[tor-relays] Relay Or/Dirport Unreachable
Roger Dingledine
arma at torproject.org
Fri Mar 20 08:19:55 UTC 2020
On Thu, Mar 19, 2020 at 07:57:53PM +0100, Mario Costa wrote:
> Or you could just add your user to the debian-tor group, so it will be able to access the nyx control Unix socket.
This is definitely imo the better approach rather than sudo'ing your
nyx to the debian-tor user.
If you sudo to debian-tor, then your nyx gets access to all of your Tor
keys, and if nyx has a security flaw then it can do more damage.
Whereas if you add your own user to the debian-tor group, and then run nyx
as yourself, you are better isolated from pieces of Tor that nyx has no
business being able to access.
The Debian/Ubuntu instructions for doing this properly are listed at e.g.
https://bugs.torproject.org/25890#comment:1
Or I'll say the updated version here:
"""
You might like to use the nyx relay monitor to watch your relay's
activities from the command line. First, "sudo apt install nyx".
Second, as the user that will be running nyx, run "sudo adduser $USER
debian-tor" to add your user to the debian-tor group so it can reach
Tor's controlsocket. Then log out and log back in (so your user is
actually in the group), and run "nyx".
"""
We keep rearranging our docs and losing the instructions, and also
Damian (the nyx developer) has been unenthusiastic about complicating
nyx's docs with distro-specific instructions, so here we are.
--Roger
More information about the tor-relays
mailing list