Re: [chrony-users] Regarding socket permissions

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]


On Mon, Mar 13, 2023 at 06:47:23PM +0100, Morten Nissov wrote:
> /* Allow server without root privileges to send replies to our socket */
> if (chmod(sa_un.sun_path, 0666) < 0) {
> DEBUG_LOG("Could not change socket permissions : %s", strerror(errno));
> return 0;
> }
> in client.c.
> 
> Looking at the permissions for chrony.ttyACM0.sock this doesn't seem right,
> no? AFAIK 666 permissions should be *srwxr-rw-rw* and here it is *srwxr-xr-x
> *instead.

The code above sets permissions of /var/run/chrony/chronyc.$PID.sock,
so chronyd running under the chrony user can respond to chronyc
running as root. The refclock socket is not related to that.

-- 
Miroslav Lichvar


-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/