Hello gents,
I'd like to use a unix domain socket as HiddenServicePort target so I can remove networking capabilities from my hidden service's server process. Tor does not connect to my socket, though. Tor's debug level logging does not show any (comprehensible) errors. This is very frustrating to debug!
Because of the documentation of unix domain sockets in *other* parts of Tor, like ControlPort, SocksPort et. al., I suspect it is about permissions.
How *exactly* are the requirements of ownership and permissions of the socket and its directory and why? This is totally under-documented!
I've tried to look at the sources (https://trac.torproject.org/projects/tor/ticket/11485), but I could not make much sense of it. I've manage to somehow create a socket that worked, but firstly there are so many variables so for the love of gods I was not able reproduce it and secondly as far as I can recall that were perms that required elevated privileges to get them set, which is totally out of the question for production. I'd like to elaborate more on what did work, but I am truly lost!
Version: Tor 0.2.7.6 (git-605ae665009853bd)
TIA, Johannes