From b99f70f344f92ef9734d899a2d9d9a3b8ddb6847 Mon Sep 17 00:00:00 2001
From: NW <nw@softuniq.eu>
Date: Wed, 24 Jun 2026 12:16:59 +0100
Subject: [PATCH] fix: HiddenServiceDir must be chmod 700 for Tor

Tor requires HiddenServiceDir to be 700. Root can still read hostname
files inside 700 dirs, so the background onion-writer works fine.
---
 tor-proxy/entrypoint.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tor-proxy/entrypoint.sh b/tor-proxy/entrypoint.sh
index b3690df..0434351 100644
--- a/tor-proxy/entrypoint.sh
+++ b/tor-proxy/entrypoint.sh
@@ -32,8 +32,7 @@ fi
 
 mkdir -p /var/lib/tor/ssh /var/lib/tor/admin
 chown -R tor:nogroup /var/lib/tor
-chmod 700 /var/lib/tor
-chmod 755 /var/lib/tor/ssh /var/lib/tor/admin
+chmod 700 /var/lib/tor /var/lib/tor/ssh /var/lib/tor/admin
 
 cat > /etc/tor/torrc <<EOF
 # Generated by entrypoint.sh at container start