From owner-freebsd-current@freebsd.org Sat Jul 21 18:14:14 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 73F0610525D7 for ; Sat, 21 Jul 2018 18:14:14 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound1b.ore.mailhop.org (outbound1b.ore.mailhop.org [54.200.247.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E1886728EE for ; Sat, 21 Jul 2018 18:14:13 +0000 (UTC) (envelope-from ian@freebsd.org) X-MHO-RoutePath: aGlwcGll X-MHO-User: dda41b38-8d11-11e8-93fa-f3ebd9db2b94 X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound1.ore.mailhop.org (Halon) with ESMTPSA id dda41b38-8d11-11e8-93fa-f3ebd9db2b94; Sat, 21 Jul 2018 18:14:11 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id w6LIEAQs008919; Sat, 21 Jul 2018 12:14:10 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <1532196850.1344.87.camel@freebsd.org> Subject: Re: ntpd as ntpd user question From: Ian Lepore To: bob prohaska Cc: Pete Wright , FreeBSD Current Date: Sat, 21 Jul 2018 12:14:10 -0600 In-Reply-To: <20180721174722.GA40167@www.zefox.net> References: <5b90c49f-4616-9ef7-28a1-6445137245ef@nomadlogic.org> <1532191655.1344.80.camel@freebsd.org> <4b7acbd2-0230-345c-4370-24a72d0b492a@nomadlogic.org> <1532193285.1344.83.camel@freebsd.org> <20180721174722.GA40167@www.zefox.net> Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.18.5.1 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jul 2018 18:14:14 -0000 On Sat, 2018-07-21 at 10:47 -0700, bob prohaska wrote: > On Sat, Jul 21, 2018 at 11:14:45AM -0600, Ian Lepore wrote: > > > > > > There's a "pre-world" stage of mergemaster (-Fp option I think) which > > isn't needed often, but one of the times it is needed is apparently > > when new user ids are added. ?(So I've been told, I've never much used > > mergemaster myself). I think there are some words about it at the very > > bottom of UPDATING. > > > FWIW, installkernel stopped with the note about needing an ntpd user/group. > Never having been successful with mergemaster (couldn't make heads nor tails > of the "what to do" prompts) I just ran adduser, creating a locked ntpd user > and group. Nothing else special done. The machine is up to r336567 on arm64. > > Installkernel ran, I didn't touch anthing in /etc manually and reboot looked normal. > For now it seems ignorance is bliss.... > > If there's something special I should do (beyond locking) to secure the ntpd  > account please warn me. > > Thanks for reading, > > bob prohaska I can't see any way that installkernel would lead to the complaint about the ntpd user not existing; that check is tied to the installworld target. A quick way to check whether ntpd is running as ntpd user:  procstat cred `pgrep ntpd` PID COMM  EUID  RUID SVUID  EGID  RGID SVGID UMASK FLAGS GROUPS 1176 ntpd   123   123   123   123   123   123   022 -     123 -- Ian