[chrony-users] Run chronyd as unprivileged user

[chrony-users] Run chronyd as unprivileged user

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: "chrony-users@xxxxxxxxxxxxxxxxxxxx" <chrony-users@xxxxxxxxxxxxxxxxxxxx>, Thomas Graziadei <thomas.graziadei@xxxxxxxxxxxxxxxxx>
Subject: [chrony-users] Run chronyd as unprivileged user
From: Daniel Bechter <daniel.bechter@xxxxxxxxxxxxxxxxx>
Date: Thu, 13 Sep 2018 08:28:42 +0000
Accept-language: en-GB, en-US
Dkim-filter: OpenDKIM Filter v2.11.0 ns.omicron.at w8D8Sld0026950
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=omicronenergy.com; s=default; t=1536827328; bh=C1SaAb0pJF67mfGqLIMiHfxYNHqRRWFbmTYffswrSsg=; h=From:To:Subject:Date:From; b=h9sFUE007855EFsTPkARa6wJmgt6rH7vlY1bFHINCZe9ohG3l30ELBLEeKJmqBc6h rRiJINQFH0h8xSTfviJ6Um7XDp59YuaEEXNU+nKqz6A6Eu1QxzJwa6qAOlG9xlV4+4 HwXxOym3FONwcnu7NF+DnDOuriij13rI/021qm0k=
Thread-index: AdRLOW+r51lMfOdgTfmszv+RfFfspA==
Thread-topic: Run chronyd as unprivileged user

Hey guys

My original plan was to run chronyd as an unprivileged user, manually assigning the required capabilities (CAP_SYS_TIME as I only run it as client) via setcap command. Chronyd however complained about not being executed as superuser. Is there any way to run chronyd as unprivileged user from the beginning or are there any ambitions to change the behaviour?

Next thing I tried was to run chronyd with the SUID bit set:

chown root:time /usr/sbin/chronyd

chmod 4770 /usr/sbin/chronyd

Chronyd still complained about not being executed as superuser though. So I looked into the code and made a change to check for the effective UID rather than the real one, see attached patch (on top of 3.3). Everything was fine afterwards. Any chance to get that mainline?

Any thoughts about that are highly appreciated.

Greets,

Daniel

Attachment: 0001-Chrony-now-checks-for-effective-UID.patch
Description: 0001-Chrony-now-checks-for-effective-UID.patch

Follow-Ups:
- Re: [chrony-users] Run chronyd as unprivileged user
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] How to set time manually without adjusting clock drift?
Next by Date: Re: [chrony-users] Run chronyd as unprivileged user
Previous by thread: Re: [chrony-users] How to set time manually without adjusting clock drift?
Next by thread: Re: [chrony-users] Run chronyd as unprivileged user

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/