diff --git a/tor-master.service b/tor-master.service
index 4b21b7f..e6fce78 100644
--- a/tor-master.service
+++ b/tor-master.service
@@ -1,4 +1,7 @@
-# systemd targets cannot be reloaded, so use a service instead.
+# Use tor-master.service to restart/reload/stop the main tor.service and
+# all instances of tor@.service that are running.
+#
+# systemd targets cannot be reloaded so this is a service instead.
 
 [Unit]
 Description=Anonymizing overlay network for TCP (multi-instance master)
diff --git a/tor.service b/tor.service
index 86e0921..4c60acf 100644
--- a/tor.service
+++ b/tor.service
@@ -13,6 +13,7 @@ ExecReload=/bin/kill -HUP ${MAINPID}
 KillSignal=SIGINT
 TimeoutSec=30
 Restart=on-failure
+RestartSec=1
 WatchdogSec=1m
 LimitNOFILE=32768
 
@@ -26,6 +27,7 @@ ReadOnlyDirectories=/
 ReadWriteDirectories=/var/lib/tor
 ReadWriteDirectories=/var/log/tor
 CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
+PermissionsStartOnly=yes
 
 [Install]
 WantedBy = multi-user.target
diff --git a/tor@.service b/tor@.service
index 08933bc..8a5e1ed 100644
--- a/tor@.service
+++ b/tor@.service
@@ -13,6 +13,7 @@ ExecReload=/bin/kill -HUP ${MAINPID}
 KillSignal=SIGINT
 TimeoutSec=30
 Restart=on-failure
+RestartSec=1
 WatchdogSec=1m
 LimitNOFILE=32768
 
@@ -26,6 +27,7 @@ ReadOnlyDirectories=/
 ReadWriteDirectories=/var/lib/tor
 ReadWriteDirectories=/var/log/tor
 CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
+PermissionsStartOnly=yes
 
 [Install]
 WantedBy = multi-user.target