diff options
| author | Jérémy Bobbio <lunar@debian.org> | 2011-04-23 02:35:02 +0200 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-05-15 20:20:28 -0400 |
| commit | d41ac64ad68811d8575db6e456fba470b0c3fde7 (patch) | |
| tree | 36c7e6b5e560f6dfe60d0734f6085ece6e3defee /doc | |
| parent | 2b9c5ee301f705cbf69c725ca749d4ac752c06d3 (diff) | |
| download | tor-d41ac64ad68811d8575db6e456fba470b0c3fde7.tar tor-d41ac64ad68811d8575db6e456fba470b0c3fde7.tar.gz | |
Add UnixSocketsGroupWritable config flag
When running a system-wide instance of Tor on Unix-like systems, having
a ControlSocket is a quite handy mechanism to access Tor control
channel. But it would be easier if access to the Unix domain socket can
be granted by making control users members of the group running the Tor
process.
This change introduces a UnixSocketsGroupWritable option, which will
create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows
ControlSocket to offer same access control measures than
ControlPort+CookieAuthFileGroupReadable.
See <http://bugs.debian.org/552556> for more details.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tor.1.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index d95d764c6..d0d0c2f7c 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -167,6 +167,11 @@ Other options can be specified either on the command-line (--option Like ControlPort, but listens on a Unix domain socket, rather than a TCP socket. (Unix and Unix-like systems only.) +**UnixSocketsGroupWritable** **0**|**1**:: + If this option is set to 0, don't allow the filesystem group to read and + write unix sockets (e.g. ControlSocket). If the option is set to 1, make + the control socket readable and writable by the default GID. (Default: 0) + **HashedControlPassword** __hashed_password__:: Don't allow any connections on the control port except when the other process knows the password whose one-way hash is __hashed_password__. You |