In message <202503111757.52bhvssu060...@gitrepo.freebsd.org>, Cy Schubert
write
s:
> The branch main has been updated by cy:
>
> URL: https://cgit.FreeBSD.org/src/commit/?id=5ca7754519e8c618968d8acbf54d653b
> 6e968829
>
> commit 5ca7754519e8c618968d8acbf54d653b6e968829
> Author: Cy Schubert <c...@freebsd.org>
> AuthorDate: 2025-03-11 17:51:11 +0000
> Commit: Cy Schubert <c...@freebsd.org>
> CommitDate: 2025-03-11 17:51:11 +0000
>
> Revert "ntpd: Use the ntpd -u option in preference to the rc su plumbing"
>
> Using the ntpd -u option to set the credentials ntpd is to run under
> while still using rc(8) to invoke causes some FreeBSD installs to fail
> to load mac_ntp. The fact that that can_run_nonroot() does not
> indicate why failures occur leaves people on the mailing lists
> guessing as to why there are failures. Let's revert back to using
> the rc(8) provided su. The ntpd rc script will be rewritten when
> the ntpd chroot will be implemented.
>
> Reported on: freebsd-stable@
> MFC after: immediately
Apparently this didn't need to be reverted because the problem still occurs
post revert. At this point nobody knows what the problem is and why only a
small subset of users is affected.
Though one user had specified -f and -l on the command line, and these are
prohibited and have been for a long time, because of the su plumbing in
rc(8).
The ntpd rc script does need a rewrite. I plan to do a wholesale rewrite
when implementing ntpd in a chroot, as supported by a command line option.
An incremental approach is probably not advised. A complete rewrite,
circumventing the rc(8) plumbing, to implement the ntpd chroot (command
line argument) which implies setuid ntpd.
And given that can_run_nonroot() only returns a return code without an
indication why leaves diagnosis of problems up to posting of vague it
doesn't work messages on the mailing lists or on the forums. As I've worked
in software development, software support, and sysadmin roles, the aim of
printing error messages rather than failing silently greatly enhances
problem resolution and reduces calls to the service desk or help line, or
in our case mailing lists and forums. This is the primary reason this rc
script need a complete rewrite.
I will put this on my todo list.
>
> This reverts commit 521f66715afb312b356afafc68cbc044a436a753.
> ---
> libexec/rc/rc.d/ntpd | 9 ++-------
> 1 file changed, 2 insertions(+), 7 deletions(-)
>
> diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd
> index 8babda09455c..e7e42da8acc7 100755
> --- a/libexec/rc/rc.d/ntpd
> +++ b/libexec/rc/rc.d/ntpd
> @@ -101,6 +101,7 @@ ntpd_precmd()
> # by the admin, we don't add the option. If the file exists in the old
> # default location we use that, else we use the new default location.
> if can_run_nonroot; then
> + _user="ntpd"
> driftopt="-f ${_ntp_default_driftfile}"
> elif grep -q "^[ \t]*driftfile" "${ntpd_config}" ||
> [ -n "${rc_flags}" ] &&
> @@ -114,13 +115,7 @@ ntpd_precmd()
> fi
>
> # Set command_args based on the various config vars.
> - command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt} -u ${ntpd_use
> r:=ntpd:ntpd}"
> -
> - # Unset ntpd_user because rc.subr uses $${name}_user to determine
> - # whether to invoke su(1) to setuid() to $ntpd_user for us. We want
> - # ntpd to do the setuid() itself through the -u argument, above.
> - unset ntpd_user
> -
> + command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt}"
> if checkyesno ntpd_sync_on_start; then
> command_args="${command_args} -g"
> fi
>
--
Cheers,
Cy Schubert <cy.schub...@cschubert.com>
FreeBSD UNIX: <c...@freebsd.org> Web: https://FreeBSD.org
NTP: <c...@nwtime.org> Web: https://nwtime.org
e^(i*pi)+1=0
