On 03.09.2017 02:42, Roger Dingledine wrote:
In the man page, it's listed as a flag to ControlPort.
Ouch, I did not see this last night. In my defence, I find it hard to distinguish between "options" and "flags for options" listed on the page https://www.torproject.org/docs/tor-manual.html.en even during daytime, because of the lack of distinguishing marks (same font, size, style and colour). RelaxDirModeCheck is apparently a flag, while ControlListenAddress directly below it is an option. May I suggest improving the formatting to avoid future misunderstandings?
In any case, here is what works for me with Tor 0.3.0.10:
CookieAuthentication 1 CookieAuthFile /var/lib/tor/cookie_auth CookieAuthFileGroupReadable 1 ControlPort unix:/run/tor/control GroupWritable RelaxDirModeCheck
With this combination, all members of the Tor user's primary group can access Nyx without manually entering a controller password. Downside, as mentioned, they cannot see any currently established connections.
By the way, the options above seem inconsistent to me. CookieAuthFile should have a flag like this
# Feature request: GroupReadable flag CookieAuthFile /path/to/file GroupReadable
instead of using the separate option CookieAuthFileGroupReadable. That would be consistent with how the ControlPort settings are specified.
My thanks to Damian and Roger.
-Ralph