From owner-svn-src-all@freebsd.org Thu May 23 01:45:31 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9FB215944C8 for ; Thu, 23 May 2019 01:45:31 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound3d.ore.mailhop.org (outbound3d.ore.mailhop.org [54.186.57.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3213B75264 for ; Thu, 23 May 2019 01:45:31 +0000 (UTC) (envelope-from ian@freebsd.org) ARC-Seal: i=1; a=rsa-sha256; t=1558575929; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=rEgQfbBP6MbMFD1IpW1ZzA20JOw0p/R+W0qMIQahNGVVhcTqrDMDZYcGwq7hWLpefK6La4uP/HrVY IRU4CZmX+t0CeUcMZ5kvsB2KBbnKACkom+ZpzPnwrx5j15CxEmf0JkFnB0ryuCiRaVXIDrn+OLanbq FGFHzPwkhuEws6qXIlSdQk52VT9KSYc/YfZMAypbB1BrCM+PxWY0TsbHl52fsopRc2vceZC5mmcBj/ JgipobqFG8DtyWZreiqR14uvwjZ9RGeT5m4UTBoeaLVXFS3z8oSy6yMKggviSTj144qxXfUGrPMJij F26nogJMYWr5q9YH6C8qsharQkLI0rA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:to:from:subject:message-id:dkim-signature:from; bh=u//1ZE3/VLHHKmNPF1z8TdQY4/ZkCPSpblQtxeSWr6w=; b=ishBV7L+sW2/TaH4s1YwMVOaqlQ5aHLRLyaXz2MR6a8nMoJW/dwFpXPZxDhTSKF+gedNkjdSFWto1 zJDdahPIxR4Xf7xSiqfVLh/FOuWXyouclbfqxGfJPq7m9pkXGRxMw81hmoOkr+Vdmc/qNcQkhjM4Iy GLNtP/vgIIcZSjIKZ3w1yCpM/H7hMa0LBYPgsu61i9PHQD/jqC117W4xo9+RJgcJYOQl6mfFnrtkR+ Iu+Q71VA1znZbpUKooUMHzptl4ol99inOTa8ltx12SAw4ha3ilGNlQR51gtlEK2GNkTTqCNHcGsqEM ptYYLLPim+EPcn8Z8K8jYQh8MLIMikw== ARC-Authentication-Results: i=1; outbound3.ore.mailhop.org; spf=softfail smtp.mailfrom=freebsd.org smtp.remote-ip=67.177.211.60; dmarc=none header.from=freebsd.org; arc=none header.oldest-pass=0; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:to:from:subject:message-id:from; bh=u//1ZE3/VLHHKmNPF1z8TdQY4/ZkCPSpblQtxeSWr6w=; b=i2c6YBOjeH1BaAYr/g+ofUFqpYvdjcdC5UVJjqy3EYA8cJMsJMx2w4LCWBoNDfjPWFltO3OLhaomq shmvalP711gVlYlDXyOopVGfbIiPYBTq+J5d6+S1rY68BxUu80zEygp8T3l41YvDIZkqBM7lLCzw0i 2PAPa61Ger/QyIpvPBQvbZLVdl2O3cvBS9TIt+ktPFSkrkKvBqhhNldxo3Xw8PuHhkZDCVqD+BRB3R SUMK5btsMHE9Fmtjaaeez/TzK+AiX6HUaLfJ0TiFXDb0u6CHgndRGqVf2qc8/h3p+IdIz0fnWfOyM9 7iod66BAsBmkFY0MJWKSJdMHMxV79pg== X-MHO-RoutePath: aGlwcGll X-MHO-User: 703b0d09-7cfc-11e9-990f-673a89bc4518 X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound3.ore.mailhop.org (Halon) with ESMTPSA id 703b0d09-7cfc-11e9-990f-673a89bc4518; Thu, 23 May 2019 01:45:27 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id x4N1jQcd008425; Wed, 22 May 2019 19:45:26 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <64935b6f3beef7bde7a32b359187d998a480f258.camel@freebsd.org> Subject: Re: svn commit: r336547 - in head/etc: defaults rc.d From: Ian Lepore To: Andriy Gapon , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Date: Wed, 22 May 2019 19:45:26 -0600 In-Reply-To: <6b966875-23f5-28cf-9e65-7c30974eef05@FreeBSD.org> References: <201807201359.w6KDxT1p087000@repo.freebsd.org> <6b966875-23f5-28cf-9e65-7c30974eef05@FreeBSD.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 3213B75264 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.989,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 May 2019 01:45:32 -0000 On Wed, 2019-05-22 at 14:40 +0300, Andriy Gapon wrote: > Something I've just noticed about this commit: > > On 20/07/2018 16:59, Ian Lepore wrote: > > Author: ian > > Date: Fri Jul 20 13:59:29 2018 > > New Revision: 336547 > > URL: https://svnweb.freebsd.org/changeset/base/336547 > > > > Log: > > Automatically run ntpd as non-root when possible. > > [snip] > > > +ntpd_precmd() > > +{ > > + local driftopt > > + > > + # If we can run as a non-root user, switch uid to ntpd and use > > the > > + # new default location for the driftfile inside the ntpd-owned > > dir. > > + # Otherwise, figure out what to do about the driftfile > > option. If set > > + # by the admin, we don't add the option. If the file exists in > > the old > > + # default location we use that, else we use the new default > > location. > > + if can_run_nonroot; then > > + _user="ntpd" > > + driftopt="-f ${_ntp_default_driftfile}" > > + elif [ -z "${rc_flags##*-f*}" ] || > > + [ -z "${rc_flags##*--driftfile*}" ] || > > It seems that the two checks above produce a false positive if > rc_flags is empty > already. And that's the case on a system that I recently brought up > (very > recent CURRENT via source install). /etc/defaults/rc.conf has > ntpd_flags="". > As a result ntpd is started without the drift file option. > And the stock /etc/ntp.conf also does not have the directive. > Doh! I use that pattern-removal technique all the time at $work, I wonder how many times I've committed this mistake and just haven't been burned by it yet? Good catch, should be fixed by r348141. I'm curious though... it can only hit this condition if can_run_nonroot returns false, and it shouldn't do so on a freshly-installed system. The idea was to make it run non-priv out of the box and only run as root if the admin had done something non-standard. Does it make sense to you that it was running as root on your system? Like have you customized ntp.conf to add some file-related commands? -- Ian