[tor-bugs] #25890 [Core Tor/Nyx]: add instructions for running nyx safely to the FAQ
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 23 01:35:20 UTC 2018
#25890: add instructions for running nyx safely to the FAQ
--------------------------+-----------------------------------
Reporter: arma | Owner: atagar
Type: enhancement | Status: needs_information
Priority: Medium | Milestone:
Component: Core Tor/Nyx | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+-----------------------------------
Comment (by arma):
nusenu: right, the tor-relay-debian page did indeed assume you were using
the deb.
atagar, the goal here is to provide some concrete advice for all the
people who were trained by arm in the past to su to debian-tor and run arm
as the debian-tor user. That was a bad idea (because it gives arm
permissions to things that it doesn't need). The better idea is to add
the-user-that-will-run-nyx to the debian-tor group, and then use the fact
that the controlsocket is reachable by anybody in the group so
authentication can happen smoothly.
To be more specific, I suggest the question would be something like "How
should I connect nyx to my relay on Debian?" and the answer would be
something like "as the user that will be running nyx, run "sudo adduser
$USER debian-tor" to add your user to the debian-tor group so it can reach
Tor's controlsocket. Then log out and log back in (so your user is
actually in the group), and run nyx. This approach is safer than the one
where you run nyx as the debian-tor user directly, since in that case
you'd be giving nyx more access to your Tor private files than it needs."
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25890#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list