2.1.3 Ensure chrony is not run as the root user

Information

The file /etc/sysconfig/chronyd allows configuration of options for chrony to include the user chrony is run as. By default this is set to the user chrony

Services should not be set to run as the root user

Solution

Edit the file /etc/sysconfig/chronyd and add or modify the following line:

OPTIONS="-u chrony"

Run the following command to reload the chronyd.service configuration:

# systemctl try-reload-or-restart chronyd.service

See Also

https://workbench.cisecurity.org/benchmarks/15965

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: Unix

Control ID: 931ab40b8bf91299386cfd163bf017de3df64c3dc613dfecef7d2f1278b53cdc