From nobody Fri Feb 28 09:53:24 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z43SC3Yfcz59Rnn for ; Fri, 28 Feb 2025 09:53:31 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z43S80s3cz3k2P; Fri, 28 Feb 2025 09:53:27 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=dec.sakura.ne.jp header.s=s2405 header.b=JlzhJAdL; dmarc=pass (policy=none) header.from=dec.sakura.ne.jp; spf=pass (mx1.freebsd.org: domain of junchoon@dec.sakura.ne.jp designates 153.125.133.21 as permitted sender) smtp.mailfrom=junchoon@dec.sakura.ne.jp Received: from kalamity.joker.local (124-18-40-20.area1c.commufa.jp [124.18.40.20]) (authenticated bits=0) by www121.sakura.ne.jp (8.17.1/8.17.1/[SAKURA-WEB]/20201212) with ESMTPA id 51S9rO75052421; Fri, 28 Feb 2025 18:53:25 +0900 (JST) (envelope-from junchoon@dec.sakura.ne.jp) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dec.sakura.ne.jp; s=s2405; t=1740736405; bh=JsKTRMYRxheXNN+zMTgUBDizx3xkVb7vkA5kzQNeksc=; h=Date:From:To:Cc:Subject; b=JlzhJAdL3jZDus1G9u4tlM5lFdDMd/vfJVlUq6u2Rdyo7gathIS8nIBBNCA09IAUT GxHNWwIr8XELTz7AshR/LwOLTABc7tdXXfNzVfFA5+RvIz3Cgv9zWErzmRK9QBG3BK zP4GK8Pt5WE9Nw76WjqeDDwNH0Xnb+VlkQ1931/Y= Date: Fri, 28 Feb 2025 18:53:24 +0900 From: Tomoaki AOKI To: Cy Schubert Cc: dev-commits-src-branches@freebsd.org Subject: Re: git: 1a241a911dc8 - stable/14 - ntpd: Use the ntpd -u option in preference to the rc su plumbing Message-Id: <20250228185324.df32beaa550475b0832e1ca0@dec.sakura.ne.jp> Organization: Junchoon corps X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.2) List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [0.62 / 15.00]; SUSPICIOUS_URL_IN_SUSPICIOUS_MESSAGE(1.00)[]; FAKE_REPLY(1.00)[]; NEURAL_HAM_LONG(-0.99)[-0.995]; NEURAL_HAM_MEDIUM(-0.96)[-0.958]; NEURAL_HAM_SHORT(-0.73)[-0.726]; MV_CASE(0.50)[]; URIBL_RED(0.50)[dec.sakura.ne.jp:dkim,dec.sakura.ne.jp:mid,dec.sakura.ne.jp:email]; ONCE_RECEIVED(0.20)[]; MIME_GOOD(-0.10)[text/plain]; BAD_REP_POLICIES(0.10)[]; HAS_ANON_DOMAIN(0.10)[]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_DKIM_ALLOW(0.00)[dec.sakura.ne.jp:s=s2405]; RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; DMARC_POLICY_ALLOW(0.00)[dec.sakura.ne.jp,none]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[dev-commits-src-branches@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[dec.sakura.ne.jp:+]; R_SPF_ALLOW(0.00)[+ip4:153.125.133.16/28]; ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; TO_DN_SOME(0.00)[] X-Rspamd-Queue-Id: 4Z43S80s3cz3k2P X-Spamd-Bar: / Hi. Unfortunately, this commit caused ntpd hesitating to (re)start with error messages below on stable/14, amd64. ===== Quote ===== # service ntpd stop Stopping ntpd. Waiting for PIDS: 52508. # service ntpd start Starting ntpd. daemon control: got EOF /etc/rc.d/ntpd: WARNING: failed to start ntpd # ===== End quote ===== Note that I have ntpd_flags="-4 -g -x -f /var/db/ntpd.drift -l /var/log/ntpd.log" ntpd_config="/etc/ntp/ntp.conf" ntpd_enable="YES" ntpd_sync_on_start="YES" daily_ntpd_leapfile_enable="YES" ntp_leapfile_fetch_verbose="YES" in my /etc/rc.conf. And the high PID value above is because this output is obtained after several attempts of stopping and starting. Regards. > The branch stable/14 has been updated by cy: > > URL: https://cgit.FreeBSD.org/src/commit/?id=1a241a911dc8635c3803f1a6620e1ab4692f6ecf > > commit 1a241a911dc8635c3803f1a6620e1ab4692f6ecf > Author: Cy Schubert > AuthorDate: 2024-12-12 20:03:09 +0000 > Commit: Cy Schubert > CommitDate: 2025-02-25 00:37:46 +0000 > > ntpd: Use the ntpd -u option in preference to the rc su plumbing > > Using the rc plumbing to setuid(2) is preferred as it allows the user > to use the -i option in ntpd_flags to chroot ntpd. > > Chrooting ntpd by default will be a 2025 project. > > Reviewed by: markj > Differential Revision: https://reviews.freebsd.org/D48191 > > (cherry picked from commit 521f66715afb312b356afafc68cbc044a436a753) > --- > libexec/rc/rc.d/ntpd | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd > index 76d83149ae1a..36df4ae08c96 100755 > --- a/libexec/rc/rc.d/ntpd > +++ b/libexec/rc/rc.d/ntpd > @@ -98,7 +98,6 @@ ntpd_precmd() > # by the admin, we don't add the option. If the file exists in the old > # default location we use that, else we use the new default location. > if can_run_nonroot; then > - _user="ntpd" > driftopt="-f ${_ntp_default_driftfile}" > elif grep -q "^[ \t]*driftfile" "${ntpd_config}" || > [ -n "${rc_flags}" ] && > @@ -112,7 +111,13 @@ ntpd_precmd() > fi > > # Set command_args based on the various config vars. > - command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt}" > + command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt} -u $ {ntpd_user:=ntpd:ntpd}" > + > + # Unset ntpd_user because rc.subr uses $${name}_user to determine > + # whether to invoke su(1) to setuid() to $ntpd_user for us. We want > + # ntpd to do the setuid() itself through the -u argument, above. > + unset ntpd_user > + > if checkyesno ntpd_sync_on_start; then > command_args="${command_args} -g" > fi -- Tomoaki AOKI