tor refuses to create AF_LOCAL SOCKS sockets accessible by other users
(Copied from https://bugs.debian.org/797341#)
I tried to use this option: SocksPort unix:/var/run/tor-socks (And also one in a directory owned by the Tor user with mode 0755.)
But Tor refuses to create the socket: [warn] Before Tor can create a SOCKS socket in "/var/run/tor-socks", the directory "/var/run" needs to exist, and to be accessible only by the user and group account that is running Tor. (On some Unix systems, anybody who can list a socket can connect to it, so Tor is being careful.)
The point of the socket was to allow access by other users. I don't see a reason to restrict Unix SOCKS ports this way, since the TCP ports are already accessible by all. The Unix port could be more secure, because Tor could get the uid of the client and enforce isolation between users. This seems like a leftover ControlSocket restriction.
- Michael