No, bypassing the root user check in the start script is not the answer!
Update: Since Kali Linux 2020.1, the default root user model changed. On new installations of Kali Linux, you will now create a non-root user which like many traditional Linux distributions, makes running standard software like Tor and other applications like Google Chrome much easier. You can skip most of the information in this guide now and install the torbrowser-launcher package directly from apt, as it?s part of Debian and launch the application normally from the GUI.
If you?ve used Kali Linux you?ll be familiar with the fact that it runs everything as the root user by default. For anyone who has some knowledge of how Linux user/permissions work, this sounds like a bad idea right? Yes, technically it is, but Kali is a specialised Linux distribution for a certain purpose. The Kali development team even acknowledges the point here.
So, when you see ?guides? or ?tutorials? on how to run the Tor Browser on Kali and it involves editing the actual start-tor-browser.desktop file to REMOVE the root user check. You need to immediately ignore any further information these people are telling you as they are not your friends and are either misinformed or really don?t know the implications of what they are actually doing.
Why shouldn?t you run the Tor Browser as root?
- While technically it will work, you risk having an elevated process with root access to something as sensitive as Tor/Tor Browser. This means if Tor or the browser component has a vulnerability, someone might have a field day with you and you?re pretty much owned, given its running under root and hence will have full access.
- Using the remove root check method, each time you update the Tor Browser, you?ll need to keep applying this.
- You can just as easily create a non-root user and run certain applications as it, while still being logged in as ?root?.
So how can you run Tor Browser properly in Kali Linux?
Essentially, you?ll want to create a new non-root user with a home directory, that can be used for this purpose. This will allow you to have a user account that?s not root (and doesn?t need to have sudo either) to run stuff like this.
Creating a Linux user is simple:
adduser –home-dir /home/kali kali
You will be asked to create a password and some information, most of which is not really needed.
In addition to the root user, you know have a new kali user account. You can login this account from the GDM (or whatever interface you?ve configured) to test the account.
Downloading the Tor Browser
You have two options for downloading the Tor Browser.
- Grab the Tor Browser https://www.torproject.org/projects/torbrowser.html.en and extract it manually.
- Use a package called torbrowser-launcher which can be found here: https://github.com/micahflee/torbrowser-launcher
Its worth noting that torbrowser-launcher is not officially part of Tor, but it does simplify obtaining and keeping Tor Browser up to date. Compared to manually downloading and extracting it yourself.
Installing torbrowser-launcher
I use option two, because its a bit more maintainable, supported on Debian and works with Kali Linux as well. You can install the package through the normal apt process.
apt install torbrowser-launcher
Easy.
Configuring torbrowser-launcher
Now comes the slightly more difficult part, but I can ensure you, it won?t involve editing shell scripts. You won?t be able to run torbrowser-launcher directly as root, because the same root user check will stop Tor Browser from running. You can however run this command as the kali user, while still logged in as root. First however, you?ll need to make sure the kali user is listed in xhost otherwise you?re going to loads of errors related to display not being available and GTK errors.
xhost si:localuser:kali
This should provide permissions for the Tor Browser to run properly as the non-root user. Now you?ll want to run torbrowser-launcher as another user. This can be done like so:
sudo -u kali -H torbrowser-launcher
The first time you run this the Tor Browser files will be downloaded. You should find this is being downloaded to the /home/kali directory, rather than root, which is what you want. After it runs through the initial setup process, you should eventually see:
Launching ‘./Browser/start-tor-browser –detach’…
This should then spawn a Tor connection window followed by the Tor Browser itself (modified version of Firefox). You can also find the Firefox and Tor process running under the non-root user, when using something like top or htop .
There we have it, a more considered and better way to run the Tor Browser on Kali Linux!
If you are running the Tor Browser via the root user with some hack. Please stop! Try the approach above, its much safer!
