Re: [chrony-users] ntpdata as normal user

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-users] ntpdata as normal user
From: Bill Unruh <unruh@xxxxxxxxxxxxxx>
Date: Mon, 30 Nov 2020 09:24:47 -0800 (PST)

I currently need to change the permission of both /run/chrony and
/run/chrony/chronyd.sock to be able to access it from a non-root,
non-_chrony user.


Would it work if /var/run/chrony had permissions 0775 and the user was
in the chrony group?

Maybe chronyc could have an option to specify the location of its
socket and let the user put it in a hidden directory where chronyd is
allowed to write? Too risky?


That does sound too risky to me. This is security through obscurity, and
rarely lasts past its first test by some hacker.

--

To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxxwith "unsubscribe" in the subject.For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxxwith "help" in the subject.

Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- [chrony-users] ntpdata as normal user
  - From: Kurt Roeckx
- Re: [chrony-users] ntpdata as normal user
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] Refclock Integration Advice
Next by Date: Re: [chrony-users] Refclock Integration Advice
Previous by thread: Re: [chrony-users] ntpdata as normal user
Next by thread: [chrony-users] NTS dropped packets

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/