On Tue, Jul 29, 2025 at 04:02:15PM +0300, Remush wrote: > I attempted to create a Docker Image with the Chronyd installed, yet the > container is rootless, meaning my uid is not root, however my gid is 0 > (root). > > Now it seems that running the container I receive many permission denied on > /run/chrony and more, > > My question is, Is there any way to make the service run not with root?
Yes, chronyd can be started without root in some configurations where it doesn't need to access any RTC, PPS, PHC devices, but it may need some capabilities like CAP_SYS_TIME and CAP_NET_BIND_SERVICE (if it should run as a server). The check for root can be disabled by the -U option. The /run/chrony directory needs to exist before starting chronyd (only root can normally write in /run). There is an example systemd service that starts chronyd without root: https://gitlab.com/chrony/chrony/-/blob/master/examples/chronyd-restricted.service -- Miroslav Lichvar -- To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
