chronyd as non-root user WAS (Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied)

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


On 2020-05-14 07:19, Miroslav Lichvar wrote:
On Wed, May 13, 2020 at 08:34:27PM +0000, Easwar Hariharan wrote:
Apologies, I let my excitement get away from me and inadvertently replied
from my Outlook mailbox. I should have also taken a closer look at the
thread and the code. I'll take a deeper look at FEAT_PRIVDROP and associated
code to see what's already been implemented in this space. Sorry about the
tangent.
I'm not sure what exactly would you like to support, but starting
chronyd under a non-root user was discussed few times on this list and
the users list, so you might also want to search the archives.

That is exactly it. We would like to run chronyd as a non-root user, using only CAP_SYS_TIME and any other capabilities that are needed short of CAP_SYS_ADMIN. Thank you for the pointers, I'll take some time to look through the list archives and see what's been discussed/implemented so far.


Thanks,

Easwar


--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/