faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

doc: warn about permissions in keyfile description

Browse source
This commit is contained in:
Miroslav Lichvar 2018-09-12 10:43:01 +02:00
parent bcedacaa3d
commit 692cea49f8
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/chrony.conf.adoc
View file

@ -2049,6 +2049,10 @@ that has password shorter than 80 bits.
The <<chronyc.adoc#keygen,*keygen*>> command of *chronyc* can be used to The <<chronyc.adoc#keygen,*keygen*>> command of *chronyc* can be used to
generate random keys for the key file. By default, it generates 160-bit MD5 or generate random keys for the key file. By default, it generates 160-bit MD5 or
SHA1 keys. SHA1 keys.
+
For security reasons, the file should be readable only by root and the user
under which *chronyd* is normally running (to allow *chronyd* to re-read the
file when the <<chronyc.adoc#rekey,*rekey*>> command is issued by *chronyc*).
[[lock_all]]*lock_all*:: [[lock_all]]*lock_all*::
The *lock_all* directive will lock chronyd into RAM so that it will never be The *lock_all* directive will lock chronyd into RAM so that it will never be