Re: [chrony-users] ntpdata as normal user

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-users] ntpdata as normal user
From: Kurt Roeckx <kurt@xxxxxxxxx>
Date: Mon, 30 Nov 2020 13:45:24 +0100

On Mon, Nov 30, 2020 at 01:23:10PM +0100, Miroslav Lichvar wrote:
> > I currently need to change the permission of both /run/chrony and
> > /run/chrony/chronyd.sock to be able to access it from a non-root,
> > non-_chrony user.
> 
> Would it work if /var/run/chrony had permissions 0775 and the user was
> in the chrony group?

It's not just the directory, but also the socket itself that needs
write permission for the group. I've previously tested that, and
that works, probably until chrony is restarted.

> Maybe chronyc could have an option to specify the location of its
> socket and let the user put it in a hidden directory where chronyd is
> allowed to write? Too risky?

I'm not sure if there is a safe way to create a socket in /tmp.


Kurt


-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Follow-Ups:
- Re: [chrony-users] ntpdata as normal user
  - From: Miroslav Lichvar

References:
- [chrony-users] ntpdata as normal user
  - From: Kurt Roeckx
- Re: [chrony-users] ntpdata as normal user
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] ntpdata as normal user
Next by Date: Re: [chrony-users] ntpdata as normal user
Previous by thread: Re: [chrony-users] ntpdata as normal user
Next by thread: Re: [chrony-users] ntpdata as normal user

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/