git.ipfire.org Git - thirdparty/chrony.git/commit

author	Miroslav Lichvar <mlichvar@redhat.com>
	Mon, 4 Aug 2025 14:34:52 +0000 (16:34 +0200)
committer	Miroslav Lichvar <mlichvar@redhat.com>
	Thu, 7 Aug 2025 08:18:31 +0000 (10:18 +0200)
commit	be7f5e8916aea78776c08a23d39cfe042acbec8d
tree	a42e2846f020d430fc21c1e77a0fe6310841299f	tree
parent	5e2cd47ad1b10d55801c80179dd64c1902b5e3e6	commit \| diff

client: add support for dropping root privileges

To minimize the impact of potential attacks targeting chronyc started
under root (e.g. performed by a local chronyd process running without
root privileges, a remote chronyd process, or a MITM attacker on the
network), add support for changing the effective UID/GID in chronyc
after start.

The user can be specified by the -u option, similarly to chronyd. The
default chronyc user can be changed by the --with-chronyc-user
configure option. The default value of the default chronyc user is
"root", i.e. chronyc doesn't try to change the identity by default.

The default chronyc user does not follow the default chronyd user
set by the configure --with-user option to avoid errors on systems where
chronyc is not allowed to change its UID/GID (e.g. by a SELinux policy).

client.c		diff \| blob \| blame \| history
configure		diff \| blob \| blame \| history
doc/Makefile.in		diff \| blob \| blame \| history
doc/chronyc.adoc		diff \| blob \| blame \| history
test/system/test.common		diff \| blob \| blame \| history