From 7d7bf915ac9d66eb9ed801090c7738d3ca640a2a Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 12 Apr 2016 12:27:31 +0200 Subject: [PATCH] doc: improve answer in FAQ for error 501 Not authorised --- doc/faq.adoc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/faq.adoc b/doc/faq.adoc index 9a4b721..d8d775a 100644 --- a/doc/faq.adoc +++ b/doc/faq.adoc @@ -271,8 +271,14 @@ Perhaps you have a firewall set up in a way that blocks packets on port === I keep getting the error +501 Not authorised+ Since version 2.2, the +password+ command doesn't do anything and +chronyc+ -needs to run under the root or chrony user, which are allowed to access the -Unix domain command socket. +needs to run locally under the root or _chrony_ user, which are allowed to +access the +chronyd+'s Unix domain command socket. + +With older versions, you need to authenticate with the +password+ command or +use the +-a+ option to authenticate automatically. The configuration file +needs to specify a file which contains keys (+keyfile+ directive) and which key +in the key file should be used for +chronyc+ authentication (+commandkey+ +directive). === Is the +chronyc+ / +chronyd+ protocol documented anywhere?