mirror of
https://gitlab.com/chrony/chrony.git
synced 2025-12-03 17:55:07 -05:00
be7f5e8916
To minimize the impact of potential attacks targeting chronyc started under root (e.g. performed by a local chronyd process running without root privileges, a remote chronyd process, or a MITM attacker on the network), add support for changing the effective UID/GID in chronyc after start. The user can be specified by the -u option, similarly to chronyd. The default chronyc user can be changed by the --with-chronyc-user configure option. The default value of the default chronyc user is "root", i.e. chronyc doesn't try to change the identity by default. The default chronyc user does not follow the default chronyd user set by the configure --with-user option to avoid errors on systems where chronyc is not allowed to change its UID/GID (e.g. by a SELinux policy).