diff --git a/conf.c b/conf.c index c6d4bed..ccc365e 100644 --- a/conf.c +++ b/conf.c @@ -323,7 +323,7 @@ check_number_of_args(char *line, int num) /* ================================================== */ void -CNF_Initialise(int r) +CNF_Initialise(int r, int client_only) { restarted = r; @@ -339,11 +339,18 @@ CNF_Initialise(int r) dumpdir = Strdup(""); logdir = Strdup(""); - bind_cmd_path = Strdup(DEFAULT_COMMAND_SOCKET); - pidfile = Strdup(DEFAULT_PID_FILE); rtc_device = Strdup(DEFAULT_RTC_DEVICE); hwclock_file = Strdup(DEFAULT_HWCLOCK_FILE); user = Strdup(DEFAULT_USER); + + if (client_only) { + cmd_port = ntp_port = 0; + bind_cmd_path = Strdup(""); + pidfile = Strdup(""); + } else { + bind_cmd_path = Strdup(DEFAULT_COMMAND_SOCKET); + pidfile = Strdup(DEFAULT_PID_FILE); + } } /* ================================================== */ diff --git a/conf.h b/conf.h index 0dde153..b3d143b 100644 --- a/conf.h +++ b/conf.h @@ -31,7 +31,7 @@ #include "addressing.h" #include "reference.h" -extern void CNF_Initialise(int restarted); +extern void CNF_Initialise(int restarted, int client_only); extern void CNF_Finalise(void); extern char *CNF_GetRtcDevice(void); diff --git a/doc/chronyd.adoc b/doc/chronyd.adoc index d1ac4d4..59e0c8f 100644 --- a/doc/chronyd.adoc +++ b/doc/chronyd.adoc @@ -75,8 +75,9 @@ When run in this mode, *chronyd* will set the system clock once and exit. It will not detach from the terminal. *-Q*:: -This option is similar to *-q*, but it will only print the offset without any -corrections of the clock. +This option is similar to the *-q* option, except it only prints the offset +without making any corrections of the clock and it allows *chronyd* to be +started without root privileges. *-r*:: This option will try to reload and then delete files containing sample diff --git a/main.c b/main.c index baab7d0..5c6a281 100644 --- a/main.c +++ b/main.c @@ -86,6 +86,10 @@ static void delete_pidfile(void) { const char *pidfile = CNF_GetPidFile(); + + if (!pidfile[0]) + return; + /* Don't care if this fails, there's not a lot we can do */ unlink(pidfile); } @@ -274,6 +278,9 @@ write_pidfile(void) const char *pidfile = CNF_GetPidFile(); FILE *out; + if (!pidfile[0]) + return; + out = fopen(pidfile, "w"); if (!out) { LOG_FATAL("Could not open %s : %s", pidfile, strerror(errno)); @@ -388,7 +395,7 @@ int main char *user = NULL, *log_file = NULL; struct passwd *pw; int opt, debug = 0, nofork = 0, address_family = IPADDR_UNSPEC; - int do_init_rtc = 0, restarted = 0, timeout = 0; + int do_init_rtc = 0, restarted = 0, client_only = 0, timeout = 0; int scfilter_level = 0, lock_memory = 0, sched_priority = 0; int clock_control = 1, system_log = 1; int config_args = 0; @@ -444,6 +451,8 @@ int main case 'Q': ref_mode = opt == 'q' ? REF_ModeUpdateOnce : REF_ModePrintOnce; nofork = 1; + client_only = 1; + clock_control = 0; system_log = 0; break; case 'r': @@ -473,9 +482,8 @@ int main } } - if (getuid() != 0) { + if (getuid() && !client_only) LOG_FATAL("Not superuser"); - } /* Turn into a daemon */ if (!nofork) { @@ -494,7 +502,7 @@ int main DNS_SetAddressFamily(address_family); - CNF_Initialise(restarted); + CNF_Initialise(restarted, client_only); /* Parse the config file or the remaining command line arguments */ config_args = argc - optind; @@ -548,8 +556,8 @@ int main /* Create all directories before dropping root */ CNF_CreateDirs(pw->pw_uid, pw->pw_gid); - /* Drop root privileges if the user has non-zero uid or gid */ - if (pw->pw_uid || pw->pw_gid) + /* Drop root privileges if the specified user has a non-zero UID */ + if (!geteuid() && (pw->pw_uid || pw->pw_gid)) SYS_DropRoot(pw->pw_uid, pw->pw_gid); REF_Initialise(); diff --git a/test/unit/clientlog.c b/test/unit/clientlog.c index 51f3c9d..515ad1a 100644 --- a/test/unit/clientlog.c +++ b/test/unit/clientlog.c @@ -33,7 +33,7 @@ test_unit(void) "cmdratelimit interval 3 burst 4 leak 3", }; - CNF_Initialise(0); + CNF_Initialise(0, 0); for (i = 0; i < sizeof conf / sizeof conf[0]; i++) CNF_ParseLine(NULL, i + 1, conf[i]); diff --git a/test/unit/keys.c b/test/unit/keys.c index 264285f..f8e01b2 100644 --- a/test/unit/keys.c +++ b/test/unit/keys.c @@ -90,7 +90,7 @@ test_unit(void) "keyfile "KEYFILE }; - CNF_Initialise(0); + CNF_Initialise(0, 0); for (i = 0; i < sizeof conf / sizeof conf[0]; i++) CNF_ParseLine(NULL, i + 1, conf[i]); diff --git a/test/unit/ntp_core.c b/test/unit/ntp_core.c index 34a0682..6dacd33 100644 --- a/test/unit/ntp_core.c +++ b/test/unit/ntp_core.c @@ -218,7 +218,7 @@ test_unit(void) CPS_NTP_Source source; NTP_Remote_Address remote_addr; - CNF_Initialise(0); + CNF_Initialise(0, 0); for (i = 0; i < sizeof conf / sizeof conf[0]; i++) CNF_ParseLine(NULL, i + 1, conf[i]); diff --git a/test/unit/ntp_sources.c b/test/unit/ntp_sources.c index f88d27a..ea8f19c 100644 --- a/test/unit/ntp_sources.c +++ b/test/unit/ntp_sources.c @@ -34,7 +34,7 @@ test_unit(void) memset(¶ms, 0, sizeof (params)); - CNF_Initialise(0); + CNF_Initialise(0, 0); CNF_ParseLine(NULL, 1, conf); LCL_Initialise(); diff --git a/test/unit/smooth.c b/test/unit/smooth.c index 772f07e..998a4d1 100644 --- a/test/unit/smooth.c +++ b/test/unit/smooth.c @@ -29,7 +29,7 @@ test_unit(void) double offset, freq, wander; char conf[] = "smoothtime 300 0.01"; - CNF_Initialise(0); + CNF_Initialise(0, 0); CNF_ParseLine(NULL, 1, conf); LCL_Initialise(); diff --git a/test/unit/sources.c b/test/unit/sources.c index c9f3324..4b1aa72 100644 --- a/test/unit/sources.c +++ b/test/unit/sources.c @@ -31,7 +31,7 @@ test_unit(void) double offset, delay, disp; struct timespec ts; - CNF_Initialise(0); + CNF_Initialise(0, 0); LCL_Initialise(); TST_RegisterDummyDrivers(); SCH_Initialise();