[tor-relays] ControlPort Authentication Options
Ralph Seichter
m16+tor at monksofcool.net
Sun Sep 3 11:29:56 UTC 2017
On 03.09.2017 02:42, Roger Dingledine wrote:
> In the man page, it's listed as a flag to ControlPort.
Ouch, I did not see this last night. In my defence, I find it hard to
distinguish between "options" and "flags for options" listed on the page
https://www.torproject.org/docs/tor-manual.html.en even during daytime,
because of the lack of distinguishing marks (same font, size, style and
colour). RelaxDirModeCheck is apparently a flag, while ControlListenAddress
directly below it is an option. May I suggest improving the formatting
to avoid future misunderstandings?
In any case, here is what works for me with Tor 0.3.0.10:
CookieAuthentication 1
CookieAuthFile /var/lib/tor/cookie_auth
CookieAuthFileGroupReadable 1
ControlPort unix:/run/tor/control GroupWritable RelaxDirModeCheck
With this combination, all members of the Tor user's primary group can
access Nyx without manually entering a controller password. Downside, as
mentioned, they cannot see any currently established connections.
By the way, the options above seem inconsistent to me. CookieAuthFile
should have a flag like this
# Feature request: GroupReadable flag
CookieAuthFile /path/to/file GroupReadable
instead of using the separate option CookieAuthFileGroupReadable. That
would be consistent with how the ControlPort settings are specified.
My thanks to Damian and Roger.
-Ralph
More information about the tor-relays
mailing list