File: README.Debian

package info (click to toggle)
tor 0.4.5.16-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 40,504 kB
  • sloc: ansic: 303,976; sh: 7,386; python: 1,822; makefile: 686; perl: 242
file content (76 lines) | stat: -rw-r--r-- 2,964 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
This is the Debian package for Tor, The Onion Router.

# Startup and Configuration

If Tor is started by init, it loads the configuration snippets from
/usr/share/tor/tor-service-defaults-torrc before consulting /etc/tor/torrc.

The tor-service-defaults-torrc file tells Tor to run as daemon, create
pidfile, sets its data directory and configures cookie authentication.

If Tor is started not from the init script, then it will behave like
upstream's Tor.

# Multiple instances

As of 0.2.7.4, the package supports running multiple instances of Tor
under systemd.  Please consult the tor-instance-create(8) manpage
for details.

# Logging

As of the 0.3.0.x tree, the Debian packages for Tor by
default log to syslog.

You can restore the previous behavior by adding something
like "Log notice file /var/log/tor/log" to your torrc.

# Filesystem access by the Tor service

Note that due to systemd and apparmor protections, the places on the
filesystem which the tor process can access is limited.  (See the
service files [1] for details.)  As such, hidden service directories
should be created in subdirectories below Tor's DataDirectory [2].

## Onion services using UNIX domain sockets

Tor's onion services can access their backends not only via TCP but also
via UNIX domain sockets (see also the tor(1) manpage).

UNIX domain sockets are not currently covered by filesystem restrictions
from systemd and apparmor.  As such, they can be put anywhere as long as
the filesystem namespace is visible.  In particular, this means /home
does not work by default, but anything under /var should.

It is suggested that sockets be placed in a special directory under
/var/lib [3].  Note that while systemd and apparmor do not currently
limit access to sockets, you still need to ensure that the Tor
process may access them according to the default UNIX file and directory
permissions.

Example: The backend is run by user webfu.  The default Tor instance
  should be able to access the socket.
  .
  The admin creates the directory /var/lib/tor-onion-sockets/default/webfu/
  and makes it mode 02750 owned by webfu:debian-tor.  Then she configures
  the backend service to create the socket in this directory and
  configures Tor to use that socket.  The socket should be read and
  writable by the tor process as well, so it should be either g+rw when
  its group can be debian-tor, or a+rw when not.


1: /lib/systemd/system/tor@default.service and
   /lib/systemd/system/tor@.service
2: /var/lib/tor and
   /var/lib/tor-instances/<instancename>
3: /var/lib/tor-onion-sockets/default and
   /var/lib/tor-onion-sockets/<instancename>
4: https://bugs.debian.org/846275

-- 
Peter Palfrader, Mon, 24 Jul 2006 05:20:30 +0200
                 Sat, 23 Feb 2008 13:44:40 +0100
                 Wed, 11 Jan 2012 21:31:44 +0100
                 Mon, 19 Oct 2015 18:21:24 +0200
                 Mon, 19 Dec 2016 09:56:05 +0100
                 Sat, 04 Mar 2017 10:39:58 +0100