search

torproject / nyx

Command-line monitor for Tor.
https://nyx.torproject.org/
GNU General Public License v3.0
122 stars 26 forks source link

nyx with tor service #37

Closed realSConway closed 3 years ago

realSConway commented 3 years ago

Hello everybody, I have a questing using nyx to monitor my tor service; /usr/lib/systemd/system/tor.service

This service is run with sudo, when I attempt to run nyx, I get error.

❯ nyx
Unable to connect to tor. Maybe it's running without a ControlPort?

Editing /etc/tor/torrc, by adding 

ControlPort 9051
CookieAuthentication 1

Then restart tor service with sudo systemctl restart tor and attempt to start nyx. New error:

❯ nyx
We were unable to read tor's authentication cookie...

  Path: /var/run/tor/control/var/run/tor/control.authcookie
  Issue: Authentication failed: '/var/run/tor/control/var/run/tor/control.authcookie' doesn't exist

The paths above seem to be concatenated, but they do exist.

❯ ls /var/run/tor
control=  control.authcookie  socks=  tor.pid

Running sudo nyx works but, but expect this is not a good idea:

nyx - PC_NAME (Linux 5.xx.x-x-default)      Tor 0.4.4.6 (recommended)
Relaying Disabled, Control Socket: /var/run/tor/control GroupWritable RelaxDirModeCheck
cpu: 4.4% tor, 1.7% nyx    mem: 38 MB (0.2%)   pid: 1578   uptime: 1-06:56:35

page 1 / 5 - m: menu, p: pause, h: page help, q: quit
Bandwidth (limit: 1 GB/s, burst: 1 GB/s):
Download (1.9 MB/sec    - avg: 60.7 KB/sec):       Upload (61.4 KB/sec   - avg: 2.2 KB/sec):
2 MB                                               76 KB

2 MB                                               50 KB

808 KB                                             25 KB

0 B                                                0 B
           5s   10   15   20   25   30   35                  5s   10   15   20   25   30   35

Events (TOR/NYX NOTICE-ERR):
 │ 18:16:56 [NYX_NOTICE] Nyx is currently running with root permissions. This isn't a good idea, nor
 │   should it be necessary.
 │ 18:16:56 [NYX_NOTICE] No nyx configuration loaded, using defaults. You can customize nyx by placing
 │   a configuration file at /root/.nyx/config (see https://nyx.torproject.org/nyxrc.sample for its
 │   options).
 │ 18:16:56 [NOTICE] New control connection opened. [2 duplicates hidden]
 │ 17:23:38 [NOTICE] Average packaged cell fullness: 23.064%. TLS write overhead: 4% [2 duplicates
 │   hidden]
 │ 17:23:38 [NOTICE] 162405 (microdescriptor fetch)
 │ 17:23:38 [NOTICE] 1125220 (consensus network-status fetch)
─┘ 17:23:38 [NOTICE] While not bootstrapping, fetched this many bytes: [2 duplicates hidden]
atagar commented 3 years ago

Path: /var/run/tor/control/var/run/tor/control.authcookie

Hi, that is certainly odd. Unless I'm missing something this can only arise if nyx believes tor is running within a chroot. Are you running FreeBSD or does your non-root user have a '~/.nyx/config' with a 'tor_chroot' field?

https://gitweb.torproject.org/nyx.git/tree/nyx/__init__.py#n383

If not, please run 'nyx --debug' with your non-root user and provide the debug output (minus anything you feel is sensitive).

Thanks!

realSConway commented 3 years ago

Hi @atagar, thanks for the reply!

ok, so in '~/.nyx/config' I had tor_chroot with value: tor_chroot /var/run/tor/control This was the reason for Path: /var/run/tor/control/var/run/tor/control.authcookie Then I commented that line out, nyx -debug, this returned

Saving a debug log to ebug, please check it for sensitive information before sharing it.
We were unable to read tor's authentication cookie...

  Path: /var/run/tor/control.authcookie
  Issue: Authentication failed: unable to read '/var/run/tor/control.authcookie' ([Errno 13] Permission denied: '/var/run/tor/control.authcookie')

Does this mean it's not possible to use nyx as non-root user on a root service?

atagar commented 3 years ago

Does this mean it's not possible to use nyx as non-root user on a root service?

Hi, it means that your authentication cookie isn't readable by your user. Tor obnoxiously requires some additional setup (#24). Please check your cookie's filesystem permissions, then adjust torrc options like CookieAuthFileGroupReadable so your nyx user can read it.

realSConway commented 3 years ago

Ok, I'm not sure I quite understand.

But I got it working,

  1. for file /etc/tor/torrc, I added:

    ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1

  2. Added group tor to $USER.

  3. Then chowned: chown $USER:tor /var/run/tor/control.authcookie

  4. Restarted tor service: sudo systemctl restart tor

  5. nyx is now run without sudo, displaying real-time information.

    
nyx - PC_NAME (Linux 5.xx.x-x-default)      Tor 0.4.4.6 (recommended)
Relaying Disabled, Control Port (cookie): 9051
cpu: 1.9% tor, 0.4% nyx    mem: 46 MB (0.3%)   pid: 5430   uptime: 07:28

page 1 / 5 - m: menu, p: pause, h: page help, q: quit Bandwidth (limit: 1 GB/s, burst: 1 GB/s): Download (307.1 KB/sec - avg: 37.7 KB/sec): Upload (9.5 KB/sec - avg: 1.3 KB/sec): 1 MB 46 KB

969 KB 30 KB

485 KB 15 KB

12 KB 543 B 5s 10 15 20 25 30 35 5s 10 15 20 25 30 35

atagar commented 3 years ago

Great, glad it's working. :)

42piratas commented 1 year ago

May I ask something although it's closed?

I'm facing the same error. Could you pls clarify what to do on step 2 Added group tor to $USER?

In my installation, there's no group or user tor. Should I create one or even both of them?

dmknght commented 4 months ago

May I ask something although it's closed?

I'm facing the same error. Could you pls clarify what to do on step 2 Added group tor to $USER?

In my installation, there's no group or user tor. Should I create one or even both of them?

On debian-based system, the group is called debian-tor. IDK about the other distros like Arch.