mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-20 02:09:24 +01:00
Code Issues Projects Releases Wiki Activity

Document options that can't be changed while tor is running

Browse Source 
Closes #21122, bug on multiple tor versions.
This commit is contained in:
teor 2017-01-03 14:51:46 +11:00
parent 97ed2ce085
commit ceeaf04d16
No known key found for this signature in database
GPG Key ID: 450CBA7F968F094B
2 changed files with 37 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug21122 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (documentation):
- Update the tor manual page to document every option that can not be
changed while tor is running. Fixes bug 21122; bugfix on multiple tor
versions.

44
doc/tor.1.txt
View File

@ -390,7 +390,8 @@ GENERAL OPTIONS
file readable by the default GID. (Default: 0) file readable by the default GID. (Default: 0)
[[DataDirectory]] **DataDirectory** __DIR__:: [[DataDirectory]] **DataDirectory** __DIR__::
Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor) Store working data in DIR. Can not be changed while tor is running.
(Default: @LOCALSTATEDIR@/lib/tor)
[[DataDirectoryGroupReadable]] **DataDirectoryGroupReadable** **0**|**1**:: [[DataDirectoryGroupReadable]] **DataDirectoryGroupReadable** **0**|**1**::
If this option is set to 0, don't allow the filesystem group to read the If this option is set to 0, don't allow the filesystem group to read the
@ -464,7 +465,8 @@ GENERAL OPTIONS
not supported. We believe that this feature works on modern Gnu/Linux not supported. We believe that this feature works on modern Gnu/Linux
distributions, and that it should work on *BSD systems (untested). This distributions, and that it should work on *BSD systems (untested). This
option requires that you start your Tor as root, and you should use the option requires that you start your Tor as root, and you should use the
**User** option to properly reduce Tor's privileges. (Default: 0) **User** option to properly reduce Tor's privileges.
Can not be changed while tor is running. (Default: 0)
[[DisableDebuggerAttachment]] **DisableDebuggerAttachment** **0**|**1**:: [[DisableDebuggerAttachment]] **DisableDebuggerAttachment** **0**|**1**::
If set to 1, Tor will attempt to prevent basic debugging attachment attempts If set to 1, Tor will attempt to prevent basic debugging attachment attempts
@ -539,7 +541,20 @@ GENERAL OPTIONS
[[Sandbox]] **Sandbox** **0**|**1**:: [[Sandbox]] **Sandbox** **0**|**1**::
If set to 1, Tor will run securely through the use of a syscall sandbox. If set to 1, Tor will run securely through the use of a syscall sandbox.
Otherwise the sandbox will be disabled. The option is currently an Otherwise the sandbox will be disabled. The option is currently an
experimental feature. (Default: 0) experimental feature. Can not be changed while tor is running.
When the Sandbox is 1, the following options can not be changed when tor
is running:
Address
ConnLimit
CookieAuthFile
DirPortFrontPage
ExtORPortCookieAuthFile
Logs
ServerDNSResolvConfFile
Tor must remain in client or server mode (some changes to ClientOnly and
ORPort are not allowed).
(Default: 0)
[[Socks4Proxy]] **Socks4Proxy** __host__[:__port__]:: [[Socks4Proxy]] **Socks4Proxy** __host__[:__port__]::
Tor will make all OR connections through the SOCKS 4 proxy at host:port Tor will make all OR connections through the SOCKS 4 proxy at host:port
@ -627,7 +642,7 @@ GENERAL OPTIONS
[[PidFile]] **PidFile** __FILE__:: [[PidFile]] **PidFile** __FILE__::
On startup, write our PID to FILE. On clean shutdown, remove On startup, write our PID to FILE. On clean shutdown, remove
FILE. FILE. Can not be changed while tor is running.
[[ProtocolWarnings]] **ProtocolWarnings** **0**|**1**:: [[ProtocolWarnings]] **ProtocolWarnings** **0**|**1**::
If 1, Tor will log with severity \'warn' various cases of other parties not If 1, Tor will log with severity \'warn' various cases of other parties not
@ -643,6 +658,7 @@ GENERAL OPTIONS
[[RunAsDaemon]] **RunAsDaemon** **0**|**1**:: [[RunAsDaemon]] **RunAsDaemon** **0**|**1**::
If 1, Tor forks and daemonizes to the background. This option has no effect If 1, Tor forks and daemonizes to the background. This option has no effect
on Windows; instead you should use the --service command-line option. on Windows; instead you should use the --service command-line option.
Can not be changed while tor is running.
(Default: 0) (Default: 0)
[[LogTimeGranularity]] **LogTimeGranularity** __NUM__:: [[LogTimeGranularity]] **LogTimeGranularity** __NUM__::
@ -659,7 +675,8 @@ GENERAL OPTIONS
[[SyslogIdentityTag]] **SyslogIdentityTag** __tag__:: [[SyslogIdentityTag]] **SyslogIdentityTag** __tag__::
When logging to syslog, adds a tag to the syslog identity such that When logging to syslog, adds a tag to the syslog identity such that
log entries are marked with "Tor-__tag__". (Default: none) log entries are marked with "Tor-__tag__". Can not be changed while tor is
running. (Default: none)
[[SafeLogging]] **SafeLogging** **0**|**1**|**relay**:: [[SafeLogging]] **SafeLogging** **0**|**1**|**relay**::
Tor can scrub potentially sensitive strings from log messages (e.g. Tor can scrub potentially sensitive strings from log messages (e.g.
@ -674,6 +691,7 @@ GENERAL OPTIONS
[[User]] **User** __Username__:: [[User]] **User** __Username__::
On startup, setuid to this user and setgid to their primary group. On startup, setuid to this user and setgid to their primary group.
Can not be changed while tor is running.
[[KeepBindCapabilities]] **KeepBindCapabilities** **0**|**1**|**auto**:: [[KeepBindCapabilities]] **KeepBindCapabilities** **0**|**1**|**auto**::
On Linux, when we are started as root and we switch our identity using On Linux, when we are started as root and we switch our identity using
@ -681,20 +699,23 @@ GENERAL OPTIONS
try to retain our ability to bind to low ports. If this value is 1, we try to retain our ability to bind to low ports. If this value is 1, we
try to keep the capability; if it is 0 we do not; and if it is **auto**, try to keep the capability; if it is 0 we do not; and if it is **auto**,
we keep the capability only if we are configured to listen on a low port. we keep the capability only if we are configured to listen on a low port.
Can not be changed while tor is running.
(Default: auto.) (Default: auto.)
[[HardwareAccel]] **HardwareAccel** **0**|**1**:: [[HardwareAccel]] **HardwareAccel** **0**|**1**::
If non-zero, try to use built-in (static) crypto hardware acceleration when If non-zero, try to use built-in (static) crypto hardware acceleration when
available. (Default: 0) available. Can not be changed while tor is running. (Default: 0)
[[AccelName]] **AccelName** __NAME__:: [[AccelName]] **AccelName** __NAME__::
When using OpenSSL hardware crypto acceleration attempt to load the dynamic When using OpenSSL hardware crypto acceleration attempt to load the dynamic
engine of this name. This must be used for any dynamic hardware engine. engine of this name. This must be used for any dynamic hardware engine.
Names can be verified with the openssl engine command. Names can be verified with the openssl engine command. Can not be changed
while tor is running.
[[AccelDir]] **AccelDir** __DIR__:: [[AccelDir]] **AccelDir** __DIR__::
Specify this option if using dynamic hardware acceleration and the engine Specify this option if using dynamic hardware acceleration and the engine
implementation library resides somewhere other than the OpenSSL default. implementation library resides somewhere other than the OpenSSL default.
Can not be changed while tor is running.
[[AvoidDiskWrites]] **AvoidDiskWrites** **0**|**1**:: [[AvoidDiskWrites]] **AvoidDiskWrites** **0**|**1**::
If non-zero, try to write to disk less frequently than we would otherwise. If non-zero, try to write to disk less frequently than we would otherwise.
@ -1181,7 +1202,8 @@ The following options are useful only for clients (that is, if
NUM must be between 1 and 1000, inclusive. Note that the configured NUM must be between 1 and 1000, inclusive. Note that the configured
bandwidth limits are still expressed in bytes per second: this bandwidth limits are still expressed in bytes per second: this
option only affects the frequency with which Tor checks to see whether option only affects the frequency with which Tor checks to see whether
previously exhausted connections may read again. (Default: 100 msec) previously exhausted connections may read again.
Can not be changed while tor is running. (Default: 100 msec)
[[TrackHostExits]] **TrackHostExits** __host__,__.domain__,__...__:: [[TrackHostExits]] **TrackHostExits** __host__,__.domain__,__...__::
For each value in the comma separated list, Tor will track recent For each value in the comma separated list, Tor will track recent
@ -2436,7 +2458,7 @@ The following options are used to configure a hidden service.
HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be set HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be set
to 1. Since a Single Onion service is non-anonymous, you can not configure to 1. Since a Single Onion service is non-anonymous, you can not configure
a SOCKSPort on a tor instance that is running in a SOCKSPort on a tor instance that is running in
**HiddenServiceSingleHopMode**. **HiddenServiceSingleHopMode**. Can not be changed while tor is running.
(Default: 0) (Default: 0)
[[HiddenServiceNonAnonymousMode]] **HiddenServiceNonAnonymousMode** **0**|**1**:: [[HiddenServiceNonAnonymousMode]] **HiddenServiceNonAnonymousMode** **0**|**1**::
@ -2444,8 +2466,8 @@ The following options are used to configure a hidden service.
non-anonymous HiddenServiceSingleHopMode. Enables direct connections in the non-anonymous HiddenServiceSingleHopMode. Enables direct connections in the
server-side hidden service protocol. If you are using this option, server-side hidden service protocol. If you are using this option,
you need to disable all client-side services on your Tor instance, you need to disable all client-side services on your Tor instance,
including setting SOCKSPort to "0". including setting SOCKSPort to "0". Can not be changed while tor is
(Default: 0) running. (Default: 0)
TESTING NETWORK OPTIONS TESTING NETWORK OPTIONS
----------------------- -----------------------