> > FWIW this is already how Debian (and presumably other distros') tor packages > work: tor runs as a dedicated user. Already it is possible to grant other > users > access to the control port (from which they can already create and remove > hidden services). The reason why HS applications that create their own HSes > generally run their own instance of tor as their own uid is that the hidden > service data (key and hostname) written by tor is currently only readable by > the tor user. There is another patch to address this issue (in progress or > possibly already merged, sorry I'm not looking up the ticket right now) to
Already merged in 2.6.x. > allow this data to be written with permissions for another group to read it, > but this ephemeral HS plan of delivering the information over the control port > is obviously much better/more flexible. > From Valencia, > ~leif >From Valencia... the other end of the table from Leif in the same tiny room. David _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev