[Bug 199127] rc.d/ntpd: user-set ntpd_flags stomps over rc-defined ones (pidfile, driftfile)

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Jul 20 13:59:59 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199127

--- Comment #5 from commit-hook at freebsd.org ---
A commit references this bug:

Author: ian
Date: Fri Jul 20 13:59:30 UTC 2018
New revision: 336547
URL: https://svnweb.freebsd.org/changeset/base/336547

Log:
  Automatically run ntpd as non-root when possible.

  Ntpd needs only a subset of full root privileges to do its job. Specifically
  it needs the ability to manipulate system time, and to re-bind to a
  privileged UDP port after interface changes. The mac_ntpd(4) policy module
  (see r336525) can grant these privs.

  These changes detect the availability of mac_ntpd(4). If enabled, and if the
  ntpd configuration is fairly vanilla, it automatically runs ntpd as the
  non-root user 'ntpd' (uid 123). "Vanilla" means the config doesn't include
  command line or ntp.conf options changing the location of files or using any
  files/dirs likely to be inaccessible to user ntpd.  Ntpd can still run as
  non-root when using such options, but the admin must ensure all required
  files and dirs are accessible, and then set ntpd_user=ntpd in rc.conf.

  Note that these changes also address PR 199127 by using the command_args
  technique suggested in the patch. They also tangentially address PR 113552,
  which is primarily about inconsistent filenames in documentation, but some
  of the inconsistancy was caused by old code in rc.d/ntpd which is leftover
  from the intial import from netbsd. There was code to do chroot setup which
  required the use of the netbsd clockctl(4) device; that code never had any
  effect on freebsd, because we lack that device and don't build ntpd with the
  options that would allow using it.

  PR:           113552 199127
  Relnotes:     yes
  Differential Revision:        https://reviews.freebsd.org/D16050

Changes:
  head/etc/defaults/rc.conf
  head/etc/rc.d/ntpd

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-rc mailing list