That's not great for security, now nyx can read your tor private keys.
(It probably won't, but still…)
If you add your controller to the debian-tor group, and set the
appropriate options to make your cookie file group-readable,
then nyx can only read those files.
I'm not sure why that isn't working for you.
Does your torrc-defaults or torrc contain:
CookieAuthFileGroupReadable 1
If using a control socket:
- ControlPort unix:/path/to/file GroupWritable
- ControlPortFileGroupReadable 1
And maybe:
DataDirectoryGroupReadable 1
T