Tor config changes needed for control socket access by external apps like nyx

While the current config works, it has some problems especially when you want to use external programs to interact with the tor service using it’s control port/socket.

I use the below to correct this:


### Use only one of the below configs:
# 1
# Required because the service is run as root, but tor as a user who needs tobe able to create the unix-socket.

# 2
# This requires you to use a blank `User` line in your tor config.

### Note for nyx usage
# If your sudoers config has: `%wheel ALL=(ALL:ALL) ALL`
# You can use `sudo -g tor nyx` on Manjaro.
# Else you need `sudo -u tor nyx`
  1. This will create the /var/run/tor directory with proper ACL’s for the tor service.
  2. Allow the creation of the cookie and socket files with proper ACL’s.
# Remove User setting because we run the service as user `tor` already !

# Control port/socket
#ControlPort 9051
#ControlSocket /var/run/tor/control WorldWritable RelaxDirModeCheck
ControlSocket /var/run/tor/control GroupWritable RelaxDirModeCheck
CookieAuthentication 1
CookieAuthFile /var/run/tor/control_auth_cookie
CookieAuthFileGroupReadable 1

# Other settings

The above requires a change in the /etc/tor/torrc file when you don’t use the override in an included config like i do with /etc/torrc.d/admin.conf
Comment out the line that says User tor at top, because Tor will barf otherwise.
(Tor is already started as user tor by systemd in this case, so Tor can’t change it’s UID/GUID again :wink:)

To make adjustments by the admin easier:

You should un-comment the last line in /etc/tor/torrc that says %include /etc/torrc.d/*.conf
This directory can be thought of like a “drop-in” directory used by systemd units, and i used it as shown above.

Other changes to make Manjaro better:

  • The sudoers drop-in file /etc/sudoers.d/10-installer should have the below to allow to run programs under a different group with sudo -g xxx which isn’t allowed at moment.
    • %wheel ALL=(ALL:ALL) ALL
    • The current content is missing the :ALL part…

Nyx usage:

After all the above is in place; we can use nyx to interact with tor via it’s control socket without any problems :+1:

sudo -g tor nyx

PS: I would have tagged this post in Packaging - Manjaro Linux Forum but seems it is unavailable for us to tag or post in.

tor is not packaged by Manjaro but Arch.

I know, but manjaro could easily re-package it with additional patches for manjaro, using the manjaro repos :wink:

You could clone the tor PKGBUILD from Arch.

Modify it an place it in AUR - do not call it tor - but somthing like tor-for-nyx or nyxified-tor.

Then you maintain the package - if it get votes - great - if not then you know there is no audience for it but yourself.

Or you could create a pacman hook which modifies the tor package when it gets installed.

So in short Manjaro refuses to make a Manjaro version of tor.
If people want changes in the package manjaro uses they should contact the arch package maintainers…

Aint so hard to openly say you guys REFUSE to fix small bugs in packages.

For reference:

Eg. No way to contact the maintainers except email…

As you posted in #site-feedback:feature-request

Now you claim it is small bugs which Manjaro refuses to fix in an Arch Linux package.

That is quite a stretch as Manjaro only fix bugs in packages maintained by Manjaro.


What did you expect? A mobile phone number?

If it is so easy as you say - you could easily make a patched PKGBUILD and upload to AUR - already suggested.

Yes, because you advise to make an own package with the changes.

I would if i were able to, but i never made any package yet, i never fiddled with any PKGBUILD let alone create one from fresh.

The “small” part refers to a simple text file that needs updating not any code in the tor app…
I literally posted the needed change, but im unable to create a PKGBUILD that uses a patch to fix stuff after the original files…
I’ll try to make a pull request on that repo if that is possible at all in due time…

An issues section on a repo like all other software…

You can make a feature request on

Done FS#76546 : [tor] Tor config changes needed for control socket access by external apps like nyx (was76545)

That bug report will likely get closed without any discussion as it mentions Manjaro.

It only refers to this topic, it doesn’t mention anything that is Manjaro specific…

As a side note, it even fixes FS#70295 : [tor] service reload returns permission issue :rofl:

It indicates you are using Manjaro, why else would you be referencing a Manjaro forum post by yourself. :wink:

Another reason for Manjaro to maintain their own tor package is FS#50877 : [tor] add multi-instance service unit file especcially the last comment that mentions Remove (!87) · Merge requests · The Tor Project / Core / Tor · GitLab

All bug reports indicate they are using one distro or another, but not all bug reports are specific to that distro. :wink:

Yes, But Arch has a hard stance on “providing support” for distros based on Arch.

Again the fix is NOT specific to any distro, it is a general fix that applies to any distro using systemd eg all current ones imho.

To be clear, this change(s) are systemd service-unit related, not tor related, in sense of source code of the tor app.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.