Opened 2 years ago

Closed 2 years ago

#24508 closed defect (fixed)

Nyx does not have access to its cache folder unless it is run as root

Reported by: Dbryrtfbcbhgf Owned by: atagar
Priority: Medium Milestone:
Component: Core Tor/Nyx Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Nyx does not have access to its cache folder unless it is run as root, When I use "sudo -u debian-tor nyx" I get a error  Unable to create a data directory at /root/.nyx ([Errno 13] Permission denied: '/root/.nyx'). By default the data directory should be a directory that is writable by debian-tor user.

Child Tickets

Change History (5)

comment:1 Changed 2 years ago by arma

Why are you trying to run nyx as the debian-tor user? That's usually a bad idea.

See item 13 at the bottom of https://www.torproject.org/docs/tor-relay-debian

comment:2 in reply to:  1 Changed 2 years ago by Dbryrtfbcbhgf

Replying to arma:

Why are you trying to run nyx as the debian-tor user? That's usually a bad idea.

See item 13 at the bottom of https://www.torproject.org/docs/tor-relay-debian

Thank you arma for the helpful information.
Even as a non root and a non debian-tor user, nyx still does not have access to its cache folder.

comment:3 Changed 2 years ago by teor

Dbryrtfbcbhgf, you need to run nyx as a user that has permission to write to its own home directory, and permission to read tor's authcookie file.

Using sudo is generally a bad idea, because it doesn't always reset $HOME. sudo -H may help.

comment:4 Changed 2 years ago by atagar

Thanks Dbryrtfbcbhgf, great catch. You can sidestep this by having 'data_directory disabled' or 'data_directory /tmp/cache' in your nyxrc...

https://nyx.torproject.org/#configuration

I'll change Nyx so it disables this by default when it lacks a writable home directory.

comment:5 Changed 2 years ago by atagar

Resolution: fixed
Status: newclosed

Oh. Actually, Nyx already does the right thing. If it can't make a cache directory it simply disables it. Reducing the logged message to INFO level so it's not visible by default...

https://gitweb.torproject.org/nyx.git/commit/?id=1e0f9a1

Note: See TracTickets for help on using tickets.