reorder, clean up manpage. add SafeLogging entry.

svn:r4223

1 files changed, 58 insertions, 52 deletions

diff --git a/doc/tor.1.in b/doc/tor.1.in
index 01a49b3ba8..48981aba98 100644
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -28,19 +28,6 @@ Other options can be specified either on the command-line (\fI--option
 value\fR), or in the configuration file (\fIoption value\fR).
 Options are case-insensitive.
 .TP
-\fBLog \fR\fIminSeverity\fR[-\fImaxSeverity\fR] \fBstderr\fR|\fBstdout\fR|\fBsyslog\fR\fP
-Send all messages between \fIminSeverity\fR and \fImaxSeverity\fR to
-the standard output stream, the standard error stream, or to the system
-log. (The "syslog" value is only supported on Unix.)  Recognized
-severity levels are debug, info, notice, warn, and err.  If only one
-severity level is given, all messages of that level or higher will be
-sent to the listed destination.
-.TP
-\fBLog \fR\fIminSeverity\fR[-\fImaxSeverity\fR] \fBfile\fR \fIFILENAME\fP
-As above, but send log messages to the listed filename.  The "Log"
-option may appear more than once in a configuration file.  Messages
-are sent to all the logs that match their severity level.
-.TP
 \fBBandwidthRate \fR\fIN\fR \fBbytes\fR|\fBKB\fR|\fBMB\fR|\fBGB\fR|\fBTB\fP
 A token bucket limits the average incoming bandwidth on this node to
 the specified number of bytes per second. (Default: 2 MB)
@@ -55,9 +42,36 @@ who ask to build circuits through them (since this is proportional to
 advertised bandwidth rate) can thus reduce the CPU demands on their
 server without impacting network performance.
 .TP
+\fBControlPort \fR\fIPort\fP
+If set, Tor will accept connections from the same machine (localhost only) on
+this port, and allow those connections to control the Tor process using the
+Tor Control Protocol (described in control-spec.txt).  Note: unless you also
+specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP,
+setting this option will cause Tor to allow any process on the local host to
+control it.
+.TP
+\fBHashedControlPassword \fR\fIhashed_password\fP
+Don't allow any connections on the control port except when the other process
+knows the password whose one-way hash is \fIhashed_password\fP.  You can
+compute the hash of a password by running "tor --hash-password
+\fIpassword\fP".
+.TP
+\fBCookieAuthentication \fR\fB0\fR|\fB1\fP
+If this option is set to 1, don't allow any connections on the control port
+except when the connecting process knows the contents of a file named
+"control_auth_cookie", which Tor will create in its data directory.  This
+authentication methods should only be used on systems with good filesystem
+security. (Default: 0)
+.TP
 \fBDataDirectory \fR\fIDIR\fP
 Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
 .TP
+\fBDirFetchPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
+Every time the specified period elapses, Tor downloads a directory.
+A directory contains a signed list of all known servers as well as
+their current liveness status. A value of "0 seconds" tells Tor to choose an
+appropriate default. (Default: 1 hour for clients, 20 minutes for servers.)
+.TP
 \fBDirServer \fR\fIaddress:port fingerprint\fP
 Use a nonstandard authoritative directory server at the provided
 address and port, with the specified key fingerprint.  This option can
@@ -88,6 +102,19 @@ proxy only allows connecting to certain ports.
 To keep firewalls from expiring connections, send a padding keepalive
 cell on open connections every NUM seconds. (Default: 5 minutes.)
 .TP
+\fBLog \fR\fIminSeverity\fR[-\fImaxSeverity\fR] \fBstderr\fR|\fBstdout\fR|\fBsyslog\fR\fP
+Send all messages between \fIminSeverity\fR and \fImaxSeverity\fR to
+the standard output stream, the standard error stream, or to the system
+log. (The "syslog" value is only supported on Unix.)  Recognized
+severity levels are debug, info, notice, warn, and err.  If only one
+severity level is given, all messages of that level or higher will be
+sent to the listed destination.
+.TP
+\fBLog \fR\fIminSeverity\fR[-\fImaxSeverity\fR] \fBfile\fR \fIFILENAME\fP
+As above, but send log messages to the listed filename.  The "Log"
+option may appear more than once in a configuration file.  Messages
+are sent to all the logs that match their severity level.
+.TP
 \fBMaxConn \fR\fINUM\fP
 Maximum number of simultaneous sockets allowed.  You probably don't need
 to adjust this. (Default: 1024)
@@ -103,46 +130,20 @@ On startup, write our PID to FILE. On clean shutdown, remove FILE.
 \fBRunAsDaemon \fR\fB0\fR|\fB1\fR\fP
 If 1, Tor forks and daemonizes to the background. (Default: 0)
 .TP
-\fBUser \fR\fIUID\fP
-On startup, setuid to this user.
+\fBSafeLogging \fR\fB0\fR|\fB1\fP
+If 1, Tor replaces potentially sensitive strings in the logs
+(e.g. addresses) with the string [scrubbed]. This way logs can still be
+useful, but they don't leave behind personally identifying information
+about what sites a user might have visited. (Default: 1)
 .TP
-\fBControlPort \fR\fIPort\fP
-If set, Tor will accept connections from the same machine (localhost only) on
-this port, and allow those connections to control the Tor process using the
-Tor Control Protocol (described in control-spec.txt).  Note: unless you also
-specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP,
-setting this option will cause Tor to allow any process on the local host to
-control it.
+\fBStatusFetchPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
+Every time the specified period elapses, Tor downloads signed status
+information about the current state of known servers.  A value of
+"0 seconds" tells Tor to choose an appropriate default. (Default: 30
+minutes for clients, 15 minutes for servers.)
 .TP
-\fBHashedControlPassword \fR\fIhashed_password\fP
-Don't allow any connections on the control port except when the other process
-knows the password whose one-way hash is \fIhashed_password\fP.  You can
-compute the hash of a password by running "tor --hash-password
-\fIpassword\fP".
-.TP
-\fBCookieAuthentication \fR\fB0\fR|\fB1\fP
-If this option is set to 1, don't allow any connections on the control port
-except when the connecting process knows the contents of a file named
-"control_auth_cookie", which Tor will create in its data directory.  This
-authentication methods should only be used on systems with good filesystem
-security.
-.TP
-\fBDirFetchPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
-Every time the specified period elapses, Tor downloads a directory.
-A directory contains a signed list of all known servers as well as
-their current liveness status. A value of "0 seconds" tells Tor to choose an
-appropriate default. (Default: 1 hour for clients, 20 minutes for servers.)
-.TP
-\fBStatusFetchPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP Every time the
-specified period elapses, Tor downloads signed status information about the
-current state of known servers.  A value of "0 seconds" tells Tor to choose
-an appropriate default. (Default: 30 minutes for clients, 15 minutes for
-servers.)  (Default: 20 minutes.)
-.TP
-\fBRendPostPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
-Every time the specified period elapses, Tor uploads any rendezvous
-service descriptors to the directory servers.  This information is also
-uploaded whenever it changes.  (Default: 20 minutes.)
+\fBUser \fR\fIUID\fP
+On startup, setuid to this user.
 
 .SH CLIENT OPTIONS
 .PP
@@ -437,6 +438,11 @@ ones; most people can leave this unset.
 \fBHiddenServiceExcludeNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
 Do not use the specified nodes as introduction points for the hidden
 service. In normal use there is no reason to set this.
+.TP
+\fBRendPostPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
+Every time the specified period elapses, Tor uploads any rendezvous
+service descriptors to the directory servers.  This information is also
+uploaded whenever it changes.  (Default: 20 minutes.)
 
 .\" UNDOCUMENTED
 .\" ignoreversion
@@ -491,6 +497,6 @@ The tor process stores keys and other data here.
 .BR http://tor.eff.org/
 
 .SH BUGS
-Plenty, probably. It's still in alpha. Please report them.
+Plenty, probably. Tor is still in development. Please report them.
 .SH AUTHORS
 Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>.