Re: [chrony-users] Regarding socket permissions |
[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]
The code above sets permissions of /var/run/chrony/chronyc.$PID.sock,
so chronyd running under the chrony user can respond to chronyc
running as root. The refclock socket is not related to that.
On Mon, Mar 13, 2023 at 06:47:23PM +0100, Morten Nissov wrote:
> /* Allow server without root privileges to send replies to our socket */
> if (chmod(sa_un.sun_path, 0666) < 0) {
> DEBUG_LOG("Could not change socket permissions : %s", strerror(errno));
> return 0;
> }
> in client.c.
>
> Looking at the permissions for chrony.ttyACM0.sock this doesn't seem right,
> no? AFAIK 666 permissions should be *srwxr-rw-rw* and here it is *srwxr-xr-x
> *instead.
The code above sets permissions of /var/run/chrony/chronyc.$PID.sock,
so chronyd running under the chrony user can respond to chronyc
running as root. The refclock socket is not related to that.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.
Mail converted by MHonArc 2.6.19+ | http://listengine.tuxfamily.org/ |