d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d11f4dfd21
freebsd-dev/etc/rc.d
History
Ian Lepore d11f4dfd21 Automatically run ntpd as non-root when possible. 
Ntpd needs only a subset of full root privileges to do its job. Specifically
it needs the ability to manipulate system time, and to re-bind to a
privileged UDP port after interface changes. The mac_ntpd(4) policy module
(see r336525) can grant these privs.

These changes detect the availability of mac_ntpd(4). If enabled, and if the
ntpd configuration is fairly vanilla, it automatically runs ntpd as the
non-root user 'ntpd' (uid 123). "Vanilla" means the config doesn't include
command line or ntp.conf options changing the location of files or using any
files/dirs likely to be inaccessible to user ntpd.  Ntpd can still run as
non-root when using such options, but the admin must ensure all required
files and dirs are accessible, and then set ntpd_user=ntpd in rc.conf.

Note that these changes also address PR 199127 by using the command_args
technique suggested in the patch. They also tangentially address PR 113552,
which is primarily about inconsistent filenames in documentation, but some
of the inconsistancy was caused by old code in rc.d/ntpd which is leftover
from the intial import from netbsd. There was code to do chroot setup which
required the use of the netbsd clockctl(4) device; that code never had any
effect on freebsd, because we lack that device and don't build ntpd with the
options that would allow using it.

PR:		113552 199127
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D16050
2018-07-20 13:59:29 +00:00
..
abi Remove SVR4 (System V Release 4) binary compatibility support. 2017-02-28 05:14:42 +00:00
accounting - Don't log messages saying that accounting is being disabled and enabled 2012-05-02 14:25:39 +00:00
addswap - Add vnode-backed swap space specification support. This is enabled when 2013-06-27 18:28:45 +00:00
adjkerntz Get rid of the postrandom script. It was born in a time when the 2014-11-02 01:47:27 +00:00
amd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
apm - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
apmd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
archdep
auditd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
auditdistd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
automount Make autofs(5) rc scripts run earlier, matching those for amd(8). 2017-11-04 15:52:16 +00:00
automountd Make autofs(5) rc scripts run earlier, matching those for amd(8). 2017-11-04 15:52:16 +00:00
autounmountd Make autofs(5) rc scripts run earlier, matching those for amd(8). 2017-11-04 15:52:16 +00:00
bgfsck - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
blacklistd Add basic blacklist build support 2016-06-02 19:06:04 +00:00
bluetooth bluetooth: Default to discoverable off 2017-11-01 18:58:54 +00:00
bootparams - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
bridge - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
bsnmpd Allow rtadvd and bsnmpd to run in vnet jails 2017-07-03 20:36:58 +00:00
bthidd bthidd(8): Add evdev protocol support for bluetooth keyboards and mouses 2018-04-30 12:16:54 +00:00
ccd Fix typo (forgotten "=" after desc). 2016-04-24 12:07:44 +00:00
cfumass Make the cfumass rc script support USB template 10. 2018-05-27 10:48:21 +00:00
cleanvar Refactor cleanvar to remove shell expansion vulnerability 2018-02-06 21:35:41 +00:00
cleartmp - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
cron - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ctld - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
DAEMON
ddb Fix ddb rc script 2018-04-19 15:02:53 +00:00
defaultroute Allow more services to run in vnet jails 2017-07-08 09:28:31 +00:00
devd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
devfs - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
devmatch devmatch: Address some rc nits 2018-06-14 16:09:29 +00:00
dhclient Allow more services to run in vnet jails 2017-07-08 09:28:31 +00:00
dmesg - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
dumpon Add support for compressed kernel dumps. 2017-10-25 00:51:00 +00:00
FILESYSTEMS Make FILESYSTEMS, dumpon, and var not depend on zfs and zvol 2016-05-15 04:38:50 +00:00
fsck Modify rc.d/fsck to handle new status from fsck/fsck_ffs 2018-03-15 18:29:56 +00:00
ftp-proxy - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ftpd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
gbde - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
geli geli attach multiple providers 2018-06-26 18:07:16 +00:00
geli2 Fix duplicate "name" variable that sneaked in with the rc description commit. 2016-04-24 19:25:11 +00:00
gptboot Prepare for the removal of set_rcvar() by changing the rcvar= 2012-01-14 02:18:41 +00:00
growfs growfs: Commit the changes after expanding the partition 2017-11-27 15:39:11 +00:00
gssd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
hastd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
hcsecd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
hostapd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
hostid Remove "All rights reserved" from my files. 2018-05-10 06:41:08 +00:00
hostid_save Make hostid_save depend on hostid 2016-05-15 06:00:13 +00:00
hostname Don't warn when the "hostname" rc variable is unset, but the hostname 2018-03-10 20:13:07 +00:00
inetd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
iovctl Use correct flag in iovctl_start(). 2015-06-27 18:01:50 +00:00
ip6addrctl Allow more services to run in vnet jails 2017-07-08 09:28:31 +00:00
ipfilter - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ipfs - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ipfw ipfw: fix status if ipfw.ko is not loaded 2018-06-07 13:16:53 +00:00
ipfw_netflow ipfw_netflow: Add support for FIB 2017-07-18 14:02:02 +00:00
ipmon - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ipnat - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ipropd_master Restructure rc.d scripts for kerberos5 daemons: 2014-08-29 07:51:47 +00:00
ipropd_slave Fix a typo; master server for iprop service should be singular. 2014-09-16 05:45:38 +00:00
ipsec Allow ipsec to run in vnet jails 2017-07-05 20:00:58 +00:00
iscsictl - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
iscsid - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
jail rc.d/jail: avoid misinterpreting expr arguments 2018-02-28 17:20:10 +00:00
kadmind - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
kdc Make SERVERS REQUIRE clean when MK_KERBEROS==no 2016-04-30 09:50:08 +00:00
keyserv - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
kfd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
kld - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
kldxref Make /etc/rc.d/kldxref not print anything for directories that don't 2018-05-11 14:43:21 +00:00
kpasswdd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ldconfig Add soft float abi caching form armv7, it would allow people with old 2017-12-22 01:46:25 +00:00
local - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
local_unbound Rename all Unbound binaries and man pages from unbound* to local-unbound*. 2018-05-12 17:10:36 +00:00
localpkg - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
lockd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
LOGIN Unbreak rcorder when MK_UTX == no by moving utx from REQUIRE: in LOGIN to 2015-02-13 20:52:23 +00:00
lpd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
Makefile Add cfumass rc script, to create a LUN for cfumass(4). 2018-04-21 14:56:41 +00:00
mdconfig - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
mdconfig2 - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
mixer - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
motd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
mountcritlocal Refactor the root mount hold code and add the wait to etc/rc.d/fsck. 2016-05-10 08:44:44 +00:00
mountcritremote Fix circular dependency created after r287197 between ldconfig and mountcritremote 2016-05-30 19:59:51 +00:00
mountd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
mountlate - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
moused - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
msgs - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
natd Allow more services to run in vnet jails 2017-07-08 09:28:31 +00:00
netif Make netif REQUIRE hostid 2016-05-29 02:59:03 +00:00
netoptions - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
netwait - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
NETWORKING Fix broken dependency with routed when MK_ROUTED != no 2016-05-15 05:45:54 +00:00
newsyslog - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
nfscbd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
nfsclient - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
nfsd Add "mountcritremote" to the REQUIRE line for nfsd. 2018-06-22 20:58:51 +00:00
nfsuserd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
nisdomain - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
nscd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
nsswitch - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ntpd Automatically run ntpd as non-root when possible. 2018-07-20 13:59:29 +00:00
ntpdate Follow r311103: add "pool" to the keywords that rc.d/ntpdate examines to 2017-01-11 00:14:47 +00:00
opensm Add svn:executable property 2011-04-25 05:57:01 +00:00
othermta Since r275359, there is no need to provide a bogus service name. 2015-10-26 15:16:27 +00:00
pf pf: Return non-zero from 'status' if pf is not enabled 2018-06-06 19:36:37 +00:00
pflog Allow more services to run in vnet jails 2017-07-08 09:28:31 +00:00
pfsync Allow more services to run in vnet jails 2017-07-08 09:28:31 +00:00
power_profile - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
powerd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ppp - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
pppoed - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
pwcheck - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
quota - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
random Tighten /entropy permissions. 2017-05-27 06:24:06 +00:00
rarpd Allow more services to run in vnet jails 2017-07-08 09:28:31 +00:00
rctl - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
resolv Fix resolv to run when it should and not when it should not.. 2018-02-13 16:07:39 +00:00
rfcomm_pppd_server - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
root - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
route6d Allow more services to run in vnet jails 2017-07-08 09:28:31 +00:00
routed Allow more services to run in vnet jails 2017-07-08 09:28:31 +00:00
routing Silence sysctl in startup scripts. 2017-05-03 08:10:03 +00:00
rpcbind - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
rtadvd Allow rtadvd and bsnmpd to run in vnet jails 2017-07-03 20:36:58 +00:00
rtsold Allow more services to run in vnet jails 2017-07-08 09:28:31 +00:00
rwho - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
savecore crashinfo: add "batch" mode and use it during boot 2017-06-01 21:23:04 +00:00
sdpd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
securelevel - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
sendmail Only create /var/log/sendmail.st if start sendmail. 2018-06-06 01:51:05 +00:00
serial
SERVERS Make SERVERS REQUIRE clean when MK_KERBEROS==no 2016-04-30 09:50:08 +00:00
sppp - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
sshd Remove the ability to generate long since useless SSH1 RSA keys. 2018-05-12 08:23:17 +00:00
statd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
static_arp Remove "All rights reserved" from my files. 2018-05-10 06:41:08 +00:00
static_ndp Remove "All rights reserved" from my files. 2018-05-10 06:41:08 +00:00
stf - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
swap - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
swaplate swapoff: Remove only late devices with -aL. 2016-10-21 21:55:50 +00:00
syscons Remove pc98 support completely. 2017-01-28 02:22:15 +00:00
sysctl - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
syslogd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
timed - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
tmp - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ubthidhci Prepare for the removal of set_rcvar() by changing the rcvar= 2012-01-14 02:18:41 +00:00
ugidfw - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
utx - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
var Make FILESYSTEMS, dumpon, and var not depend on zfs and zvol 2016-05-15 04:38:50 +00:00
virecover - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
watchdogd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
wpa_supplicant - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ypbind - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ypldap Add rc.d script for ypldap(8). 2016-06-06 03:55:00 +00:00
yppasswdd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ypserv - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ypset - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
ypupdated Fix various issues with the NFS and RPC related scripts: 2012-02-14 10:51:24 +00:00
ypxfrd - Add descriptions to most of the rc scripts. Those are mostly taken from their 2016-04-23 16:10:54 +00:00
zfs rc.d/zfsbe: a new script designed for boot environment support 2016-10-13 06:19:54 +00:00
zfsbe rc.d/zfsbe: a new script designed for boot environment support 2016-10-13 06:19:54 +00:00
zfsd zfsd(8), the ZFS fault management daemon 2016-05-28 17:43:40 +00:00
zvol Make FILESYSTEMS, dumpon, and var not depend on zfs and zvol 2016-05-15 04:38:50 +00:00