Date: Fri, 20 Jul 2018 13:59:56 +0000 From: bugzilla-noreply@freebsd.org To: rc@FreeBSD.org Subject: [Bug 199127] rc.d/ntpd: user-set ntpd_flags stomps over rc-defined ones (pidfile, driftfile) Message-ID: <bug-199127-20181-176Tz2ZVzV@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-199127-20181@https.bugs.freebsd.org/bugzilla/> References: <bug-199127-20181@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D199127 --- Comment #5 from commit-hook@freebsd.org --- A commit references this bug: Author: ian Date: Fri Jul 20 13:59:30 UTC 2018 New revision: 336547 URL: https://svnweb.freebsd.org/changeset/base/336547 Log: Automatically run ntpd as non-root when possible. Ntpd needs only a subset of full root privileges to do its job. Specifica= lly it needs the ability to manipulate system time, and to re-bind to a privileged UDP port after interface changes. The mac_ntpd(4) policy module (see r336525) can grant these privs. These changes detect the availability of mac_ntpd(4). If enabled, and if = the ntpd configuration is fairly vanilla, it automatically runs ntpd as the non-root user 'ntpd' (uid 123). "Vanilla" means the config doesn't include command line or ntp.conf options changing the location of files or using = any files/dirs likely to be inaccessible to user ntpd. Ntpd can still run as non-root when using such options, but the admin must ensure all required files and dirs are accessible, and then set ntpd_user=3Dntpd in rc.conf. Note that these changes also address PR 199127 by using the command_args technique suggested in the patch. They also tangentially address PR 11355= 2, which is primarily about inconsistent filenames in documentation, but some of the inconsistancy was caused by old code in rc.d/ntpd which is leftover from the intial import from netbsd. There was code to do chroot setup whi= ch required the use of the netbsd clockctl(4) device; that code never had any effect on freebsd, because we lack that device and don't build ntpd with = the options that would allow using it. PR: 113552 199127 Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16050 Changes: head/etc/defaults/rc.conf head/etc/rc.d/ntpd --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-199127-20181-176Tz2ZVzV>