Why do you need superuser permissions to read the real-time clock on Linux? Why do you need superuser permissions to read the real-time clock on Linux? linux linux

Why do you need superuser permissions to read the real-time clock on Linux?


linux clock real-time-clock

It's an artifact of the way access to RTC is implemented in Linux: the /dev/rtc* devices can be opened only once (until they are closed) and they are read-only. Reading and setting the RTC is then done via calls to ioctl.

Additionally, it makes sense that only the superuser can set the RTC, an action which may have destructive impact on the system. Therefore only the superuser should be able to open the RTC devices.

As it is, that leads to the rtc* devices belonging to root user & group, even though there are conceivably other ways to implement this restriction. One could, for instance, allow every user to open the devices, and checking for proper privileges on the ioctl call. Read access to the device can even be given on a per-user basis, via uaccess, etc.

Per the RTC kernel documentation, there's two more interfaces to the RTC:

  • The /proc/driver/rtc is a pseudo file providing some status information. On my system(s) it offers read access to all, but I can't find any spec on that.

  • The /sys/class/rtc/rtc* entries are backing the corresponding /dev/rtc* devices (which you can find out if you cat /sys/class/rtc/rtcN/dev), and also offer (via "attribute" files) read access to all on date, time, seconds since Epoch, etc. Triggering uevents, modifying the max interrupt rate, and time to request a wakeup event are only offered to root (MODE 0644).

linux clock real-time-clock

You're obviously hitting file permissions here:

hwclock: cannot open /dev/rtc: Permission denied

In my system (openSUSE 42.1) only root can read/write to /dev/rtc0. Modern Linux distributions use udevd (now it is part of systemd) to create device nodes in devtmpfs. If you look into systemd source, you can see that there is no directives for setting permissions for rtc devices: systemd/rules/50-udev-default.rules:9

# select "system RTC" or just use the first oneSUBSYSTEM=="rtc", ATTR{hctosys}=="1", SYMLINK+="rtc"SUBSYSTEM=="rtc", KERNEL=="rtc0", SYMLINK+="rtc", OPTIONS+="link_priority=-100"

I may only speculate that not so much apps require RTC access, so that was a reason why they didn't create special group for that (like for tty)

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last