[chrony-users] Usage of `chrony accheck ip-address`

[chrony-users] Usage of `chrony accheck ip-address`

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: "chrony-users@xxxxxxxxxxxxxxxxxxxx" <chrony-users@xxxxxxxxxxxxxxxxxxxx>
Subject: [chrony-users] Usage of `chrony accheck ip-address`
From: Jürgen Gmach <juergen.gmach@xxxxxxx>
Date: Thu, 30 Apr 2020 12:54:52 +0000
Accept-language: de-DE, en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apis.de; dmarc=pass action=none header.from=apis.de; dkim=pass header.d=apis.de; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v05m6Rqfh8gvAGtZqpRxJxqEkxJUL3nEYy00nscK8UU=; b=oUiGQgkDxf/xysCeBZvqE4QRZnNQutKX31fFXg++tuz+RgS7W2WC+n2WZd+8f3XsnMCPEFUBiQgklGE9inYIyiJRAfUkwmY7+yXh7DguAwPCC7dN6LEX2jqplnF9VOoY2FYzbJu3wDNTL2ZYA42p7/5qoXT+EMdMr6uL+cnlTp+pixopX3yxjBM17YvyaB29SxLXhhfIp2jDPJMZOy/tJetonPDWLcWVvKhSZhDC1cHhMulSrPgf1WWoTr7vjgigCkD/EHmop4DPyycJLuPWT5fmeM5HV/WhpL78i7aF8+blYEzdjFJMilOIYfmg5zKKgaY90ExHkzpzdy2Cfy4Msg==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jQak9le4+zmZSwbqSD2ZB1Tuxk7gzeKiLlUgYwNv5156V+1A/iqEHkQSe7KhnnVwDh3ceS431/P3NOLsg4ugk2VbW5xBDMqrP43qv+6PlmdshjzlJ48gb4UAzZj7M54bRn1dz+GmlgdMowfYdTdnGURgm81PaFlciT1p8qxmJ6xIPT7LajCAw+MC/ngLEgmr5h3WioO9Kao1rKJ3EHNmGx3U3a4hsoYgTEZ8Ftopz85UezZe4SlcA1XkO7MrwxsUZebViogm59ZFVv0CLBTMQC6u4RRLdVGQP0XIyv6eWEnwOEkSNhuAOVheAZrupXHQikxhenVovJrOLR+6uMCSFQ==
Authentication-results: chrony.tuxfamily.org; dkim=none (message not signed) header.d=none;chrony.tuxfamily.org; dmarc=none action=none header.from=apis.de;
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apisde.onmicrosoft.com; s=selector2-apisde-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v05m6Rqfh8gvAGtZqpRxJxqEkxJUL3nEYy00nscK8UU=; b=fj3E4QhPM0peImpu1xeecTzhFBvsmBi9Fl1HkkHaZPvkDI0BgnAm77NHLFXk2tdiSDPP1dt++JBqYxu73stgtcLzXF28bKBagejQ/iLK2zTRL+/A3qJJ8Gj++UV9C0zrAMVduvn8sdqVkepNw6Y0LwM3JlLzgnsZWQZ8aczoB5g=
Thread-index: AQHWHu5u0rXzO8mEUk+S8xUx0x1r1A==
Thread-topic: Usage of `chrony accheck ip-address`

Hi,

first, thanks for this amazing and easy configurable tool!

After I finished configuration, I tried to check whether the time service is reachable from another server.

I entered on the same machine where I installed chrony

$ chronyc accheck 192.168.1.31

and got a

501 Not authorised

I assumed, I made a configuration error, which basically was only an addition of following snippet to my config:

allow 192.168.1

allow 192.168.10

I could not find much information online.

Eventually I figured out that the "not authorised" does not mean my other server is not authorised to check the time, but my Linux user is not authorised to use the accheck sub command.

I wonder why.

The chrony.conf is readable by everybody (at least on Ubuntu after a simple apt install chrony). So, I see no reason to hide to which subnets the time server is available.

Also, ususally one gets a different error like "you have to be root" or similar.

What is the reasoning behind this decision?

Is it possible to amend the documentation?

Thank you very much,

Jürgen

Follow-Ups:
- Re: [chrony-users] Usage of `chrony accheck ip-address`
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] [chrony-dev] time.cloudflare.com nts not working for me
Next by Date: Re: [chrony-users] Usage of `chrony accheck ip-address`
Previous by thread: [chrony-users] chrony-4.0-pre2 released
Next by thread: Re: [chrony-users] Usage of `chrony accheck ip-address`

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/