Permissions are set so tor should be able to access through the `postfix-test-queue` user:
$ sudo ls -l /var/spool/postfix-test/public/smtpd srw-rw-rw- 1 postfix-test postfix-test 0 █████ /var/spool/postfix-test/public/smtpd $ sudo ls -l /var/spool/postfix-test # ... drwx--x--- 2 postfix-test postfix-test-queue 4096 █████ public $ sudo -u _tor-test id uid=130(_tor-test) gid=141(_tor-test) groups=141(_tor-test),1006(postfix-test-queue) $ cat /etc/tor/instances/test/torrc | grep HiddenServicePort HiddenServicePort 25 unix:/var/spool/postfix-test/public/smtpd $ cat /run/tor-instances/test.defaults | grep User User _tor-test
Running `tor@test` via the default systemctl config shows:
$ ps -ax -o uid,gid,supgid,command | grep /usr/bin/tor 130 141 141 /usr/bin/tor --defaults-torrc /run/tor-instances/test.defaults -f /etc/tor/instances/test/torrc
Which is missing the `postfix-test-queue` `1006` user which, for example shows up if I do:
$ sudo -u _tor-test sleep 1000 & ps -ax -o uid,gid,supgid,command | grep sleep [1] 132314 0 141 141,1006 sudo -u _tor-test sleep 1000
Connecting using `sudo -u` works (the message indicates successful connection):
$ sudo -u _tor-test curl --unix-socket /var/spool/postfix-test/public/smtpd http://localhost curl: (1) Received HTTP/0.9 when not allowed
But connecting via tor does not:
$ torsocks --ipv6 curl http://%E2%96%88%E2%96%88%E2%96%88%E2%96%88%E2%96%88.onion:25 █████ ERROR torsocks[134873]: Host unreachable (in socks5_recv_connect_reply() at socks5.c:539) curl: (7) Couldn't connect to server
But does if I allow access to the socket to everyone:
$ sudo chmod "o+x" /var/spool/postfix-test/public/ $ torsocks --ipv6 curl http://%E2%96%88%E2%96%88%E2%96%88%E2%96%88%E2%96%88.onion:25 curl: (1) Received HTTP/0.9 when not allowed
Tor's relevant source code: [Tor: lib/process/setuid.c Source File](https://tpo.pages.torproject.net/core/doc/tor/setuid_8c_source.html)