Best Practices for Securely Configuring Restricted SSH User Access to View Node Status via Nyx

What is the optimal strategy for creating a new user on a Linux machine, with SSH access and limited permissions restricted solely to viewing the node status through the nyx command?

I tried to do this through simple manual creation of a new user, but when I run nyx it asks me to read the file /run/tor/control.authcookie.
I then gave read permissions to this file and now the user can open Nyx but sees nothing.

Before continuing to give random permissions I think it is appropriate to ask for more information through this forum, also because I would like to understand what kind of permissions are needed and maybe even why.

Thanks for the support onions :onion: :purple_heart:

On my own relay I SSH with my normal user account, but I run Nyx as the debian-tor user with the command:

sudo -u debian-tor nyx

Basically I think you have to run Nyx as the same user which owns the tor process. You can run it as root but it gives a warning. What command have you been using to run Nyx so far?

I have access to the machine through the default user root who has administrator permissions and generally I have always used the simple nyx command.

Now, however, I would like to create a second user so that he can access the same machine via ssh and have the ability to run nyx so that he can check the status of the node but without acquiring administrator permissions, also because in theory for nyx they are not required.

I basically do the same thing. I am running Ubuntu LTS and I have a user called, “tux”. Tux is in the debian-tor group. As a part of that group, he has access to Nyx.

The steps I took:

  • Create a user.
  • Add them to the debian-tor group.
  • Logout/login so the new group is activated for that user.
  • Test that they can use Nyx without admin rights.

If you are using a different Linux distribution, then will need to change this a bit to work with your distro of choice.

1 Like

Great idea! Thanks to your direction I was able to solve it by running the command:

# id debian-tor
> uid=104(debian-tor) gid=109(debian-tor) groups=109(debian-tor)
# id user-tor
> uid=1000(user-tor) gid=1000(user-tor) groups=1000(user-tor)
# usermod -g 109 user-tor# 109 becouse it is my debian-tor group id
> ...
# usermod -G debian-tor user-tor
> ...
# exit

and then re-logging with user aleff I was able to see nyx correctly

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.