timesyncd: run timesyncd as unpriviliged user "systemd-timesync" (but still with CAP_SYS_TIME)

author: Lennart Poettering <lennart@poettering.net> 2014-05-17 20:33:47 +0200
committer: Lennart Poettering <lennart@poettering.net> 2014-05-18 20:52:49 +0900
commit: a349eb10d3c3a31cd47198cbf08e4f0dfaffef1d (patch)
tree: 8a3c4b4339d9cd99c7463c0d7fb2666e0f231066 /README
parent: 2bcc2523711e69e6daa744641e56ed8b78646676 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/README b/README
index 4358cd7d75..4e2f996c5e 100644
--- a/README
+++ b/README
@@ -183,6 +183,11 @@ USERS AND GROUPS:
         exist. During execution this network facing service will drop
         privileges and assume this uid/gid for security reasons.
 
+        The NTP daemon requires the "systemd-timesync" system user and
+        group to exist. During execution this network facing service
+        will drop priviliges (with the exception of CAP_SYS_TIME) and
+        assume this uid/gid for security reasons.
+
 WARNINGS:
         systemd will warn you during boot if /etc/mtab is not a
         symlink to /proc/mounts. Please ensure that /etc/mtab is a
author	Lennart Poettering <lennart@poettering.net>	2014-05-17 20:33:47 +0200
committer	Lennart Poettering <lennart@poettering.net>	2014-05-18 20:52:49 +0900
commit	a349eb10d3c3a31cd47198cbf08e4f0dfaffef1d (patch)
tree	8a3c4b4339d9cd99c7463c0d7fb2666e0f231066 /README
parent	2bcc2523711e69e6daa744641e56ed8b78646676 (diff)