The branch stable/14 has been updated by cy:
URL:
https://cgit.FreeBSD.org/src/commit/?id=1a241a911dc8635c3803f1a6620e1ab4692f6ecf
commit 1a241a911dc8635c3803f1a6620e1ab4692f6ecf
Author: Cy Schubert <c...@freebsd.org>
AuthorDate: 2024-12-12 20:03:09 +0000
Commit: Cy Schubert <c...@freebsd.org>
CommitDate: 2025-02-25 00:37:46 +0000
ntpd: Use the ntpd -u option in preference to the rc su plumbing
Using the rc plumbing to setuid(2) is preferred as it allows the user
to use the -i option in ntpd_flags to chroot ntpd.
Chrooting ntpd by default will be a 2025 project.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D48191
(cherry picked from commit 521f66715afb312b356afafc68cbc044a436a753)
---
libexec/rc/rc.d/ntpd | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd
index 76d83149ae1a..36df4ae08c96 100755
--- a/libexec/rc/rc.d/ntpd
+++ b/libexec/rc/rc.d/ntpd
@@ -98,7 +98,6 @@ ntpd_precmd()
# by the admin, we don't add the option. If the file exists in the old
# default location we use that, else we use the new default location.
if can_run_nonroot; then
- _user="ntpd"
driftopt="-f ${_ntp_default_driftfile}"
elif grep -q "^[ \t]*driftfile" "${ntpd_config}" ||
[ -n "${rc_flags}" ] &&
@@ -112,7 +111,13 @@ ntpd_precmd()
fi
# Set command_args based on the various config vars.
- command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt}"
+ command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt} -u
${ntpd_user:=ntpd:ntpd}"
+
+ # Unset ntpd_user because rc.subr uses $${name}_user to determine
+ # whether to invoke su(1) to setuid() to $ntpd_user for us. We want
+ # ntpd to do the setuid() itself through the -u argument, above.
+ unset ntpd_user
+
if checkyesno ntpd_sync_on_start; then
command_args="${command_args} -g"
fi
