doc: update description of -u option and user directive
This commit is contained in:
Miroslav Lichvar
parent
0a10df1cf5
commit
c5265f6070
3 changed files with 25 additions and 28 deletions
|
|
@ -976,15 +976,13 @@ no RTC or the RTC is broken (e.g. it has no battery).
|
|||
@item -u <user>
|
||||
This option sets the name of the system user to which @code{chronyd} will
|
||||
switch after start in order to drop root privileges. It overrides the
|
||||
@code{user} directive (default @code{@DEFAULT_USER@}). It may be set to a
|
||||
non-root user only when @code{chronyd} is compiled with support for Linux
|
||||
capabilities (libcap), on NetBSD with the @code{/dev/clockctl} device or on
|
||||
Mac OS X.
|
||||
@code{user} directive (default @code{@DEFAULT_USER@}).
|
||||
|
||||
In the Mac OS X implementation @code{chronyd} forks into two processes. The
|
||||
child process retains root privileges but can only perform a very limited range
|
||||
of privileged system calls on behalf of the parent. The parent process drops
|
||||
root privileges to run as the specified system user.
|
||||
On Linux, @code{chronyd} needs to be compiled with support for the
|
||||
@code{libcap} library. On Mac OS X, FreeBSD, NetBSD and Solaris @code{chronyd}
|
||||
forks into two processes. The child process retains root privileges, but can
|
||||
only perform a very limited range of privileged system calls on behalf of the
|
||||
parent.
|
||||
@item -F <level>
|
||||
This option configures a system call filter when @code{chronyd} is compiled with
|
||||
support for the Linux secure computing (seccomp) facility. In level 1 the
|
||||
|
|
@ -3181,16 +3179,15 @@ Valid measurements with corresponding compensations are logged to the
|
|||
@subsection user
|
||||
The @code{user} directive sets the name of the system user to which
|
||||
@code{chronyd} will switch after start in order to drop root privileges.
|
||||
It may be set to a non-root user only when @code{chronyd} is compiled with
|
||||
support for Linux capabilities (libcap), on NetBSD with the
|
||||
@code{/dev/clockctl} device or on Mac OS X.
|
||||
|
||||
In the Mac OS X implementation @code{chronyd} forks into two processes. The
|
||||
child process retains root privileges but can only perform a very limited range
|
||||
of privileged system calls on behalf of the parent. The parent process drops
|
||||
root privileges to run as the specified system user.
|
||||
On Linux, @code{chronyd} needs to be compiled with support for the
|
||||
@code{libcap} library. On Mac OS X, FreeBSD, NetBSD and Solaris @code{chronyd}
|
||||
forks into two processes. The child process retains root privileges, but can
|
||||
only perform a very limited range of privileged system calls on behalf of the
|
||||
parent.
|
||||
|
||||
The default value is @code{@DEFAULT_USER@}.
|
||||
The default value is @code{@DEFAULT_USER@}. The configure script has a
|
||||
@code{--with-user} option, which sets the default value.
|
||||
@c }}}
|
||||
@c }}}
|
||||
@c {{{ S:Running chronyc
|
||||
|
|
|
|||
12
chronyd.8.in
12
chronyd.8.in
|
|
@ -101,14 +101,12 @@ RTC or the RTC is broken (e.g. it has no battery).
|
|||
\fB\-u\fR \fIuser\fR
|
||||
This option sets the name of the system user to which \fBchronyd\fR will switch
|
||||
after start in order to drop root privileges. It overrides the \fBuser\fR
|
||||
directive (default \fB@DEFAULT_USER@\fR). It may be set to a non-root user
|
||||
only when \fBchronyd\fR is compiled with support for Linux capabilities
|
||||
(libcap), on NetBSD with the \fB/dev/clockctl\fR device or on Mac OS X.
|
||||
directive from the configuration file (default \fB@DEFAULT_USER@\fR).
|
||||
|
||||
In the Mac OS X implementation \fBchronyd\fR forks into two processes. The
|
||||
child process retains root privileges but can only perform a very limited range
|
||||
of privileged system calls on behalf of the parent. The parent process drops
|
||||
root privileges to run as the specified system user.
|
||||
On Linux, \fBchronyd\fR needs to be compiled with support for the \fBlibcap\fR
|
||||
library. On Mac OS X, FreeBSD, NetBSD and Solaris \fBchronyd\fR forks into two
|
||||
processes. The child process retains root privileges, but can only perform a
|
||||
very limited range of privileged system calls on behalf of the parent.
|
||||
.TP
|
||||
\fB\-F\fR \fIlevel\fR
|
||||
This option configures a system call filter when \fBchronyd\fR is compiled with
|
||||
|
|
|
|||
12
doc/faq.adoc
12
doc/faq.adoc
|
|
@ -128,11 +128,13 @@ under the root or chrony user (which can access +chronyd+ through a Unix domain
|
|||
socket since version 2.2), you can disable the internet command sockets
|
||||
completely by adding +cmdport 0+ to the configuration file.
|
||||
|
||||
On Linux, if +chronyd+ is compiled with support for Linux capabilities
|
||||
(available in the libcap library), or on NetBSD with the +/dev/clockctl+
|
||||
device, you can specify an unprivileged user with the +-u+ option or +user+
|
||||
directive in the 'chrony.conf' file to drop root privileges after start. The
|
||||
configure option +--with-user+ can be used to drop the privileges by default.
|
||||
You can specify an unprivileged user with the +-u+ option, or the +user+
|
||||
directive in the 'chrony.conf' file, to which +chronyd+ will switch after start
|
||||
in order to drop root privileges. The configure script has a +--with-user+
|
||||
option, which sets the default user. On Linux, +chronyd+ needs to be compiled
|
||||
with support for the +libcap+ library. On other systems, +chronyd+ forks into
|
||||
two processes. The child process retains root privileges, but can only perform
|
||||
a very limited range of privileged system calls on behalf of the parent.
|
||||
|
||||
Also, if +chronyd+ is compiled with support for the Linux secure computing
|
||||
(seccomp) facility, you can enable a system call filter with the +-F+ option.
|
||||
|
|
|
|||
Loading…
Reference in a new issue