chronyd as non-root user WAS (Re: [chrony-dev] [Regression 3.5 -> 4.0-pr

chronyd as non-root user WAS (Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied)

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]

To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
Subject: chronyd as non-root user WAS (Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied)
From: Easwar Hariharan <eahariha@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 14 May 2020 20:11:55 +0000
Dkim-filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2447420B717B
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1589487131; bh=vuBX8qjTwyL57yCwAw6fgt2cSDJED4zwy/gfXXpQmlE=; h=Subject:To:References:From:Date:In-Reply-To:From; b=PTZLf9kMyZ1KeHCkIm691KVHPjeHdyiggftqWp1bsgkQU6Bq9Ua8hD11aeoBjmPaY bfhxU7MfThLVqUadRmFU9OXEy1JZ/M09O8fc6Y07Q/zgrKJg7hYIg9GJccvFsf7qUu 9ACbexn7N2hoS7VLCEyHwea+9CiFsVWNjBPPS5yE=

On 2020-05-14 07:19, Miroslav Lichvar wrote:

On Wed, May 13, 2020 at 08:34:27PM +0000, Easwar Hariharan wrote:

Apologies, I let my excitement get away from me and inadvertently replied
from my Outlook mailbox. I should have also taken a closer look at the
thread and the code. I'll take a deeper look at FEAT_PRIVDROP and associated
code to see what's already been implemented in this space. Sorry about the
tangent.

I'm not sure what exactly would you like to support, but starting
chronyd under a non-root user was discussed few times on this list and
the users list, so you might also want to search the archives.

That is exactly it. We would like to run chronyd as a non-root user,using only CAP_SYS_TIME and any other capabilities that are needed shortof CAP_SYS_ADMIN. Thank you for the pointers, I'll take some time tolook through the list archives and see what's been discussed/implementedso far.



Thanks,

Easwar


--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
  - From: Vincent Blut
- Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
  - From: Miroslav Lichvar
- Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
  - From: Vincent Blut
- Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
  - From: Miroslav Lichvar
- Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
  - From: Vincent Blut
- RE: [EXTERNAL] Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
  - From: Easwar Hariharan
- Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
  - From: Easwar Hariharan
- Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-dev] [PATCH] sys_linux: allow clock_gettime64 in seccomp filter
Next by Date: [chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-pre2-23-g7a72959
Previous by thread: Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
Next by thread: [chrony-dev] [PATCH] sys_linux: allow clock_gettime64 in seccomp filter

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/