[Bug 261298] ntpd: /var/db/ntpd.leap-seconds.list wrong permissions/owner

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 261298] rc.d/ntpd: /var/db/ntpd.leap-seconds.list wrong permissions/owner"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 18 Jan 2022 06:30:46 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261298

            Bug ID: 261298
           Summary: ntpd: /var/db/ntpd.leap-seconds.list wrong
                    permissions/owner
           Product: Base System
           Version: 13.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: conf
          Assignee: bugs@FreeBSD.org
          Reporter: martin@waschbuesch.de

Regularly, /var/db/ntpd.leap-seconds.list ends up being owned by root and
permissions of 640.
On restart of ntpd this leads to:

Jan 18 06:14:56 ns00 ntpd[30173]: leapsecond file
('/var/db/ntpd.leap-seconds.list'): open failed: Permission denied

The file should either be owned by ntpd (which ntpd runs as) or have
permissions of 644.

This happens because
a) the file is owned by root:wheel and 
b) I changed umask in /etc/login.conf to 027

ntpd settings in rc.conf are:

ntpd_enable="YES"
ntpd_sync_on_start="YES"

ntpd leapfile is checked and fetched daily as specified in
/etc/periodic/daily/480.leapfile-ntpd

the logic is contained in the ntpd_fetch_leapfile() function within
/etc/rc.d/ntpd

That function should take care of correct ownership of the file, so I propose
to fix ownership to ntpd:ntpd there. However, there may be reasons why
ownership root:wheel and permissions 644 is a better idea for some reason I
have missed, thus I am not providing a patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.