diff --git a/chrony.texi.in b/chrony.texi.in index fe08a01..15a94c8 100644 --- a/chrony.texi.in +++ b/chrony.texi.in @@ -1024,9 +1024,11 @@ the last modification of the drift file (specified by the @code{driftfile} directive) to restore the system time at which @code{chronyd} was previously stopped. @item -u -This option sets the name of the user to which will @code{chronyd} switch to -drop root privileges if compiled with Linux capabilities support (default -@code{@DEFAULT_USER@}). +This option sets the name of the system user to which @code{chronyd} will +switch after start in order to drop root privileges. It overrides the +@code{user} directive (default @code{@DEFAULT_USER@}). It may be set to a +non-root user only when @code{chronyd} is compiled with support for Linux +capabilities (libcap). @item -q When run in this mode, @code{chronyd} will set the system clock once and exit. It will not detach from the terminal. @@ -3200,10 +3202,10 @@ Valid measurements with corresponding compensations are logged to the @c {{{ user @node user directive @subsection user -The @code{user} directive sets the name of the user to which will -@code{chronyd} switch on initialisation to drop root privileges. -So far, it works only on Linux when compiled with capabilities support. -Setting the name to root will disable it. +The @code{user} directive sets the name of the system user to which +@code{chronyd} will switch after start in order to drop root privileges. +It may be set to a non-root user only when @code{chronyd} is compiled with +support for Linux capabilities (libcap). The default value is @code{@DEFAULT_USER@}. @c }}} diff --git a/chronyd.8.in b/chronyd.8.in index 91d9b7b..387ea21 100644 --- a/chronyd.8.in +++ b/chronyd.8.in @@ -103,9 +103,11 @@ directive) to restore the system time at which \fBchronyd\fR was previously stopped. .TP \fB\-u\fR \fIuser\fR -This option sets the name of the user to which will \fBchronyd\fR switch to -drop root privileges if compiled with Linux capabilities support (default -\fB@DEFAULT_USER@\fR). +This option sets the name of the system user to which \fBchronyd\fR will switch +after start in order to drop root privileges. It overrides the \fBuser\fR +directive (default \fB@DEFAULT_USER@\fR). It may be set to a non-root user +only when \fBchronyd\fR@ is compiled with support for Linux capabilities +(libcap). .TP .B \-q When run in this mode, chronyd will set the system clock once diff --git a/main.c b/main.c index 25f05dc..bd9b008 100644 --- a/main.c +++ b/main.c @@ -490,12 +490,12 @@ int main user = CNF_GetUser(); } - if (user && strcmp(user, "root")) { - if ((pw = getpwnam(user)) == NULL) - LOG_FATAL(LOGF_Main, "Could not get %s uid/gid", user); + if ((pw = getpwnam(user)) == NULL) + LOG_FATAL(LOGF_Main, "Could not get %s uid/gid", user); + /* Drop root privileges if the user has non-zero uid or gid */ + if (pw->pw_uid || pw->pw_gid) SYS_DropRoot(pw->pw_uid, pw->pw_gid); - } LOG_CreateLogFileDir();