Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Formula chrony permission problem after re-installing homebrew (or applying manual changes) #193752

Open
4 tasks done
wq9578 opened this issue Oct 11, 2024 · 0 comments
Open
4 tasks done

Formula chrony permission problem after re-installing homebrew (or applying manual changes) #193752

wq9578 opened this issue Oct 11, 2024 · 0 comments
Labels
bug Reproducible Homebrew/homebrew-core bug

Comments

@wq9578
Copy link

wq9578 commented Oct 11, 2024
edited by carlocab
Loading

brew gist-logs <formula> link OR brew config AND brew doctor output

brew config:

HOMEBREW_VERSION: 4.4.0
ORIGIN: https://github.com/Homebrew/brew
HEAD: 84c31175f11860129a9aaed40a13c549625e2db1
Last commit: 10 days ago
Core tap JSON: 11 Oct 13:09 UTC
Core cask tap JSON: 11 Oct 13:09 UTC
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_MAKE_JOBS: 8
Homebrew Ruby: 3.3.5 => /opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.3.5/bin/ruby
CPU: octa-core 64-bit arm_blizzard_avalanche
Clang: 16.0.0 build 1600
Git: 2.39.5 => /Library/Developer/CommandLineTools/usr/bin/git
Curl: 8.7.1 => /usr/bin/curl
macOS: 15.0.1-arm64
CLT: 16.0.0.0.1.1724870825
Xcode: 16.0
Rosetta 2: false

brew doctor:

Your system is ready to brew.

Verification

  • My brew doctor output says Your system is ready to brew. and am still able to reproduce my issue.
  • I ran brew update and am still able to reproduce my issue.
  • I have resolved all warnings from brew doctor and that did not fix my problem.
  • I searched for recent similar issues at https://github.com/Homebrew/homebrew-core/issues?q=is%3Aissue and found no duplicates.

What were you trying to do (and why)?

After again running the installation script with /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" as shown on the Homebrew website https://brew.sh, I was trying use the command sudo /opt/homebrew/bin/chronyc selectdata in order to view the appropriate data. (sudo /opt/homebrew/bin/chronyc tracking and sudo /opt/homebrew/bin/chronyc sources work.)

A problem analysis and a solution is provided below.

What happened (include all command output)?

Client:

S Name/IP Address        Auth COpts EOpts Last Score     Interval  Leap
=======================================================================
501 Not authorised

Daemon (restarted manually with debugging output: launchctl kill 9 system/org.tuxfamily.chrony; /opt/homebrew/sbin/chronyd -d -d)

[...]
2024-10-11T10:32:45Z Wrong permissions on /opt/homebrew/var/run/chrony
2024-10-11T10:32:45Z Disabled command socket /opt/homebrew/var/run/chrony/chronyd.sock
[...]

or

[...]
2024-10-11T13:48:36Z Wrong owner of /var/run/chrony (UID != 0)
2024-10-11T13:48:36Z Disabled command socket /var/run/chrony/chronyd.sock
[...]

What did you expect to happen?

The requested data to be shown.

Step-by-step reproduction instructions (by running brew commands)

  1. Run the installation script with /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
  2. Install chrony: brew install chrony
  3. Again run the installation script with /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
  4. Run sudo /opt/homebrew/bin/chronyc selectdata

Analysis:
The selectdata option requires a working socket connection.
The directory in which the socket file resides MUST have correct, ownership (root), group, and permissions (o-rwx), see: https://gitlab.com/chrony/chrony/-/blob/master/conf.c#L1836
Ownership is corrupted by the installation script command /usr/bin/sudo /usr/sbin/chown -R user:admin /opt/homebrew.
Permissions may be corrupted by manually fixing permissions recursively over /opt/homebrew which sometimes is necessary to fix permission problems.

Solution:

  1. Set ownership, group, and permissions for the directory in the install script such that they are fixed by running brew install chrony or brew reinstall chrony.
  2. Even better would be additionally placing the socket in a global directory /var/run/chrony (instead of /opt/homebrew/var/run/chrony) by adding bindcmdaddress /var/run/chrony/chronyd.sock to /etc/chrony.conf, so ownership, group, and permissions are not modified by re-installing Homebrew or modifying permissions in the Homebrew directory. Then chronyc must be run with option -h /var/run/chrony/chronyd.sock,127.0.0.1,::1.
  3. Not only for chronyd, but also for the client chronyc the debugging flag should be enabled. Currently chronyc -d doesn't seem to produce any debug output.

Originally reported at: https://gitlab.com/chrony/chrony/-/issues/16
@wq9578 wq9578 added the bug Reproducible Homebrew/homebrew-core bug label Oct 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Reproducible Homebrew/homebrew-core bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wq9578