On Mon, Mar 18, 2024 at 09:15:57AM +0100, Miroslav Lichvar wrote: > Normally you wouldn't want non-root users to be able to send chronyd > bogus refclock data in order to modify the system clock.
If an attacker can assume the identity of this account, I have *much* bigger problems than that. > If you really want to change the permissions or ownership of the > socket, you can do it in the chronyd systemd service file like this > ExecStartPost=/usr/bin/chown user:root /var/run/chrony.refclock.sock Thanks. I'll probably use a dedicated group instead, but the idea is perfect. -- Ian -- To unsubscribe email [email protected] with "unsubscribe" in the subject. For help email [email protected] with "help" in the subject. Trouble? Email [email protected].
