Re: [chrony-users] Chrony as non-root user (again)

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx, Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Subject: Re: [chrony-users] Chrony as non-root user (again)
From: Kevin <kevincox@xxxxxxxxxxx>
Date: Tue, 15 Sep 2020 16:40:18 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kevincox.ca; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=8uLpVdEg3CfU1kIctCPWGct40zVVii1A7+VgvlfQPBo=; b=Pz12r9tJyDiX/nQ3zwnpSJs7u23SeM8+PUaBTtQ3ht8PhNZAanJyrSCo5UW/FkrIjs qAT4naS0Lf6+63SmZ/1THSSMdaCqvuu14cqPL/JVMS9k7RuHbdIT5K8muaQgf3jdLDs4 8tuDCjmuuDWfvUTzn6XFCYx9tJiCGzTumaAacL/gUDYv53O2W9SJzi2fqAffgV6MCTvK dmIKEkmSkCOPSdEgN3jsw3L1oxNNSB24XXnzUjlY3vJV5whOG00fGJJmW+cfXXTZci36 wrvMEOUlH3p6PqKCibowvF54F88IAmV4nCegslCXBoalzVG6YcZCFC3QsQkSPY8ww0Gc anpw==


On 9/15/20 6:10 AM, Miroslav Lichvar wrote:

Of course it isn't easy to detect the case where more than what is required
has been opened up. However possibly with suitable documentation this is not
a major issue?

Do you think the following description of the option would be
sufficient?

*-U*::
This option disables a check for root privileges to allow *chronyd* to
be started under a non-root user, assuming the process will have all
capabilities (e.g. provided by the service manager) and access to all
files, directories, and devices, needed to operate correctly in the
specified configuration. Note that different capabilities might be
needed with different configurations and different Linux kernel
versions. Starting *chronyd* under a non-root user is not recommended
when the configuration is not known, or at least limited to specific
directives.


That sounds good to me!


--

To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxxwith "unsubscribe" in the subject.For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxxwith "help" in the subject.

Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- [chrony-users] Chrony as non-root user (again)
  - From: Kevin
- Re: [chrony-users] Chrony as non-root user (again)
  - From: Miroslav Lichvar
- Re: [chrony-users] Chrony as non-root user (again)
  - From: Kevin
- Re: [chrony-users] Chrony as non-root user (again)
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] Synchronizing clock with GPS with PPS
Next by Date: Re: [chrony-users] Synchronizing clock with GPS with PPS
Previous by thread: Re: [chrony-users] Chrony as non-root user (again)
Next by thread: [chrony-users] Synchronizing clock with GPS with PPS

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/