PR #35 added the possibility to use chrony's unix comand socket to query the metrics. This PR also updates the README which states that running the exporter as root should work. Sadly this not the case. Imho there are 4 possible solutions to the problem:
Update the README and drop the info about running the exporter as root. This means that the only documented way to run the exporter in this case is to let it run as the same user as chrony.
Update the README to explain all the possible ways the exporter can be run in this case:
run it as the same user as chrony
run it as user root with umask set to 0000
run it as user root, set the egid of the exporter to the same group chrony runs at and set the umask to 0002
run it as any user, add CAP_DAC_OVERRIDE to the ambient capability set and set umask to 0000
run it as any user, add CAP_DAC_OVERRIDE to the ambient capability set, set the egid of the exporter to the same group chrony runs at and set the umask to 0002
some other even more convoluted way?
Update the README and explain what operations actually need to be allowed for the exporter to work.
the exporter needs to be able to create a socket file inside the directory where the command socket of chrony is -> /var/run/chrony
run the exporter as the same user as chrony
run the exporter as user root
run the exporter as any user and add CAP_DAC_OVERRIDE to the ambient capability set
some other solution...
the socket file created by the exporter needs to be writeable by the user/group chrony runs as
run the exporter as the same user as chrony
use the umask to mangle the permissions of the socket file
some other solution...
re-add the call to chmod in the source code.
Not sure which one is the best. Option 1 is clearly the easiest but does not tell the full story. Option 2 and 3 are more complete but a little wordy. Option 4 is is a little strange and needs an actually source code change and a new release.
PR #35 added the possibility to use chrony's unix comand socket to query the metrics. This PR also updates the README which states that running the exporter as root should work. Sadly this not the case. Imho there are 4 possible solutions to the problem:
0000
0002
0000
0002
/var/run/chrony
chmod
in the source code.Not sure which one is the best. Option 1 is clearly the easiest but does not tell the full story. Option 2 and 3 are more complete but a little wordy. Option 4 is is a little strange and needs an actually source code change and a new release.