author | Brian Utterback <brian.utterback@oracle.com> |
Thu, 13 Apr 2017 17:10:44 -0700 | |
changeset 7955 | e2e23e69f5e7 |
parent 5962 | cb383b2a2d0a |
permissions | -rw-r--r-- |
5962
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
1 |
This works around the limitation of requiring root as the user. This has |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
2 |
been reported to the community as NTP bug 2422 "Allow ntpd to be started as |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
3 |
non-root if appropriate POSIX capabilities are set" which although reported |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
4 |
as Linux specific, is being used to track the Solaris issue as well. |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
5 |
|
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
6 |
This particular solution is not being passed to the community as a solution |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
7 |
because it is specific to Solaris and to our specific use of SMF and is not |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
8 |
really suitable as a general solution. |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
9 |
|
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
10 |
--- ntpd/ntpd.c |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
11 |
+++ ntpd/ntpd.c |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
12 |
@@ -620,12 +620,14 @@ ntpdmain( |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
13 |
|
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
14 |
/* MPE lacks the concept of root */ |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
15 |
# if defined(HAVE_GETUID) && !defined(MPE) |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
16 |
- uid = getuid(); |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
17 |
- if (uid && !HAVE_OPT( SAVECONFIGQUIT )) { |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
18 |
- msyslog_term = TRUE; |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
19 |
- msyslog(LOG_ERR, |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
20 |
- "must be run as root, not uid %ld", (long)uid); |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
21 |
- exit(1); |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
22 |
+ if (!getenv("SMF_FMRI")) { |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
23 |
+ uid = getuid(); |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
24 |
+ if (uid && !HAVE_OPT( SAVECONFIGQUIT )) { |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
25 |
+ msyslog_term = TRUE; |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
26 |
+ msyslog(LOG_ERR, |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
27 |
+ "must be run as root, not uid %ld", (long)uid); |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
28 |
+ exit(1); |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
29 |
+ } |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
30 |
} |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
31 |
# endif |
cb383b2a2d0a
16834879 ntpd should run as non root user/group and use Extended Policy
Brian Utterback <brian.utterback@oracle.com>
parents:
diff
changeset
|
32 |