Per [1] I found a better solution.
There is a defined entry for that in systemd, so it comes down to the even easier.
RuntimeDirectory=chrony RuntimeDirectoryMode=0770
For user&group (which we need) we also need to set User & Group but that would affect ExecStart which would break it.
Via [2] and IRC discussion I found a way through that. One can set user/group but ignore it for the execution.
User=_chrony Group=_chrony And add a ! at ExecStart
I'll check if the Priv/Protect settings are affected (They would be at ExecStart=+.
[1]: https://www.freedesktop.org/software/systemd/man/systemd.exec.html [2]: https://www.freedesktop.org/software/systemd/man/systemd.service.html
Per [1] I found a better solution.
There is a defined entry for that in systemd, so it comes down to the even easier.
RuntimeDirector y=chrony yMode=0770
RuntimeDirector
For user&group (which we need) we also need to set User & Group but that would affect ExecStart which would break it.
Via [2] and IRC discussion I found a way through that.
One can set user/group but ignore it for the execution.
User=_chrony
Group=_chrony
And add a ! at ExecStart
I'll check if the Priv/Protect settings are affected (They would be at ExecStart=+.
[1]: https:/ /www.freedeskto p.org/software/ systemd/ man/systemd. exec.html /www.freedeskto p.org/software/ systemd/ man/systemd. service. html
[2]: https:/