freebsd-nq/usr.sbin
Ian Lepore 3496c981ac Make it possible to run ntpd as a non-root user, add ntpd uid and gid.
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.

This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.

Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.

Differential Revision:	https://reviews.freebsd.org/D16281
2018-07-19 23:55:29 +00:00
..
ac
accton
acpi acpidump(8): Add ACPI LPIT (Low Power Idle Table) 2018-07-11 01:37:01 +00:00
adduser
amd
ancontrol
apm
apmd
arp
audit
auditd
auditdistd
auditreduce
authpf
autofs
bhyve Improve bhyve exit(3) error code. 2018-07-11 03:23:09 +00:00
bhyvectl
bhyveload
binmiscctl
blacklistctl
blacklistd
bluetooth
boot0cfg
bootparamd
bsdconfig
bsdinstall
bsnmpd
btxld
camdd
cdcontrol
chkgrp
chown
chroot
ckdist
clear_locks
config config(8): Invert checks; envmode/hintmode reflect "env provided"1 2018-07-17 15:16:34 +00:00
cpucontrol Use the existing MSR_BIOS_SIGN on AMD. 2018-07-13 20:56:20 +00:00
crashinfo
cron
crunch
ctladm
ctld
ctm
cxgbetool
daemon
dconschat
devctl
devinfo
diskinfo
dumpcis
editmap
edquota
eeprom
efibootmgr
efidp
efivar
etcupdate
extattr
extattrctl
fdcontrol
fdformat
fdread
fdwrite
fifolog
flowctl
fmtree
freebsd-update
fstyp Use capsicum helpers in fstype and ctld. 2018-07-15 17:21:19 +00:00
ftp-proxy
fwcontrol
getfmac
getpmac
gpioctl
gssd
gstat
hyperv
i2c
ifmcstat
inetd
iostat
iovctl
ip6addrctl
ipfwpcap
iscsid
jail
jexec
jls
kbdcontrol
kbdmap
keyserv
kgmon
kgzip
kldxref Use EF_SEG_READ_STRING instead of EF_SEG_READ when reading strings. 2018-07-15 05:29:39 +00:00
lastlogin
lpr
lptcontrol
mailstats
mailwrapper
makefs
makemap
manctl
memcontrol
mergemaster
mfiutil
mixer
mld6query
mlx5tool
mlxcontrol
mount_smbfs
mountd
moused
mpsutil
mptable
mptutil
mtest
nandsim
nandtool
ndiscvt
ndp
newsyslog newsyslog.8: Remove cutesy nonsense 2018-07-19 16:03:20 +00:00
nfscbd
nfsd Update the pnfs(4) man page. 2018-07-10 22:53:07 +00:00
nfsdumpstate
nfsrevoke
nfsuserd
ngctl
nghook
nmtree
nologin
nscd
ntp Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 2018-07-19 23:55:29 +00:00
nvram
ofwdump
pc-sysinstall
pciconf
periodic
pkg
pmc
pmcannotate
pmccontrol
pmcstat
pmcstudy
pnfsdscopymr
pnfsdsfile
pnfsdskill Document the "-f" option added to pnfsdskill(8) by r336176. 2018-07-10 18:44:44 +00:00
pnpinfo
portsnap
powerd
ppp
pppctl
praliases
praudit
prometheus_sysctl_exporter
pstat
pw
pwd_mkdb
quot
quotaon
rarpd
repquota
rip6query
rmt
route6d
rpc.lockd
rpc.statd
rpc.umntall
rpc.yppasswdd
rpc.ypupdated
rpc.ypxfrd
rpcbind
rrenumd
rtadvctl
rtadvd
rtprio
rtsold
rwhod
sa
sendmail
service
services_mkdb
sesutil
setfib
setfmac
setpmac
smbmsg
snapinfo
spi
spkrtest
spray
syslogd Allow the use of slashes in process names of RFC 3164 formatted messages. 2018-07-07 11:53:39 +00:00
sysrc sysrc(8): Send error message to stderr (not stdout) 2018-07-16 18:53:17 +00:00
tcpdchk
tcpdmatch
tcpdrop Use uintptr_t alone when assigning to kvaddr_t variables. 2018-07-10 13:03:06 +00:00
tcpdump
tests
timed
traceroute
traceroute6
trpt
tzsetup
uathload
uefisign Use capsicum helpers in fstype and ctld. 2018-07-15 17:21:19 +00:00
ugidfw
uhsoctl
unbound
usbconfig
usbdump
utx
vidcontrol
vigr
vipw
wake
watch
watchdogd
wlandebug
wpa MFV r324714: 2018-07-11 18:53:18 +00:00
yp_mkdb
ypbind
ypldap
yppoll
yppush
ypserv
ypset
zic
zonectl
zzz
Makefile
Makefile.amd64
Makefile.arm
Makefile.arm64
Makefile.i386
Makefile.inc
Makefile.mips
Makefile.powerpc
Makefile.sparc64