| Re: [chrony-dev] shm permissions |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
On Mon, Jan 25, 2010 at 09:48:57PM +0100, Håkan Johansson wrote:
> On Mon, 25 Jan 2010, Bill Unruh wrote:
> >I am not sure that this is a good idea, since this would allow anyone to send
> >rogue data to the shm driver. It would be better to leave it at 0600 for the
> >chrony user ( or for root if you are using root), and let root change it if
> >the sysadmin wants to allow anyone to write to the shm, or at most make it a
> >configuration option.
>
> It becomes a configuarion option in the sense that segments 0 and 1
> use permissions 0600 and only segments 2 and 3 use 0666, so the
> level of trust can then be selected that way.
I agree with Bill. This seems dangerous.
> >It is not clear to me what the scenario is where someone
> >other than root should be able to send data to this driver.
>
> My scenario is that I am user on some systems where I will not get
> root permissions, so I cannot modify/restart/etc the ntpd/chronyd
> process, which I do not need. But the sysadmins would entrust me to
> run e.g. gpsd to provide reference data. This is useful for the
> further testing of gpsd I am doing, and the need to modify/restart
> gpsd doing that.
If the sysadmins are willing to configure ntpd/chronyd to use SHM, I
think you can ask them to create the segment before starting the
service with any permissions you want, e.g. 600 with your user as the
owner.
--
Miroslav Lichvar
---
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.