| Re: [chrony-users] Regarding socket permissions |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] Regarding socket permissions
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Tue, 14 Mar 2023 08:14:40 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678778088; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=yQ6EWCQ4yXUQ7mvuwBkdsen+dW0hqxxWOOqmGAPTXpc=; b=dyyaNdAggo28kkG5TF3KWdgZSwfWydc2BDueuG0IBaF0/4UxY9Qp3v5AdTAqwb9G4Kl74K bNCEqqVlXKcHvtSjdKnF2T9euEZtO7DIwLAIKoEr8w3Yz8wYtdXajBjcfEz+n6eA5RLga0 G3o72+QHYFKvuyHUOmAxxbsU/kcMB5g=
On Mon, Mar 13, 2023 at 06:47:23PM +0100, Morten Nissov wrote:
> /* Allow server without root privileges to send replies to our socket */
> if (chmod(sa_un.sun_path, 0666) < 0) {
> DEBUG_LOG("Could not change socket permissions : %s", strerror(errno));
> return 0;
> }
> in client.c.
>
> Looking at the permissions for chrony.ttyACM0.sock this doesn't seem right,
> no? AFAIK 666 permissions should be *srwxr-rw-rw* and here it is *srwxr-xr-x
> *instead.
The code above sets permissions of /var/run/chrony/chronyc.$PID.sock,
so chronyd running under the chrony user can respond to chronyc
running as root. The refclock socket is not related to that.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.