On Thu, Mar 19, 2020 at 07:57:53PM +0100, Mario Costa wrote:
Or you could just add your user to the debian-tor group, so it will be able to access the nyx control Unix socket.
This is definitely imo the better approach rather than sudo'ing your nyx to the debian-tor user.
If you sudo to debian-tor, then your nyx gets access to all of your Tor keys, and if nyx has a security flaw then it can do more damage.
Whereas if you add your own user to the debian-tor group, and then run nyx as yourself, you are better isolated from pieces of Tor that nyx has no business being able to access.
The Debian/Ubuntu instructions for doing this properly are listed at e.g. https://bugs.torproject.org/25890#comment:1 Or I'll say the updated version here: """ You might like to use the nyx relay monitor to watch your relay's activities from the command line. First, "sudo apt install nyx". Second, as the user that will be running nyx, run "sudo adduser $USER debian-tor" to add your user to the debian-tor group so it can reach Tor's controlsocket. Then log out and log back in (so your user is actually in the group), and run "nyx". """
We keep rearranging our docs and losing the instructions, and also Damian (the nyx developer) has been unenthusiastic about complicating nyx's docs with distro-specific instructions, so here we are.
--Roger