/run/chrony missing - no privileged commands possible
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chrony (Debian) |
Fix Released
|
Unknown
|
|||
chrony (Ubuntu) |
Fix Released
|
High
|
Christian Ehrhardt |
Bug Description
From logs:
chronyd[3443]: Could not change ownership of /run/chrony : Operation not permitted
chronyd[3443]: Could not access /run/chrony : No such file or directory
chronyd[3443]: Disabled command socket /run/chrony/
Not sure if this is critical, but it should be checked.
Per chronyc this is for:
There are two ways chronyc can access chronyd. One is the Internet Protocol (IPv4 or IPv6) and the other is a Unix domain socket, which
is accessible locally by the root or chrony user. By default, chronyc first tries to connect to the Unix domain socket. The compiled-in
default path is /run/chrony/
to 127.0.0.1 and then ::1.
Some commands are ONLY allowed via the socket connection OR if allowed per "cmdallow" so this should be important.
Changed in chrony (Ubuntu): | |
assignee: | nobody → ChristianEhrhardt (paelzer) |
summary: |
- /run/chrony missing? + /run/chrony missing - no privileged commands possible |
Changed in chrony (Debian): | |
status: | Unknown → New |
Changed in chrony (Debian): | |
status: | New → Fix Committed |
Changed in chrony (Debian): | |
status: | Fix Committed → Fix Released |
E.g. "clients" command is not authorized by default (and many more, but one to test).