Add ability to keep the CAP_NET_BIND_SERVICE capability on Linux

This feature allows us to bind low ports when starting as root and switching UIDs. Based on code by David Goulet. Implement feature 8195
author: Nick Mathewson <nickm@torproject.org> 2015-11-06 13:12:44 -0500
committer: Nick Mathewson <nickm@torproject.org> 2015-12-15 13:10:57 -0500
commit: e8cc839e41adc4975a61fee62abe7f6664fd0c0e (patch)
tree: e1a5bc14b66ae047858e24fe2fc4d8903a5a7a0f /doc/tor.1.txt
parent: af80d472f7d6cb32370176d4dd02b5194adf0f3d (diff)
download: tor-e8cc839e41adc4975a61fee62abe7f6664fd0c0e.tar.gz
tor-e8cc839e41adc4975a61fee62abe7f6664fd0c0e.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 916433b164..a7bf28bbd5 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -601,6 +601,14 @@ GENERAL OPTIONS
 [[User]] **User** __UID__::
     On startup, setuid to this user and setgid to their primary group.
 
+[[KeepCapabilities]] **KeepCapabilities** **0**|**1**|**auto**::
+    On Linux, when we are started as root and we switch our identity using
+    the **User** option, the **KeepCapabilities** option tells us whether to
+    try to retain our ability to bind to low ports.  If this value is 1, we
+    try to keep the capability; if it is 0 we do not; and if it is **auto**,
+    we keep the capability only if we are configured to listen on a low port.
+    (Default: auto.)
+
 [[HardwareAccel]] **HardwareAccel** **0**|**1**::
     If non-zero, try to use built-in (static) crypto hardware acceleration when
     available. (Default: 0)
author	Nick Mathewson <nickm@torproject.org>	2015-11-06 13:12:44 -0500
committer	Nick Mathewson <nickm@torproject.org>	2015-12-15 13:10:57 -0500
commit	e8cc839e41adc4975a61fee62abe7f6664fd0c0e (patch)
tree	e1a5bc14b66ae047858e24fe2fc4d8903a5a7a0f /doc/tor.1.txt
parent	af80d472f7d6cb32370176d4dd02b5194adf0f3d (diff)
download	tor-e8cc839e41adc4975a61fee62abe7f6664fd0c0e.tar.gz tor-e8cc839e41adc4975a61fee62abe7f6664fd0c0e.zip