On 20.03.2020 09:19, Roger Dingledine wrote:
On Thu, Mar 19, 2020 at 07:57:53PM +0100, Mario Costa wrote:
Or you could just add your user to the debian-tor group, so it will be able to access the nyx control Unix socket.
This is definitely imo the better approach rather than sudo'ing your nyx to the debian-tor user.
If you sudo to debian-tor, then your nyx gets access to all of your Tor keys, and if nyx has a security flaw then it can do more damage.
Whereas if you add your own user to the debian-tor group, and then run nyx as yourself, you are better isolated from pieces of Tor that nyx has no business being able to access.
.... >8
Thanks for the explanation @Roger & Mario.
Is there anything wrong with usermod in terms of security?
sudo adduser $USER debian-tor sudo usermod -aG debian-tor $USER
@Kathi
Then ignore my instructions from our private conversation later on your relay.