将 ubuntu 20.04 LTS 升级到 22.04 LTS 后,我无法正确运行 chronyd 并且没有出现错误。
sudo systemctl status chronyd
× chrony.service - chrony, an NTP client/server
Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code)
Docs: man:chronyd(8)
man:chronyc(1)
man:chrony.conf(5)
Process: 29980 ExecStart=/usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS (code=exited, status=1/FAILURE)
CPU: 159ms
ubuntu systemd[1]: Starting chrony, an NTP client/server...
ubuntu chronyd[29989]: chronyd version 4.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -D>
ubuntu chronyd[29989]: Fatal error : Could not open /run/chrony/chronyd.pid : Permission denied
ubuntu chronyd-starter.sh[29987]: Could not open /run/chrony/chronyd.pid : Permission denied
ubuntu systemd[1]: chrony.service: Control process exited, code=exited, status=1/FAILURE
ubuntu systemd[1]: chrony.service: Failed with result 'exit-code'.
ubuntu systemd[1]: Failed to start chrony, an NTP client/server.
ls -al
ubuntu@ubuntu:/run$ sudo ls -al /run/chrony/
total 0
drwxr-x--- 2 _chrony _chrony 40 May 27 22:27 .
drwxr-xr-x 40 root root 1140 May 27 22:27 ..
如果我改变用户例如根像那样:
ubuntu@ubuntu:/run$ sudo chown root: /run/chrony/
并启动 chrony 守护进程,但是:
ubuntu@ubuntu:/run$ sudo systemctl status chronyd
● chrony.service - chrony, an NTP client/server
Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
Active: active (running) since
...
ubuntu systemd[1]: Starting chrony, an NTP client/server...
ubuntu chronyd[32080]: chronyd version 4.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -D>
ubuntu chronyd[32080]: Wrong owner of /run/chrony (UID != 117)
ubuntu chronyd[32080]: Disabled command socket /run/chrony/chronyd.sock
ubuntu@ubuntu:/run$ sudo ls -al chrony/
total 4
drwxr-x--- 2 root root 60 May 27 22:47 .
drwxr-xr-x 40 root root 1140 May 27 22:27 ..
-rw-r--r-- 1 root root 6 May 27 22:47 chronyd.pid
哪些用户和权限是正确的?
答案1
检查 apparmor 是否正在使用 chrony 配置文件运行 - 在我的情况下,这阻止了访问。
aa-status