Re: git: 1a241a911dc8 - stable/14 - ntpd: Use the ntpd -u option in preference to the rc su plumbing

Reply: Cy Schubert : "Re: git: 1a241a911dc8 - stable/14 - ntpd: Use the ntpd -u option in preference to the rc su plumbing"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Tomoaki AOKI <junchoon_at_dec.sakura.ne.jp>
Date: Fri, 28 Feb 2025 09:53:24 UTC

Hi.

Unfortunately, this commit caused ntpd hesitating to (re)start
with error messages below on stable/14, amd64.

     ===== Quote =====
# service ntpd stop
Stopping ntpd.
Waiting for PIDS: 52508.
# service ntpd start
Starting ntpd.
daemon control: got EOF
/etc/rc.d/ntpd: WARNING: failed to start ntpd
# 
     ===== End quote =====

Note that I have
  ntpd_flags="-4 -g -x -f /var/db/ntpd.drift -l /var/log/ntpd.log"
  ntpd_config="/etc/ntp/ntp.conf"
  ntpd_enable="YES"
  ntpd_sync_on_start="YES"
  daily_ntpd_leapfile_enable="YES"
  ntp_leapfile_fetch_verbose="YES"
in my /etc/rc.conf.

And the high PID value above is because this output is obtained after
several attempts of stopping and starting.

Regards.


> The branch stable/14 has been updated by cy:
> 
> URL:
https://cgit.FreeBSD.org/src/commit/?id=1a241a911dc8635c3803f1a6620e1ab4692f6ecf
> 
> commit 1a241a911dc8635c3803f1a6620e1ab4692f6ecf
> Author:     Cy Schubert <cy@FreeBSD.org>
> AuthorDate: 2024-12-12 20:03:09 +0000
> Commit:     Cy Schubert <cy@FreeBSD.org>
> CommitDate: 2025-02-25 00:37:46 +0000
> 
>     ntpd: Use the ntpd -u option in preference to the rc su plumbing
>     
>     Using the rc plumbing to setuid(2) is preferred as it allows the
user
>     to use the -i option in ntpd_flags to chroot ntpd.
>     
>     Chrooting ntpd by default will be a 2025 project.
>     
>     Reviewed by:            markj
>     Differential Revision:  https://reviews.freebsd.org/D48191
>     
>     (cherry picked from commit 521f66715afb312b356afafc68cbc044a436a753)
> ---
>  libexec/rc/rc.d/ntpd | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd
> index 76d83149ae1a..36df4ae08c96 100755
> --- a/libexec/rc/rc.d/ntpd
> +++ b/libexec/rc/rc.d/ntpd
> @@ -98,7 +98,6 @@ ntpd_precmd()
>  	# by the admin, we don't add the option.  If the file exists
in the old
> 	# default location we use that, else we use the new default
location.
>  	if can_run_nonroot; then
> -		_user="ntpd"
>  		driftopt="-f ${_ntp_default_driftfile}"
>  	elif grep -q "^[ \t]*driftfile" "${ntpd_config}" ||
>  	     [ -n "${rc_flags}" ] &&
> @@ -112,7 +111,13 @@ ntpd_precmd()
>  	fi
>  
>  	# Set command_args based on the various config vars.
> -	command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt}"
> +	command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt} -u $
{ntpd_user:=ntpd:ntpd}"
> +
> +	# Unset ntpd_user because rc.subr uses $${name}_user to
determine
> +	# whether to invoke su(1) to setuid() to $ntpd_user for us. We
want
> +	# ntpd to do the setuid() itself through the -u argument,
above.
> +	unset ntpd_user
> +
>  	if checkyesno ntpd_sync_on_start; then
>  		command_args="${command_args} -g"
>  	fi

-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>