doc: update description of -u option and user directive

2025-12-06 12:35:06 -05:00 · 2015-12-10 15:22:55 +01:00
parent 0a10df1cf5
commit c5265f6070
3 changed files with 25 additions and 28 deletions
--- a/doc/faq.adoc
+++ b/doc/faq.adoc
@@ -128,11 +128,13 @@ under the root or chrony user (which can access +chronyd+ through a Unix domain
 socket since version 2.2), you can disable the internet command sockets
 completely by adding +cmdport 0+ to the configuration file.

-On Linux, if +chronyd+ is compiled with support for Linux capabilities
-(available in the libcap library), or on NetBSD with the +/dev/clockctl+
-device, you can specify an unprivileged user with the +-u+ option or +user+
-directive in the 'chrony.conf' file to drop root privileges after start.  The
-configure option +--with-user+ can be used to drop the privileges by default.
+You can specify an unprivileged user with the +-u+ option, or the +user+
+directive in the 'chrony.conf' file, to which +chronyd+ will switch after start
+in order to drop root privileges.  The configure script has a +--with-user+
+option, which sets the default user.  On Linux, +chronyd+ needs to be compiled
+with support for the +libcap+ library.  On other systems, +chronyd+ forks into
+two processes.  The child process retains root privileges, but can only perform
+a very limited range of privileged system calls on behalf of the parent.

 Also, if +chronyd+ is compiled with support for the Linux secure computing
 (seccomp) facility, you can enable a system call filter with the +-F+ option.