From 02c38934ead76aa94e9a10b24dcf6aaf81c33076 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 15 Sep 2020 12:11:08 +0200
Subject: [PATCH] main: add option to disable check for root

The -U option can be used to start chronyd under a non-root user if it
is provided with all capabilities and access to files, directories, and
devices, needed to operate correctly in the specified configuration. It
is not recommended in cases where the configuration is unknown.
---
 doc/chronyd.adoc | 10 ++++++++++
 main.c           | 12 ++++++++----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/doc/chronyd.adoc b/doc/chronyd.adoc
index 739950b..c9f51b3 100644
--- a/doc/chronyd.adoc
+++ b/doc/chronyd.adoc
@@ -145,6 +145,16 @@ On macOS, FreeBSD, NetBSD and Solaris *chronyd* forks into two processes.
 The child process retains root privileges, but can only perform a very limited
 range of privileged system calls on behalf of the parent.
 
+*-U*::
+This option disables a check for root privileges to allow *chronyd* to be
+started under a non-root user, assuming the process will have all capabilities
+(e.g. provided by the service manager) and access to all files, directories,
+and devices, needed to operate correctly in the specified configuration. Note
+that different capabilities might be needed with different configurations and
+different Linux kernel versions. Starting *chronyd* under a non-root user is
+not recommended when the configuration is not known, or at least limited to
+specific directives.
+
 *-F* _level_::
 This option configures a system call filter when *chronyd* is compiled with
 support for the Linux secure computing (seccomp) facility. In level 1 the
diff --git a/main.c b/main.c
index 0c9be36..958d047 100644
--- a/main.c
+++ b/main.c
@@ -411,7 +411,7 @@ int main
   int do_init_rtc = 0, restarted = 0, client_only = 0, timeout = -1;
   int scfilter_level = 0, lock_memory = 0, sched_priority = 0;
   int clock_control = 1, system_log = 1, log_severity = LOGS_INFO;
-  int config_args = 0, print_config = 0;
+  int user_check = 1, config_args = 0, print_config = 0;
 
   do_platform_checks();
 
@@ -431,7 +431,7 @@ int main
   optind = 1;
 
   /* Parse short command-line options */
-  while ((opt = getopt(argc, argv, "46df:F:hl:L:mnpP:qQrRst:u:vx")) != -1) {
+  while ((opt = getopt(argc, argv, "46df:F:hl:L:mnpP:qQrRst:u:Uvx")) != -1) {
     switch (opt) {
       case '4':
       case '6':
@@ -462,7 +462,7 @@ int main
         break;
       case 'p':
         print_config = 1;
-        client_only = 1;
+        user_check = 0;
         nofork = 1;
         system_log = 0;
         break;
@@ -479,6 +479,7 @@ int main
         ref_mode = REF_ModePrintOnce;
         nofork = 1;
         client_only = 1;
+        user_check = 0;
         clock_control = 0;
         system_log = 0;
         break;
@@ -497,6 +498,9 @@ int main
       case 'u':
         user = optarg;
         break;
+      case 'U':
+        user_check = 0;
+        break;
       case 'v':
         print_version();
         return 0;
@@ -509,7 +513,7 @@ int main
     }
   }
 
-  if (getuid() && !client_only)
+  if (user_check && getuid() != 0)
     LOG_FATAL("Not superuser");
 
   /* Turn into a daemon */