Re: git: 1a241a911dc8 - stable/14 - ntpd: Use the ntpd -u option in preference to the rc su plumbing

In reply to: Tomoaki AOKI : "Re: git: 1a241a911dc8 - stable/14 - ntpd: Use the ntpd -u option in preference to the rc su plumbing"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Fri, 28 Feb 2025 16:22:56 UTC

In message <20250228185324.df32beaa550475b0832e1ca0@dec.sakura.ne.jp>, 
Tomoaki
AOKI writes:
> Hi.
>
> Unfortunately, this commit caused ntpd hesitating to (re)start
> with error messages below on stable/14, amd64.
>
>      ===== Quote =====
> # service ntpd stop
> Stopping ntpd.
> Waiting for PIDS: 52508.
> # service ntpd start
> Starting ntpd.
> daemon control: got EOF
> /etc/rc.d/ntpd: WARNING: failed to start ntpd
> # 
>      ===== End quote =====
>
> Note that I have
>   ntpd_flags="-4 -g -x -f /var/db/ntpd.drift -l /var/log/ntpd.log"
>   ntpd_config="/etc/ntp/ntp.conf"
>   ntpd_enable="YES"
>   ntpd_sync_on_start="YES"
>   daily_ntpd_leapfile_enable="YES"
>   ntp_leapfile_fetch_verbose="YES"
> in my /etc/rc.conf.
>
> And the high PID value above is because this output is obtained after
> several attempts of stopping and starting.
>
> Regards.
>
>
> > The branch stable/14 has been updated by cy:
> > 
> > URL:
> https://cgit.FreeBSD.org/src/commit/?id=1a241a911dc8635c3803f1a6620e1ab4692f6
> ecf
> > 
> > commit 1a241a911dc8635c3803f1a6620e1ab4692f6ecf
> > Author:     Cy Schubert <cy@FreeBSD.org>
> > AuthorDate: 2024-12-12 20:03:09 +0000
> > Commit:     Cy Schubert <cy@FreeBSD.org>
> > CommitDate: 2025-02-25 00:37:46 +0000
> > 
> >     ntpd: Use the ntpd -u option in preference to the rc su plumbing
> >     
> >     Using the rc plumbing to setuid(2) is preferred as it allows the
> user
> >     to use the -i option in ntpd_flags to chroot ntpd.
> >     
> >     Chrooting ntpd by default will be a 2025 project.
> >     
> >     Reviewed by:            markj
> >     Differential Revision:  https://reviews.freebsd.org/D48191
> >     
> >     (cherry picked from commit 521f66715afb312b356afafc68cbc044a436a753)
> > ---
> >  libexec/rc/rc.d/ntpd | 9 +++++++--
> >  1 file changed, 7 insertions(+), 2 deletions(-)
> > 
> > diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd
> > index 76d83149ae1a..36df4ae08c96 100755
> > --- a/libexec/rc/rc.d/ntpd
> > +++ b/libexec/rc/rc.d/ntpd
> > @@ -98,7 +98,6 @@ ntpd_precmd()
> >  	# by the admin, we don't add the option.  If the file exists
> in the old
> > 	# default location we use that, else we use the new default
> location.
> >  	if can_run_nonroot; then
> > -		_user="ntpd"
> >  		driftopt="-f ${_ntp_default_driftfile}"
> >  	elif grep -q "^[ \t]*driftfile" "${ntpd_config}" ||
> >  	     [ -n "${rc_flags}" ] &&
> > @@ -112,7 +111,13 @@ ntpd_precmd()
> >  	fi
> >  
> >  	# Set command_args based on the various config vars.
> > -	command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt}"
> > +	command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt} -u $
> {ntpd_user:=ntpd:ntpd}"
> > +
> > +	# Unset ntpd_user because rc.subr uses $${name}_user to
> determine
> > +	# whether to invoke su(1) to setuid() to $ntpd_user for us. We
> want
> > +	# ntpd to do the setuid() itself through the -u argument,
> above.
> > +	unset ntpd_user
> > +
> >  	if checkyesno ntpd_sync_on_start; then
> >  		command_args="${command_args} -g"
> >  	fi
>
> -- 
> Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>


This looks like it's related to,

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284863, which is upstream
https://bugs.ntp.org/show_bug.cgi?id=3967. It's a regression in 4.2.8p18.
-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e^(i*pi)+1=0