Default chrony service run as root and that is not best practice as it's doing network communication.
Signed-off-by: Bruno Thomsen <[email protected]> --- No changes since version 1. rules/chrony.in | 7 +++++++ rules/chrony.make | 1 + 2 files changed, 8 insertions(+) diff --git a/rules/chrony.in b/rules/chrony.in index 16b730199..6e79270e5 100644 --- a/rules/chrony.in +++ b/rules/chrony.in @@ -29,6 +29,13 @@ config CHRONY_USE_NETTLE Use nettle crypto library for stronger keys than MD5 in NTP authentication. +config CHRONY_RUN_AS_NON_ROOT + bool + prompt "Run chronyd as non root user" + help + Default chronyd is started as root, select this + to run service with chrony user. + comment "install options ---" config CHRONY_INSTALL_CHRONY_COMMAND diff --git a/rules/chrony.make b/rules/chrony.make index a11ee5c5e..b28eeb196 100644 --- a/rules/chrony.make +++ b/rules/chrony.make @@ -49,6 +49,7 @@ CHRONY_CONF_OPT := \ --disable-phc \ --disable-pps \ $(call ptx/ifdef, PTXCONF_GLOBAL_IPV6,,--disable-ipv6) \ + $(call ptx/ifdef, PTXCONF_CHRONY_RUN_AS_USER,--with-user=chrony,) \ --without-seccomp # ---------------------------------------------------------------------------- -- 2.26.2 _______________________________________________ ptxdist mailing list [email protected] To unsubscribe, send a mail with subject "unsubscribe" to [email protected]
