this user is not removed when you uninstall tor. I don't see anything that removes the user in prerm, or postrm script.

So it means that you have tor installed, or installed it previously.

There is no harm in having some extra user in your system, but you can remove it if you like.

You can remove the user by running

sudo deluser debian-tor
Pilot6
  • 88,764
  • 91
  • 205
  • 313
  • that's exactly why I have asked. I have not nor would I ever install tor on a web server. So my follow-up question is how would i see the post-installation file that you are referencing in your answer and how to I remove the user and purge my system? If I run tor -v it is not installed. also, there is no /var/lib/tor directory. – fndtn357 Jul 11 '20 at 12:34
  • 1
    I added howto remove the user from your system. The postinst file is located in `tor` deb. Most likely someone installed `tor` and then removed it. I can't guess more. – Pilot6 Jul 11 '20 at 12:38
  • thanks. interesting response afterward - Removing user `debian-tor' ... Warning: group `debian-tor' has no more members. Done. – fndtn357 Jul 11 '20 at 12:41
  • So you can remove the group too. Nothing remarkable. The group had only one user. – Pilot6 Jul 11 '20 at 12:42
  • groupdel: group 'debian-tor' does not exist it just all seems very fishy – fndtn357 Jul 11 '20 at 12:44
  • 2
    Most likely the group was automatically deleted when you deleted the only user from it. – Pilot6 Jul 11 '20 at 12:45
  • @Pilot6 As for me, some authoritative link is needed. Like [this](https://codesearch.debian.net/search?q=getent+passwd+debian-tor&literal=1). – N0rbert Jul 11 '20 at 15:04
  • @N0rbert Anyone can download `tor` from Ubuntu repos and look into postinst script. – Pilot6 Jul 11 '20 at 15:32