From nobody Tue Feb 25 00:38:16 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z1zGw4yFQz5p2Fy; Tue, 25 Feb 2025 00:38:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z1zGw1ndZz3ZBS; Tue, 25 Feb 2025 00:38:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740443896; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tFgu9E+nNtRAVunjmL3NIXw2TBnlADHSoD3dACpZMOI=; b=T11wkvIlu9zENJwOvNC2fS6h3rxXnQ1Qlfw6/XC81h5udSoYRuyNQ/bo0TPlcwZA/oyGdG gA2hKI6Tn7znKUfu3S93Mw7FmnKX6t1Lxqk7vSWyXulTxbxBJpI3AxOrWjym5vn1f/CFyL fG/0NAyj3L3P8xLdKye1VgTiCTm55zQD/UVHuDeDSSZ4HSBhNVwIpdjehMhWv5SoBNnOt4 gl11eAr4u8rFxgOktzVWlbgl72l3F9sPYqY/SQ+I4pAH3iqD0bQ/aO+3PVnF94W7Wpl4hL SKdh8dfpS8gTC/wwOTscwtXJB9pLEGYs66mEa2flrUXm7YKw9Z5GriDRcnERJQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740443896; a=rsa-sha256; cv=none; b=KmT17ZQgANasdUo+y/0W7huF5d7vuzNXZ+GN78x6IlKKrDcBzMcD1X3dKhWT9sjgcUVqwx wvqt0xyXlKS+Ng9ywOuD7Uq+P5SDu8Azg76dJVhZvXSmTUM50586IXJ3zO8XCaIFXUFje1 3QbTfeSxPDeC69GKWvxBSb/JeFt9gIEg4yp/EMsmxFLTbL7XBtCr+Ornd9Wd0TbBttMQUN IQn7gaGAm5KAht4F+QE53ZXwKyrkzmHhL7rtGOBdSBF6H0ELI+fsXvZ/UdDFmVtqNp0FQR VGOo22yw9SR3JgkhdSsuWTMm3XhgQiFfTpHrU0EjCBVBwYBNc7V9XKaTp8syng== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740443896; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tFgu9E+nNtRAVunjmL3NIXw2TBnlADHSoD3dACpZMOI=; b=bbZX+TUDy/80CyZehuYgNyqt8d6MLpgLafysFCMWGrHSOI5MyMXjbP+b5EPNLAa5NdlHrj UoX0SMkKwXRRRucjn18PzFkfDDo02zJu1RHVw1bJMbx+MlcG18+GGSQqgcyTU4nxqYL8ed 2eHhsyXhKIqhUGLxcl9kR8jGPqYBF7CZHlhI1DSArSlJG7MVaBXSUNxCfJi9vrgeUHXw+l IrDWRB+WxsdrVqzsJoTffq9Cc6OCmZ5dy+hOhT1hgvVpwL0uH20psIRUklRv24NKnjVRda Y+h/D7or4NxFE/jI36Jt8m3zQNBQQepFMVR08HRjHIXqz6W0QU/pcZHsO1bVEQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z1zGw1Fc7z131B; Tue, 25 Feb 2025 00:38:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51P0cGWw096923; Tue, 25 Feb 2025 00:38:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51P0cG4u096920; Tue, 25 Feb 2025 00:38:16 GMT (envelope-from git) Date: Tue, 25 Feb 2025 00:38:16 GMT Message-Id: <202502250038.51P0cG4u096920@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: 92c834c6980d - stable/13 - ntpd: Use the ntpd -u option in preference to the rc su plumbing List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 92c834c6980d5e86768509104242316a51c064dc Auto-Submitted: auto-generated The branch stable/13 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=92c834c6980d5e86768509104242316a51c064dc commit 92c834c6980d5e86768509104242316a51c064dc Author: Cy Schubert AuthorDate: 2024-12-12 20:03:09 +0000 Commit: Cy Schubert CommitDate: 2025-02-25 00:38:10 +0000 ntpd: Use the ntpd -u option in preference to the rc su plumbing Using the rc plumbing to setuid(2) is preferred as it allows the user to use the -i option in ntpd_flags to chroot ntpd. Chrooting ntpd by default will be a 2025 project. MFC after: 1 week Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D48191 (cherry picked from commit 521f66715afb312b356afafc68cbc044a436a753) --- libexec/rc/rc.d/ntpd | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd index 76d83149ae1a..36df4ae08c96 100755 --- a/libexec/rc/rc.d/ntpd +++ b/libexec/rc/rc.d/ntpd @@ -98,7 +98,6 @@ ntpd_precmd() # by the admin, we don't add the option. If the file exists in the old # default location we use that, else we use the new default location. if can_run_nonroot; then - _user="ntpd" driftopt="-f ${_ntp_default_driftfile}" elif grep -q "^[ \t]*driftfile" "${ntpd_config}" || [ -n "${rc_flags}" ] && @@ -112,7 +111,13 @@ ntpd_precmd() fi # Set command_args based on the various config vars. - command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt}" + command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt} -u ${ntpd_user:=ntpd:ntpd}" + + # Unset ntpd_user because rc.subr uses $${name}_user to determine + # whether to invoke su(1) to setuid() to $ntpd_user for us. We want + # ntpd to do the setuid() itself through the -u argument, above. + unset ntpd_user + if checkyesno ntpd_sync_on_start; then command_args="${command_args} -g" fi