| Re: [chrony-dev] cmdmon authentication is gone |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
On Sat, Aug 22, 2015 at 01:53:37AM +1200, Bryan Christianson wrote:
> > If you would like to test it, please make sure that:
> >
> > - when /var/run/chrony doesn't exist, it's created with root or chrony
> > (when dropping privileges) owner and it's not accessible by others
> > - when /var/run/chrony does exists and doesn't have correct
> > permissions or owner, chronyd will refuse to create the Unix socket
> > - chronyd doesn't allow any remote configuration commands
> > - attempts to authenticate with an older chronyc result in a failure
> > - chronyc selects the Unix/IPv4/IPv6 socket correctly depending on
> > what permissions it has and chronyd created (e.g. with -4/-6 option)
>
> It looks good on MacOS - user permissions choose local host and root permissions choose unix socket. I also saw expected failure with older client.
Great, thanks for the testing.
Out of curiosity, do you know if Mac OS X is one of the systems that
ignores permissions on Unix sockets like Solaris? Can chronyc still
connect when you do "chmod 000 /var/run/chrony/chronyd.sock"?
--
Miroslav Lichvar
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.