Re: [chrony-users] Regarding socket permissions

[Morten Nissov <morten.c.nissov@xxxxxxxxx>]

Adding an option to set world-writable permissions on the socket
doesn't sound like a good idea to me. How does your application get
access to the serial port?

Applications like gpsd and ntp-refclock normally start with root
privileges, open all devices and sockets they will need, and then
switch to an unprivileged user.

My application opens the socket like GPSD but I don't really have the possibility to start it with root privileges. For this reason something like the "perm" argument for SHM refclocks would be very useful with the socket connection.

Morten

On Tue, Mar 14, 2023 at 8:43 AM Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote:

On Tue, Mar 14, 2023 at 09:23:05AM +0100, Morten Nissov wrote:
> I suppose that's it then, the permissions aren't changed therefore access
> will be restricted since it's owned by root. Do you think there's any
> workaround? Or any interest from others to set the sock with the same 666
> permissions, i.e. such that I could PR this?

Adding an option to set world-writable permissions on the socket
doesn't sound like a good idea to me. How does your application get
access to the serial port?

Applications like gpsd and ntp-refclock normally start with root
privileges, open all devices and sockets they will need, and then
switch to an unprivileged user.

--
Miroslav Lichvar


--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.