[chrony-users] Usage of `chrony accheck ip-address` |
[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]
Hi,
first, thanks for this amazing and easy configurable tool!
After I finished configuration, I tried to check whether the time service is reachable from another server.
I entered on the same machine where I installed chrony
$ chronyc accheck 192.168.1.31
and got a
501 Not authorised
I assumed, I made a configuration error, which basically was only an addition of following snippet to my config:
allow 192.168.1
allow 192.168.10
I could not find much information online.
Eventually I figured out that the "not authorised" does not mean my other server is not authorised to check the time, but my Linux user is not authorised to use the accheck sub command.
I wonder why.
The chrony.conf is readable by everybody (at least on Ubuntu after a simple apt install chrony). So, I see no reason to hide to which subnets the time server is available.
Also, ususally one gets a different error like "you have to be root" or similar.
What is the reasoning behind this decision?
Is it possible to amend the documentation?
Thank you very much,
Jürgen |
Mail converted by MHonArc 2.6.19+ | http://listengine.tuxfamily.org/ |