/usr/sbin/ntpd runs as uid=123 not root on 12.0 & fails
Dimitry Andric
dim at FreeBSD.org
Wed Mar 13 12:06:16 UTC 2019
On 13 Mar 2019, at 12:50, Julian H. Stacey <jhs at berklix.com> wrote:
> Has anyone else noticed release 12.0-p3 /usr/sbin/ntpd runs as
> uid=123 not root on 12.0, the process runs, But fails to correct
> the time ! Next thing to diagnose it, would be a kill of ntpd &
> restart direct as root, I'm not root there so I'll wait for that.
>
> Are others 12 systems slipping time too ?
My systems are working fine, even though ntpd is running as user ntpd.
There's this new part in /etc/rc.d/ntpd, which may be the reason it is
not working for you:
# Try to set up the the MAC ntpd policy so ntpd can run with reduced
# privileges. Detect whether MAC is compiled into the kernel, load
# the policy module if not already present, then check whether the
# policy has been disabled via tunable or sysctl.
[ -n "$(sysctl -qn security.mac.version)" ] || return 1
sysctl -qn security.mac.ntpd >/dev/null || kldload -qn mac_ntpd || return 1
[ "$(sysctl -qn security.mac.ntpd.enabled)" == "1" ] || return 1
So it tries to setup that MAC policy, which shows up in syslog like:
kernel: Security policy loaded: MAC/ntpd (mac_ntpd)
ntpd[810]: ntpd 4.2.8p12-a (1): Starting
ntpd[811]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): good hash signature
ntpd[811]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): loaded, expire=2019-06-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
Maybe on your system something goes wrong loading the mac_ntpd module,
or setting the sysctl, but it still continues to attempt to run ntpd as
non-root?
I would run /etc/rc.d/ntpd with sh -x to see what is doing exactly.
-Dimitry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 223 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20190313/a6eee667/attachment.sig>
More information about the freebsd-hackers
mailing list