From 0808ed83f9cf312abe229d0956f0b0132a79962d Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 15 Aug 2014 08:30:44 -0400 Subject: Restore functionality for CookieAuthFileGroupReadable. When we merged the cookieauthfile creation logic in 33c3e60a37, we accidentally took out this feature. Fixes bug 12864, bugfix on 0.2.5.1-alpha. Also adds an ExtORPortCookieAuthFileGroupReadable, since there's no reason not to. --- doc/tor.1.txt | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'doc/tor.1.txt') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 93d302eb9d..a85bc34803 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -224,6 +224,13 @@ GENERAL OPTIONS for the Extended ORPort's cookie file -- the cookie file is needed for pluggable transports to communicate through the Extended ORPort. +[[ExtORPortCookieAuthFileGroupReadable]] **ExtORPortCookieAuthFileGroupReadable** **0**|**1**:: + If this option is set to 0, don't allow the filesystem group to read the + Extende OR Port cookie file. If the option is set to 1, make the cookie + file readable by the default GID. [Making the file readable by other + groups is not yet implemented; let us know if you need this for some + reason.] (Default: 0) + [[ConnLimit]] **ConnLimit** __NUM__:: The minimum number of file descriptors that must be available to the Tor process before it will start. Tor will ask the OS for as many file -- cgit v1.2.3-54-g00ecf From 0ee1be0c698fa330a2ee2e4f2818e2118f459517 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 15 Aug 2014 08:32:54 -0400 Subject: Documentation fix on arguments to CookieAuthFileGroupReadable We don't actually allow a group name, but the documentation implied that we did. --- doc/tor.1.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/tor.1.txt') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index a85bc34803..900e588001 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -319,7 +319,7 @@ GENERAL OPTIONS If set, this option overrides the default location and file name for Tor's cookie file. (See CookieAuthentication above.) -[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**|__Groupname__:: +[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**:: If this option is set to 0, don't allow the filesystem group to read the cookie file. If the option is set to 1, make the cookie file readable by the default GID. [Making the file readable by other groups is not yet -- cgit v1.2.3-54-g00ecf From 112c984f9242699d273f3096d669eb1024d7f64b Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Fri, 15 Aug 2014 23:12:06 +0300 Subject: Some documentation fixes for #12864. --- doc/tor.1.txt | 2 +- src/or/config.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'doc/tor.1.txt') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 900e588001..04d13fbfbc 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -226,7 +226,7 @@ GENERAL OPTIONS [[ExtORPortCookieAuthFileGroupReadable]] **ExtORPortCookieAuthFileGroupReadable** **0**|**1**:: If this option is set to 0, don't allow the filesystem group to read the - Extende OR Port cookie file. If the option is set to 1, make the cookie + Extended OR Port cookie file. If the option is set to 1, make the cookie file readable by the default GID. [Making the file readable by other groups is not yet implemented; let us know if you need this for some reason.] (Default: 0) diff --git a/src/or/config.c b/src/or/config.c index 20fde3bd20..f53186a5f9 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -6825,6 +6825,9 @@ config_maybe_load_geoip_files_(const or_options_t *options, * in cookie_out. * Then write it down to fname and prepend it with header. * + * If group_readable is set, set fname to be readable + * by the default GID. + * * If the whole procedure was successful, set * cookie_is_set_out to True. */ int -- cgit v1.2.3-54-g00ecf