Date: Wed, 22 May 2019 19:45:26 -0600 From: Ian Lepore <ian@freebsd.org> To: Andriy Gapon <avg@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r336547 - in head/etc: defaults rc.d Message-ID: <64935b6f3beef7bde7a32b359187d998a480f258.camel@freebsd.org> In-Reply-To: <6b966875-23f5-28cf-9e65-7c30974eef05@FreeBSD.org> References: <201807201359.w6KDxT1p087000@repo.freebsd.org> <6b966875-23f5-28cf-9e65-7c30974eef05@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2019-05-22 at 14:40 +0300, Andriy Gapon wrote: > Something I've just noticed about this commit: > > On 20/07/2018 16:59, Ian Lepore wrote: > > Author: ian > > Date: Fri Jul 20 13:59:29 2018 > > New Revision: 336547 > > URL: https://svnweb.freebsd.org/changeset/base/336547 > > > > Log: > > Automatically run ntpd as non-root when possible. > > [snip] > > > +ntpd_precmd() > > +{ > > + local driftopt > > + > > + # If we can run as a non-root user, switch uid to ntpd and use > > the > > + # new default location for the driftfile inside the ntpd-owned > > dir. > > + # Otherwise, figure out what to do about the driftfile > > option. If set > > + # by the admin, we don't add the option. If the file exists in > > the old > > + # default location we use that, else we use the new default > > location. > > + if can_run_nonroot; then > > + _user="ntpd" > > + driftopt="-f ${_ntp_default_driftfile}" > > + elif [ -z "${rc_flags##*-f*}" ] || > > + [ -z "${rc_flags##*--driftfile*}" ] || > > It seems that the two checks above produce a false positive if > rc_flags is empty > already. And that's the case on a system that I recently brought up > (very > recent CURRENT via source install). /etc/defaults/rc.conf has > ntpd_flags="". > As a result ntpd is started without the drift file option. > And the stock /etc/ntp.conf also does not have the directive. > Doh! I use that pattern-removal technique all the time at $work, I wonder how many times I've committed this mistake and just haven't been burned by it yet? Good catch, should be fixed by r348141. I'm curious though... it can only hit this condition if can_run_nonroot returns false, and it shouldn't do so on a freshly-installed system. The idea was to make it run non-priv out of the box and only run as root if the admin had done something non-standard. Does it make sense to you that it was running as root on your system? Like have you customized ntp.conf to add some file-related commands? -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64935b6f3beef7bde7a32b359187d998a480f258.camel>