501 not authorized, when chrony runs as 'nobody'

Even though I'm logged in as root, certain commands (no surprise here, chronyc "makestep", "ntpdata", etc.) still return "501 not authorized", whether using sudo or not. As indicated in the title, chrony is configured to run as "nobody". So what am I missing, in order to execute those privileged chronyc commands, given this existing setup?

ps | grep -e [c]hrony
sudo -u chrony chronyc serverstats
su -s "${SHELL}" -c "chronyc serverstats" chrony

No dice. Still getting 501.

Do I need to add nobody to /etc/sudoers?

Check the log if there is a message from chrony about /var/run/chrony having wrong permissions. This can happen if you change the user under which chronyd is running. By default, it should be the chrony user.

The fix is to remove that directory and restart the service, or just reboot the router.


Yup, that did the trick. (/var/run/chrony was already owned by nobody:nogroup.) Thanks!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.