mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-16 10:20:30 +00:00
d11f4dfd21
Ntpd needs only a subset of full root privileges to do its job. Specifically it needs the ability to manipulate system time, and to re-bind to a privileged UDP port after interface changes. The mac_ntpd(4) policy module (see r336525) can grant these privs. These changes detect the availability of mac_ntpd(4). If enabled, and if the ntpd configuration is fairly vanilla, it automatically runs ntpd as the non-root user 'ntpd' (uid 123). "Vanilla" means the config doesn't include command line or ntp.conf options changing the location of files or using any files/dirs likely to be inaccessible to user ntpd. Ntpd can still run as non-root when using such options, but the admin must ensure all required files and dirs are accessible, and then set ntpd_user=ntpd in rc.conf. Note that these changes also address PR 199127 by using the command_args technique suggested in the patch. They also tangentially address PR 113552, which is primarily about inconsistent filenames in documentation, but some of the inconsistancy was caused by old code in rc.d/ntpd which is leftover from the intial import from netbsd. There was code to do chroot setup which required the use of the netbsd clockctl(4) device; that code never had any effect on freebsd, because we lack that device and don't build ntpd with the options that would allow using it. PR: 113552 199127 Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16050 |
||
---|---|---|
.. | ||
autofs | ||
bluetooth | ||
cron.d | ||
defaults | ||
devd | ||
etc.aarch64 | ||
etc.amd64 | ||
etc.arm | ||
etc.i386 | ||
etc.mips | ||
etc.powerpc | ||
etc.riscv | ||
etc.sparc64 | ||
gss | ||
mtree | ||
newsyslog.conf.d | ||
ntp | ||
pam.d | ||
periodic | ||
pkg | ||
rc.d | ||
root | ||
sendmail | ||
syslog.d | ||
amd.map | ||
apmd.conf | ||
auto_master | ||
blacklistd.conf | ||
crontab | ||
csh.cshrc | ||
csh.login | ||
csh.logout | ||
ddb.conf | ||
devd.conf | ||
devfs.conf | ||
dhclient.conf | ||
disktab | ||
fbtab | ||
freebsd-update.conf | ||
ftpusers | ||
gettytab | ||
group | ||
hosts | ||
hosts.allow | ||
hosts.equiv | ||
hosts.lpd | ||
inetd.conf | ||
libalias.conf | ||
libmap.conf | ||
login.access | ||
login.conf | ||
mac.conf | ||
Makefile | ||
Makefile.depend | ||
master.passwd | ||
minfree | ||
motd | ||
netconfig | ||
netstart | ||
network.subr | ||
networks | ||
newsyslog.conf | ||
nls.alias | ||
nscd.conf | ||
nsmb.conf | ||
nsswitch.conf | ||
ntp.conf | ||
opieaccess | ||
pccard_ether | ||
pf.os | ||
phones | ||
portsnap.conf | ||
printcap | ||
profile | ||
protocols | ||
rc | ||
rc.bsdextended | ||
rc.firewall | ||
rc.initdiskless | ||
rc.resume | ||
rc.sendmail | ||
rc.shutdown | ||
rc.subr | ||
rc.suspend | ||
regdomain.xml | ||
remote | ||
rpc | ||
services | ||
shells | ||
snmpd.config | ||
sysctl.conf | ||
syslog.conf | ||
termcap.small |