Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Feb 2025 17:12:01 GMT
From:      Cy Schubert <cy@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 521f66715afb - main - ntpd: Use the ntpd -u option in preference to the rc su plumbing
Message-ID:  <202502181712.51IHC1b1064631@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=521f66715afb312b356afafc68cbc044a436a753

commit 521f66715afb312b356afafc68cbc044a436a753
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2024-12-12 20:03:09 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2025-02-18 17:11:38 +0000

    ntpd: Use the ntpd -u option in preference to the rc su plumbing
    
    Using the rc plumbing to setuid(2) is preferred as it allows the user
    to use the -i option in ntpd_flags to chroot ntpd.
    
    Chrooting ntpd by default will be a 2025 project.
    
    MFC after:              1 week
    Reviewed by:            markj
    Differential Revision:  https://reviews.freebsd.org/D48191
---
 libexec/rc/rc.d/ntpd | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd
index e7e42da8acc7..8babda09455c 100755
--- a/libexec/rc/rc.d/ntpd
+++ b/libexec/rc/rc.d/ntpd
@@ -101,7 +101,6 @@ ntpd_precmd()
 	# by the admin, we don't add the option.  If the file exists in the old
 	# default location we use that, else we use the new default location.
 	if can_run_nonroot; then
-		_user="ntpd"
 		driftopt="-f ${_ntp_default_driftfile}"
 	elif grep -q "^[ \t]*driftfile" "${ntpd_config}" ||
 	     [ -n "${rc_flags}" ] &&
@@ -115,7 +114,13 @@ ntpd_precmd()
 	fi
 
 	# Set command_args based on the various config vars.
-	command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt}"
+	command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt} -u ${ntpd_user:=ntpd:ntpd}"
+
+	# Unset ntpd_user because rc.subr uses $${name}_user to determine
+	# whether to invoke su(1) to setuid() to $ntpd_user for us. We want
+	# ntpd to do the setuid() itself through the -u argument, above.
+	unset ntpd_user
+
 	if checkyesno ntpd_sync_on_start; then
 		command_args="${command_args} -g"
 	fi

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502181712.51IHC1b1064631>