faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

main: don't require root privileges with -Q option

Browse source 
If the -Q option is specified, disable by default pidfile, ntpport,
cmdport, Unix domain command socket, and clock control, in order to
allow starting chronyd without root privileges and/or when another
chronyd instance is already running.
This commit is contained in:
Miroslav Lichvar 2017-07-12 18:38:44 +02:00
parent 9983185d6d
commit 778fce4039
10 changed files with 34 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
conf.c
View file

@ -323,7 +323,7 @@ check_number_of_args(char *line, int num)
/* ================================================== */ /* ================================================== */
void void
CNF_Initialise(int r) CNF_Initialise(int r, int client_only)
{ {
restarted = r; restarted = r;
@ -339,11 +339,18 @@ CNF_Initialise(int r)
dumpdir = Strdup(""); dumpdir = Strdup("");
logdir = Strdup(""); logdir = Strdup("");
bind_cmd_path = Strdup(DEFAULT_COMMAND_SOCKET);
pidfile = Strdup(DEFAULT_PID_FILE);
rtc_device = Strdup(DEFAULT_RTC_DEVICE); rtc_device = Strdup(DEFAULT_RTC_DEVICE);
hwclock_file = Strdup(DEFAULT_HWCLOCK_FILE); hwclock_file = Strdup(DEFAULT_HWCLOCK_FILE);
user = Strdup(DEFAULT_USER); user = Strdup(DEFAULT_USER);
if (client_only) {
cmd_port = ntp_port = 0;
bind_cmd_path = Strdup("");
pidfile = Strdup("");
} else {
bind_cmd_path = Strdup(DEFAULT_COMMAND_SOCKET);
pidfile = Strdup(DEFAULT_PID_FILE);
}
} }
/* ================================================== */ /* ================================================== */

2
conf.h
View file

@ -31,7 +31,7 @@
#include "addressing.h" #include "addressing.h"
#include "reference.h" #include "reference.h"
extern void CNF_Initialise(int restarted); extern void CNF_Initialise(int restarted, int client_only);
extern void CNF_Finalise(void); extern void CNF_Finalise(void);
extern char *CNF_GetRtcDevice(void); extern char *CNF_GetRtcDevice(void);

5
doc/chronyd.adoc
View file

@ -75,8 +75,9 @@ When run in this mode, *chronyd* will set the system clock once and exit. It
will not detach from the terminal. will not detach from the terminal.
*-Q*:: *-Q*::
This option is similar to *-q*, but it will only print the offset without any This option is similar to the *-q* option, except it only prints the offset
corrections of the clock. without making any corrections of the clock and it allows *chronyd* to be
started without root privileges.
*-r*:: *-r*::
This option will try to reload and then delete files containing sample This option will try to reload and then delete files containing sample

20
main.c
View file

@ -86,6 +86,10 @@ static void
delete_pidfile(void) delete_pidfile(void)
{ {
const char *pidfile = CNF_GetPidFile(); const char *pidfile = CNF_GetPidFile();
if (!pidfile[0])
return;
/* Don't care if this fails, there's not a lot we can do */ /* Don't care if this fails, there's not a lot we can do */
unlink(pidfile); unlink(pidfile);
} }
@ -274,6 +278,9 @@ write_pidfile(void)
const char *pidfile = CNF_GetPidFile(); const char *pidfile = CNF_GetPidFile();
FILE *out; FILE *out;
if (!pidfile[0])
return;
out = fopen(pidfile, "w"); out = fopen(pidfile, "w");
if (!out) { if (!out) {
LOG_FATAL("Could not open %s : %s", pidfile, strerror(errno)); LOG_FATAL("Could not open %s : %s", pidfile, strerror(errno));
@ -388,7 +395,7 @@ int main
char *user = NULL, *log_file = NULL; char *user = NULL, *log_file = NULL;
struct passwd *pw; struct passwd *pw;
int opt, debug = 0, nofork = 0, address_family = IPADDR_UNSPEC; int opt, debug = 0, nofork = 0, address_family = IPADDR_UNSPEC;
int do_init_rtc = 0, restarted = 0, timeout = 0; int do_init_rtc = 0, restarted = 0, client_only = 0, timeout = 0;
int scfilter_level = 0, lock_memory = 0, sched_priority = 0; int scfilter_level = 0, lock_memory = 0, sched_priority = 0;
int clock_control = 1, system_log = 1; int clock_control = 1, system_log = 1;
int config_args = 0; int config_args = 0;
@ -444,6 +451,8 @@ int main
case 'Q': case 'Q':
ref_mode = opt == 'q' ? REF_ModeUpdateOnce : REF_ModePrintOnce; ref_mode = opt == 'q' ? REF_ModeUpdateOnce : REF_ModePrintOnce;
nofork = 1; nofork = 1;
client_only = 1;
clock_control = 0;
system_log = 0; system_log = 0;
break; break;
case 'r': case 'r':
@ -473,9 +482,8 @@ int main
} }
} }
if (getuid() != 0) { if (getuid() && !client_only)
LOG_FATAL("Not superuser"); LOG_FATAL("Not superuser");
}
/* Turn into a daemon */ /* Turn into a daemon */
if (!nofork) { if (!nofork) {
@ -494,7 +502,7 @@ int main
DNS_SetAddressFamily(address_family); DNS_SetAddressFamily(address_family);
CNF_Initialise(restarted); CNF_Initialise(restarted, client_only);
/* Parse the config file or the remaining command line arguments */ /* Parse the config file or the remaining command line arguments */
config_args = argc - optind; config_args = argc - optind;
@ -548,8 +556,8 @@ int main
/* Create all directories before dropping root */ /* Create all directories before dropping root */
CNF_CreateDirs(pw->pw_uid, pw->pw_gid); CNF_CreateDirs(pw->pw_uid, pw->pw_gid);
/* Drop root privileges if the user has non-zero uid or gid */ /* Drop root privileges if the specified user has a non-zero UID */
if (pw->pw_uid || pw->pw_gid) if (!geteuid() && (pw->pw_uid || pw->pw_gid))
SYS_DropRoot(pw->pw_uid, pw->pw_gid); SYS_DropRoot(pw->pw_uid, pw->pw_gid);
REF_Initialise(); REF_Initialise();

2
test/unit/clientlog.c
View file

@ -33,7 +33,7 @@ test_unit(void)
"cmdratelimit interval 3 burst 4 leak 3", "cmdratelimit interval 3 burst 4 leak 3",
}; };
CNF_Initialise(0); CNF_Initialise(0, 0);
for (i = 0; i < sizeof conf / sizeof conf[0]; i++) for (i = 0; i < sizeof conf / sizeof conf[0]; i++)
CNF_ParseLine(NULL, i + 1, conf[i]); CNF_ParseLine(NULL, i + 1, conf[i]);

2
test/unit/keys.c
View file

@ -90,7 +90,7 @@ test_unit(void)
"keyfile "KEYFILE "keyfile "KEYFILE
}; };
CNF_Initialise(0); CNF_Initialise(0, 0);
for (i = 0; i < sizeof conf / sizeof conf[0]; i++) for (i = 0; i < sizeof conf / sizeof conf[0]; i++)
CNF_ParseLine(NULL, i + 1, conf[i]); CNF_ParseLine(NULL, i + 1, conf[i]);

2
test/unit/ntp_core.c
View file

@ -218,7 +218,7 @@ test_unit(void)
CPS_NTP_Source source; CPS_NTP_Source source;
NTP_Remote_Address remote_addr; NTP_Remote_Address remote_addr;
CNF_Initialise(0); CNF_Initialise(0, 0);
for (i = 0; i < sizeof conf / sizeof conf[0]; i++) for (i = 0; i < sizeof conf / sizeof conf[0]; i++)
CNF_ParseLine(NULL, i + 1, conf[i]); CNF_ParseLine(NULL, i + 1, conf[i]);

2
test/unit/ntp_sources.c
View file

@ -34,7 +34,7 @@ test_unit(void)
memset(&params, 0, sizeof (params)); memset(&params, 0, sizeof (params));
CNF_Initialise(0); CNF_Initialise(0, 0);
CNF_ParseLine(NULL, 1, conf); CNF_ParseLine(NULL, 1, conf);
LCL_Initialise(); LCL_Initialise();

2
test/unit/smooth.c
View file

@ -29,7 +29,7 @@ test_unit(void)
double offset, freq, wander; double offset, freq, wander;
char conf[] = "smoothtime 300 0.01"; char conf[] = "smoothtime 300 0.01";
CNF_Initialise(0); CNF_Initialise(0, 0);
CNF_ParseLine(NULL, 1, conf); CNF_ParseLine(NULL, 1, conf);
LCL_Initialise(); LCL_Initialise();

2
test/unit/sources.c
View file

@ -31,7 +31,7 @@ test_unit(void)
double offset, delay, disp; double offset, delay, disp;
struct timespec ts; struct timespec ts;
CNF_Initialise(0); CNF_Initialise(0, 0);
LCL_Initialise(); LCL_Initialise();
TST_RegisterDummyDrivers(); TST_RegisterDummyDrivers();
SCH_Initialise(); SCH_Initialise();