About time synchronisation

Note:
This documentation has moved to a new home! Please update your bookmarks to the new URL for the up-to-date version of this page.

2 Likes

FYI - added more gpsd/pps use case details to help anyone else trying to set this up.

From a security POV, it would be best to not give ownership of the cert files to the _chrony user, as that would allow it to write to those files as well (depending on permissions, but, being the owner, they can be changed). Usually the owner should be root, and the group should be _chrony, and the group would have read permissions. In other words, I would suggest (untested):

sudo chown root:_chrony /etc/chrony/*.pem
sudo chmod 0640 /etc/chrony/privkey.pem