Commit eb6746f7 authored by Roger Dingledine's avatar Roger Dingledine
Browse files

reorder, clean up manpage. add SafeLogging entry.


svn:r4223
parent 9bc6e3aa
Loading
Loading
Loading
Loading
+58 −52
Original line number Diff line number Diff line
@@ -28,19 +28,6 @@ Other options can be specified either on the command-line (\fI--option
value\fR), or in the configuration file (\fIoption value\fR).
Options are case-insensitive.
.TP
\fBLog \fR\fIminSeverity\fR[-\fImaxSeverity\fR] \fBstderr\fR|\fBstdout\fR|\fBsyslog\fR\fP
Send all messages between \fIminSeverity\fR and \fImaxSeverity\fR to
the standard output stream, the standard error stream, or to the system
log. (The "syslog" value is only supported on Unix.)  Recognized
severity levels are debug, info, notice, warn, and err.  If only one
severity level is given, all messages of that level or higher will be
sent to the listed destination.
.TP
\fBLog \fR\fIminSeverity\fR[-\fImaxSeverity\fR] \fBfile\fR \fIFILENAME\fP
As above, but send log messages to the listed filename.  The "Log"
option may appear more than once in a configuration file.  Messages
are sent to all the logs that match their severity level.
.TP
\fBBandwidthRate \fR\fIN\fR \fBbytes\fR|\fBKB\fR|\fBMB\fR|\fBGB\fR|\fBTB\fP
A token bucket limits the average incoming bandwidth on this node to
the specified number of bytes per second. (Default: 2 MB)
@@ -55,9 +42,36 @@ who ask to build circuits through them (since this is proportional to
advertised bandwidth rate) can thus reduce the CPU demands on their
server without impacting network performance.
.TP
\fBControlPort \fR\fIPort\fP
If set, Tor will accept connections from the same machine (localhost only) on
this port, and allow those connections to control the Tor process using the
Tor Control Protocol (described in control-spec.txt).  Note: unless you also
specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP,
setting this option will cause Tor to allow any process on the local host to
control it.
.TP
\fBHashedControlPassword \fR\fIhashed_password\fP
Don't allow any connections on the control port except when the other process
knows the password whose one-way hash is \fIhashed_password\fP.  You can
compute the hash of a password by running "tor --hash-password
\fIpassword\fP".
.TP
\fBCookieAuthentication \fR\fB0\fR|\fB1\fP
If this option is set to 1, don't allow any connections on the control port
except when the connecting process knows the contents of a file named
"control_auth_cookie", which Tor will create in its data directory.  This
authentication methods should only be used on systems with good filesystem
security. (Default: 0)
.TP
\fBDataDirectory \fR\fIDIR\fP
Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
.TP
\fBDirFetchPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
Every time the specified period elapses, Tor downloads a directory.
A directory contains a signed list of all known servers as well as
their current liveness status. A value of "0 seconds" tells Tor to choose an
appropriate default. (Default: 1 hour for clients, 20 minutes for servers.)
.TP
\fBDirServer \fR\fIaddress:port fingerprint\fP
Use a nonstandard authoritative directory server at the provided
address and port, with the specified key fingerprint.  This option can
@@ -88,6 +102,19 @@ proxy only allows connecting to certain ports.
To keep firewalls from expiring connections, send a padding keepalive
cell on open connections every NUM seconds. (Default: 5 minutes.)
.TP
\fBLog \fR\fIminSeverity\fR[-\fImaxSeverity\fR] \fBstderr\fR|\fBstdout\fR|\fBsyslog\fR\fP
Send all messages between \fIminSeverity\fR and \fImaxSeverity\fR to
the standard output stream, the standard error stream, or to the system
log. (The "syslog" value is only supported on Unix.)  Recognized
severity levels are debug, info, notice, warn, and err.  If only one
severity level is given, all messages of that level or higher will be
sent to the listed destination.
.TP
\fBLog \fR\fIminSeverity\fR[-\fImaxSeverity\fR] \fBfile\fR \fIFILENAME\fP
As above, but send log messages to the listed filename.  The "Log"
option may appear more than once in a configuration file.  Messages
are sent to all the logs that match their severity level.
.TP
\fBMaxConn \fR\fINUM\fP
Maximum number of simultaneous sockets allowed.  You probably don't need
to adjust this. (Default: 1024)
@@ -103,46 +130,20 @@ On startup, write our PID to FILE. On clean shutdown, remove FILE.
\fBRunAsDaemon \fR\fB0\fR|\fB1\fR\fP
If 1, Tor forks and daemonizes to the background. (Default: 0)
.TP
\fBUser \fR\fIUID\fP
On startup, setuid to this user.
\fBSafeLogging \fR\fB0\fR|\fB1\fP
If 1, Tor replaces potentially sensitive strings in the logs
(e.g. addresses) with the string [scrubbed]. This way logs can still be
useful, but they don't leave behind personally identifying information
about what sites a user might have visited. (Default: 1)
.TP
\fBControlPort \fR\fIPort\fP
If set, Tor will accept connections from the same machine (localhost only) on
this port, and allow those connections to control the Tor process using the
Tor Control Protocol (described in control-spec.txt).  Note: unless you also
specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP,
setting this option will cause Tor to allow any process on the local host to
control it.
\fBStatusFetchPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
Every time the specified period elapses, Tor downloads signed status
information about the current state of known servers.  A value of
"0 seconds" tells Tor to choose an appropriate default. (Default: 30
minutes for clients, 15 minutes for servers.)
.TP
\fBHashedControlPassword \fR\fIhashed_password\fP
Don't allow any connections on the control port except when the other process
knows the password whose one-way hash is \fIhashed_password\fP.  You can
compute the hash of a password by running "tor --hash-password
\fIpassword\fP".
.TP
\fBCookieAuthentication \fR\fB0\fR|\fB1\fP
If this option is set to 1, don't allow any connections on the control port
except when the connecting process knows the contents of a file named
"control_auth_cookie", which Tor will create in its data directory.  This
authentication methods should only be used on systems with good filesystem
security.
.TP
\fBDirFetchPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
Every time the specified period elapses, Tor downloads a directory.
A directory contains a signed list of all known servers as well as
their current liveness status. A value of "0 seconds" tells Tor to choose an
appropriate default. (Default: 1 hour for clients, 20 minutes for servers.)
.TP
\fBStatusFetchPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP Every time the
specified period elapses, Tor downloads signed status information about the
current state of known servers.  A value of "0 seconds" tells Tor to choose
an appropriate default. (Default: 30 minutes for clients, 15 minutes for
servers.)  (Default: 20 minutes.)
.TP
\fBRendPostPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
Every time the specified period elapses, Tor uploads any rendezvous
service descriptors to the directory servers.  This information is also
uploaded whenever it changes.  (Default: 20 minutes.)
\fBUser \fR\fIUID\fP
On startup, setuid to this user.

.SH CLIENT OPTIONS
.PP
@@ -437,6 +438,11 @@ ones; most people can leave this unset.
\fBHiddenServiceExcludeNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
Do not use the specified nodes as introduction points for the hidden
service. In normal use there is no reason to set this.
.TP
\fBRendPostPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
Every time the specified period elapses, Tor uploads any rendezvous
service descriptors to the directory servers.  This information is also
uploaded whenever it changes.  (Default: 20 minutes.)

.\" UNDOCUMENTED
.\" ignoreversion
@@ -491,6 +497,6 @@ The tor process stores keys and other data here.
.BR http://tor.eff.org/

.SH BUGS
Plenty, probably. It's still in alpha. Please report them.
Plenty, probably. Tor is still in development. Please report them.
.SH AUTHORS
Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>.