On Mon, Nov 30, 2020 at 01:23:10PM +0100, Miroslav Lichvar wrote: > > I currently need to change the permission of both /run/chrony and > > /run/chrony/chronyd.sock to be able to access it from a non-root, > > non-_chrony user. > > Would it work if /var/run/chrony had permissions 0775 and the user was > in the chrony group?
It's not just the directory, but also the socket itself that needs write permission for the group. I've previously tested that, and that works, probably until chrony is restarted. > Maybe chronyc could have an option to specify the location of its > socket and let the user put it in a hidden directory where chronyd is > allowed to write? Too risky? I'm not sure if there is a safe way to create a socket in /tmp. Kurt -- To unsubscribe email [email protected] with "unsubscribe" in the subject. For help email [email protected] with "help" in the subject. Trouble? Email [email protected].
