From owner-svn-src-head@freebsd.org Fri Jul 20 16:06:45 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A574104A8BD; Fri, 20 Jul 2018 16:06:45 +0000 (UTC) (envelope-from ian@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B1A3A8287F; Fri, 20 Jul 2018 16:06:44 +0000 (UTC) (envelope-from ian@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8D2C112659; Fri, 20 Jul 2018 16:06:44 +0000 (UTC) (envelope-from ian@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w6KG6ieP054350; Fri, 20 Jul 2018 16:06:44 GMT (envelope-from ian@FreeBSD.org) Received: (from ian@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w6KG6i1p054349; Fri, 20 Jul 2018 16:06:44 GMT (envelope-from ian@FreeBSD.org) Message-Id: <201807201606.w6KG6i1p054349@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ian set sender to ian@FreeBSD.org using -f From: Ian Lepore Date: Fri, 20 Jul 2018 16:06:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r336553 - head/share/man/man4 X-SVN-Group: head X-SVN-Commit-Author: ian X-SVN-Commit-Paths: head/share/man/man4 X-SVN-Commit-Revision: 336553 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jul 2018 16:06:45 -0000 Author: ian Date: Fri Jul 20 16:06:44 2018 New Revision: 336553 URL: https://svnweb.freebsd.org/changeset/base/336553 Log: Apply some late-arriving markup suggestions from the phab review, and add a paragraph that mentions the possibility of starting ntpd as a non-root user rather than starting it as root and using its '-u' option to drop root privs after startup. Differential Revision: https://reviews.freebsd.org/D16281 Modified: head/share/man/man4/mac_ntpd.4 Modified: head/share/man/man4/mac_ntpd.4 ============================================================================== --- head/share/man/man4/mac_ntpd.4 Fri Jul 20 15:37:29 2018 (r336552) +++ head/share/man/man4/mac_ntpd.4 Fri Jul 20 16:06:44 2018 (r336553) @@ -23,7 +23,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 28, 2018 +.Dd July 20, 2018 .Dt MAC_NTPD 4 .Os .Sh NAME @@ -45,8 +45,9 @@ place the following line in your kernel configuration .Pp and in .Xr loader.conf 5 : -.Pp -.Dl "mac_ntpd_load=""YES""" +.Bd -literal -offset indent +mac_ntpd_load="YES" +.Ed .Sh DESCRIPTION The .Nm @@ -58,30 +59,28 @@ system time, and to (re-)bind to the privileged NTP po When .Xr ntpd 8 is started with -.Sq -u\ +.Sq Fl u Ar [:group] on the command line, it performs all initializations requiring root privileges, then drops root privileges by switching to the given user id. From that point on, the only privileges it requires are the ability to manipulate system time, and the ability to re-bind a UDP socket to the NTP port (port 123) after a network interface change. -By default, -.Fx -starts -.Xr ntpd 8 -with -.Sq -u\ ntpd:ntpd -on the command line, if the mac_ntpd policy is available to grant -the required privileges. .Pp +With the +.Nm +policy active, it may also be possible to start ntpd as a non-root user, +because the default ntpd options don't require any additional root +privileges beyond those granted by the policy. +.Pp .Ss Privileges Granted The exact set of kernel privileges granted to any process running with the configured uid is: .Bl -inset -compact -offset indent -.It PRIV_ADJTIME -.It PRIV_CLOCK_SETTIME -.It PRIV_NTP_ADJTIME -.It PRIV_NETINET_RESERVEDPORT -.It PRIV_NETINET_REUSEPORT +.It Dv PRIV_ADJTIME +.It Dv PRIV_CLOCK_SETTIME +.It Dv PRIV_NTP_ADJTIME +.It Dv PRIV_NETINET_RESERVEDPORT +.It Dv PRIV_NETINET_REUSEPORT .El .Pp .Ss Runtime Configuration