faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

main: always call getpwnam()

Browse source 
Don't hardcode root as the user with zero uid/gid.
This commit is contained in:
Miroslav Lichvar 2015-08-10 16:24:45 +02:00
parent 6402350c83
commit e7100e106d
3 changed files with 18 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
chrony.texi.in
View file

@ -1024,9 +1024,11 @@ the last modification of the drift file (specified by the @code{driftfile}
directive) to restore the system time at which @code{chronyd} was previously directive) to restore the system time at which @code{chronyd} was previously
stopped. stopped.
@item -u <user> @item -u <user>
This option sets the name of the user to which will @code{chronyd} switch to This option sets the name of the system user to which @code{chronyd} will
drop root privileges if compiled with Linux capabilities support (default switch after start in order to drop root privileges. It overrides the
@code{@DEFAULT_USER@}). @code{user} directive (default @code{@DEFAULT_USER@}). It may be set to a
non-root user only when @code{chronyd} is compiled with support for Linux
capabilities (libcap).
@item -q @item -q
When run in this mode, @code{chronyd} will set the system clock once When run in this mode, @code{chronyd} will set the system clock once
and exit. It will not detach from the terminal. and exit. It will not detach from the terminal.
@ -3200,10 +3202,10 @@ Valid measurements with corresponding compensations are logged to the
@c {{{ user @c {{{ user
@node user directive @node user directive
@subsection user @subsection user
The @code{user} directive sets the name of the user to which will The @code{user} directive sets the name of the system user to which
@code{chronyd} switch on initialisation to drop root privileges. @code{chronyd} will switch after start in order to drop root privileges.
So far, it works only on Linux when compiled with capabilities support. It may be set to a non-root user only when @code{chronyd} is compiled with
Setting the name to root will disable it. support for Linux capabilities (libcap).
The default value is @code{@DEFAULT_USER@}. The default value is @code{@DEFAULT_USER@}.
@c }}} @c }}}

8
chronyd.8.in
View file

@ -103,9 +103,11 @@ directive) to restore the system time at which \fBchronyd\fR was previously
stopped. stopped.
.TP .TP
\fB\-u\fR \fIuser\fR \fB\-u\fR \fIuser\fR
This option sets the name of the user to which will \fBchronyd\fR switch to This option sets the name of the system user to which \fBchronyd\fR will switch
drop root privileges if compiled with Linux capabilities support (default after start in order to drop root privileges. It overrides the \fBuser\fR
\fB@DEFAULT_USER@\fR). directive (default \fB@DEFAULT_USER@\fR). It may be set to a non-root user
only when \fBchronyd\fR@ is compiled with support for Linux capabilities
(libcap).
.TP .TP
.B \-q .B \-q
When run in this mode, chronyd will set the system clock once When run in this mode, chronyd will set the system clock once

8
main.c
View file

@ -490,12 +490,12 @@ int main
user = CNF_GetUser(); user = CNF_GetUser();
} }
if (user && strcmp(user, "root")) { if ((pw = getpwnam(user)) == NULL)
if ((pw = getpwnam(user)) == NULL) LOG_FATAL(LOGF_Main, "Could not get %s uid/gid", user);
LOG_FATAL(LOGF_Main, "Could not get %s uid/gid", user);
/* Drop root privileges if the user has non-zero uid or gid */
if (pw->pw_uid || pw->pw_gid)
SYS_DropRoot(pw->pw_uid, pw->pw_gid); SYS_DropRoot(pw->pw_uid, pw->pw_gid);
}
LOG_CreateLogFileDir(); LOG_CreateLogFileDir();