Package: tor Version: 0.2.6.10-1 I tried to use this option: SocksPort unix:/var/run/tor-socks (And also one in a directory owned by the Tor user with mode 0755.)
But Tor refuses to create the socket: [warn] Before Tor can create a SOCKS socket in "/var/run/tor-socks", the directory "/var/run" needs to exist, and to be accessible only by the user and group account that is running Tor. (On some Unix systems, anybody who can list a socket can connect to it, so Tor is being careful.) The point of the socket was to allow access by other users. I don't see a reason to restrict Unix SOCKS ports this way, since the TCP ports are already accessible by all. The Unix port could be more secure, because Tor could get the uid of the client and enforce isolation between users. This seems like a leftover ControlSocket restriction. - Michael -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: arm64 Kernel: Linux 4.1.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages tor depends on: ii adduser 3.113+nmu3 ii init-system-helpers 1.23 ii libc6 2.19-19 ii libevent-2.0-5 2.0.21-stable-2 ii libseccomp2 2.2.3-1 ii libssl1.0.0 1.0.2d-1 ii libsystemd0 224-2 ii lsb-base 4.1+Debian14 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages tor recommends: ii logrotate 3.8.7-2 ii tor-geoipdb 0.2.6.10-1 ii torsocks 2.1.0-1 Versions of packages tor suggests: pn apparmor-utils <none> pn mixmaster <none> ii obfs4proxy 0.0.5-2 ii obfsproxy 0.2.13-1 ii socat 1.7.3.0-1 ii tor-arm 1.4.5.0-1.1 ii torbrowser-launcher 0.2.0-2 -- Configuration Files: /etc/tor/torrc changed: SocksPort 127.0.0.1:900 SessionGroup=900 SocksPort 127.0.0.1:901 SessionGroup=901 SocksPort 127.0.0.1:902 SessionGroup=902 SocksPort 127.0.0.1:903 SessionGroup=903 SocksPort 127.0.0.1:904 SessionGroup=904 SocksPort 127.0.0.1:905 SessionGroup=905 SocksPort 127.0.0.1:906 SessionGroup=906 SocksPort 127.0.0.1:907 SessionGroup=907 SocksPort 127.0.0.1:908 SessionGroup=908 SocksPort 127.0.0.1:909 SessionGroup=909 SocksPolicy accept 74.116.186.120/29 SocksPolicy accept 172.23.0.0/18 SocksPolicy accept 127.0.0.1/32 SocksPolicy reject * HiddenServiceDir /var/lib/tor/hidden-ssh/ HiddenServicePort 22 127.0.0.1:22 HiddenServiceAuthorizeClient basic terra-mgold ORPort 443 ORPort 143 # imap ORPort 3690 NoAdvertise # subversion ORPort 8001 NoAdvertise ORPort 389 NoAdvertise # ldap Address 74.116.186.120 Nickname terra RelayBandwidthRate 75 KBytes RelayBandwidthBurst 95 KBytes ContactInfo 4096R/BA8239D3BD1DE48C ExitPolicy reject *:* # no exits allowed -- no debconf information
signature.asc
Description: Digital signature