Add user directive for dropping root privileges

This is equivalent to the -u option.

chrony.texi

@@ -1219,6 +1219,7 @@ directives can occur in any order in the file.
 * stratumweight directive::     Specify how important is stratum when selecting source
 * lock_all directive::          Require that chronyd be locked into RAM. 
 * tempcomp directive::          Specify temperature sensor and compensation coefficients
+* user directive::              Specify user for dropping root privileges
 
 @end menu
 @c }}}
@@ -2882,6 +2883,15 @@ every 30 seconds.  When the temperature is 26 degress (26000), the system clock
 frequency will not be adjusted.  When it is 27 degrees (27000), the clock will
 be set to run 0.183ppm faster than it would be without the compensation, etc.
 
+@c }}}
+@c {{{ user
+@node user directive
+@subsection user
+The @code{user} directive sets the name of the user to which will
+@code{chronyd} drop root privileges after the initialisation. So far, it works
+only on Linux when compiled with capabilities support.
+
+By default, root privileges are not dropped.
 @c }}}
 @c }}}
 @c {{{ S:Running chronyc

conf.c

@@ -113,6 +113,7 @@ static void parse_lockall(const char *);
 static void parse_tempcomp(const char *);
 static void parse_include(const char *);
 static void parse_leapsectz(const char *);
+static void parse_user(const char *);
 
 /* ================================================== */
 /* Configuration variables */
@@ -229,6 +230,9 @@ static int lock_memory = 0;
 /* Name of a system timezone containing leap seconds occuring at midnight */
 static char *leapsec_tz = NULL;
 
+/* Name of the user to which will be dropped root privileges. */
+static char *user = NULL;
+
 /* ================================================== */
 
 typedef struct {
@@ -284,6 +288,7 @@ static const Command commands[] = {
   {"leapsectz", 9, parse_leapsectz},
   {"linux_hz", 8, parse_linux_hz},
   {"linux_freq_scale", 16, parse_linux_freq_scale},
+  {"user", 4, parse_user},
   {"sched_priority", 14, parse_sched_priority},
   {"lock_all", 8, parse_lockall}
 };
@@ -1343,6 +1348,16 @@ parse_linux_freq_scale(const char *line)
 
 /* ================================================== */
 
+static void
+parse_user(const char *line)
+{
+  /* This must allocate enough space! */
+  user = MallocArray(char, 1 + strlen(line));
+  sscanf(line, "%s", user);
+}
+
+/* ================================================== */
+
 void
 CNF_ProcessInitStepSlew(void (*after_hook)(void *), void *anything)
 {
@@ -1797,3 +1812,10 @@ CNF_GetTempComp(char **file, double *interval, double *T0, double *k0, double *k
   *k2 = tempcomp_k2;
 }
 
+/* ================================================== */
+
+char *
+CNF_GetUser(void)
+{
+  return user;
+}

conf.h

@@ -92,4 +92,6 @@ extern int CNF_GetLockMemory(void);
 
 extern void CNF_GetTempComp(char **file, double *interval, double *T0, double *k0, double *k1, double *k2);
 
+extern char *CNF_GetUser(void);
+
 #endif /* GOT_CONF_H */

main.c

@@ -394,6 +394,9 @@ int main
     SYS_LockMemory();
   }
 
+  if (!user) {
+    user = CNF_GetUser();
+  }
   if (user) {
     SYS_DropRoot(user);
   }