diff options
| author | Jérémy Bobbio <lunar@debian.org> | 2011-04-23 02:35:02 +0200 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-05-15 20:20:28 -0400 |
| commit | d41ac64ad68811d8575db6e456fba470b0c3fde7 (patch) | |
| tree | 36c7e6b5e560f6dfe60d0734f6085ece6e3defee /src/or/config.c | |
| parent | 2b9c5ee301f705cbf69c725ca749d4ac752c06d3 (diff) | |
| download | tor-d41ac64ad68811d8575db6e456fba470b0c3fde7.tar.gz tor-d41ac64ad68811d8575db6e456fba470b0c3fde7.zip | |
Add UnixSocketsGroupWritable config flag
When running a system-wide instance of Tor on Unix-like systems, having
a ControlSocket is a quite handy mechanism to access Tor control
channel. But it would be easier if access to the Unix domain socket can
be granted by making control users members of the group running the Tor
process.
This change introduces a UnixSocketsGroupWritable option, which will
create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows
ControlSocket to offer same access control measures than
ControlPort+CookieAuthFileGroupReadable.
See <http://bugs.debian.org/552556> for more details.
Diffstat (limited to 'src/or/config.c')
| -rw-r--r-- | src/or/config.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/or/config.c b/src/or/config.c index 6a2742d954..c81fc9c594 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -209,6 +209,7 @@ static config_var_t _option_vars[] = { V(ControlPortFileGroupReadable,BOOL, "0"), V(ControlPortWriteToFile, FILENAME, NULL), V(ControlSocket, LINELIST, NULL), + V(UnixSocketsGroupWritable, BOOL, "0"), V(CookieAuthentication, BOOL, "0"), V(CookieAuthFileGroupReadable, BOOL, "0"), V(CookieAuthFile, STRING, NULL), @@ -952,7 +953,7 @@ options_act_reversible(or_options_t *old_options, char **msg) } #ifndef HAVE_SYS_UN_H - if (options->ControlSocket) { + if (options->ControlSocket || options->UnixSocketsGroupWritable) { *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported" " on this OS/with this build."); goto rollback; |