[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Relay Or/Dirport Unreachable

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Relay Or/Dirport Unreachable
From: lists@xxxxxxxxxxxxxxx
Date: Sat, 21 Mar 2020 17:35:28 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 21 Mar 2020 12:35:45 -0400
In-reply-to: <20200320081955.GB2689@moria.seul.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <81c9d37fc8cb5d8d603abed9412cfacc@for-privacy.net> <80BBDA7C-84E1-458B-8A44-0CD45C38573A@icloud.com> <20200320081955.GB2689@moria.seul.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.3.3

On 20.03.2020 09:19, Roger Dingledine wrote:

On Thu, Mar 19, 2020 at 07:57:53PM +0100, Mario Costa wrote:
Or you could just add your user to the debian-tor group, so it will beable to access the nyx control Unix socket.
This is definitely imo the better approach rather than sudo'ing your
nyx to the debian-tor user.

If you sudo to debian-tor, then your nyx gets access to all of your Tor
keys, and if nyx has a security flaw then it can do more damage.
Whereas if you add your own user to the debian-tor group, and then runnyx
as yourself, you are better isolated from pieces of Tor that nyx has no
business being able to access.

.... >8

Thanks for the explanation @Roger & Mario.


Is there anything wrong with usermod in terms of security?

sudo adduser $USER debian-tor
sudo usermod -aG debian-tor $USER


@Kathi

Then ignore my instructions from our private conversation later on yourrelay.



--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Relay Or/Dirport Unreachable
  - From: Roger Dingledine

References:
- Re: [tor-relays] Relay Or/Dirport Unreachable
  - From: lists
- Re: [tor-relays] Relay Or/Dirport Unreachable
  - From: Mario Costa
- Re: [tor-relays] Relay Or/Dirport Unreachable
  - From: Roger Dingledine

Prev by Author: Re: [tor-relays] tor relay
Next by Author: Re: [tor-relays] Migrating to a new data center
Previous by thread: Re: [tor-relays] Relay Or/Dirport Unreachable
Next by thread: Re: [tor-relays] Relay Or/Dirport Unreachable
Index(es):
- Author
- Thread