[chrony-users] Chronyd NTS under Ubuntu 24 - group permissions

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ] 

1) NTS keys are generated by letsencrypt/certbot and in Ubuntu are accessible to group ssl-certs.
I can add Chrony user _chrony to group ssl-certs, and verify that user can access the certificates. 
Also, I added AppArmor exception to allow Chorny to access the keys. 
Still Chrony won't be able to access the keys as Chrony seems to be stripping group permission from itself.

What is the valid path to making NTS work without actually copying/chown-ing keys on schedule? I would prefer to keep private keys in single place. 

2) Will chrony see that keys are updated, or he will need to have keys reloaded in a script?



--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/