3496c981ac
Code analysis and runtime analysis using truss(8) indicate that the only privileged operations performed by ntpd are adjusting system time, and (re-)binding to privileged UDP port 123. These changes add a new mac(4) policy module, mac_ntpd(4), which grants just those privileges to any process running with uid 123. This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes them the owner of the /var/db/ntp directory, so that it can be used as a location where the non-privileged daemon can write files such as the driftfile, and any optional logfile or stats files. Because there are so many ways to configure ntpd, the question of how to configure it to run without root privs can be a bit complex, so that will be addressed in a separate commit. These changes are just what's required to grant the limited subset of privs to ntpd, and the small change to ntpd to prevent it from exiting with an error if running as non-root. Differential Revision: https://reviews.freebsd.org/D16281
29 lines
1.7 KiB
Plaintext
29 lines
1.7 KiB
Plaintext
# $FreeBSD$
|
|
#
|
|
root::0:0::0:0:Charlie &:/root:/bin/csh
|
|
toor:*:0:0::0:0:Bourne-again Superuser:/root:
|
|
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
|
|
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
|
|
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
|
|
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
|
|
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
|
|
games:*:7:13::0:0:Games pseudo-user:/:/usr/sbin/nologin
|
|
news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
|
|
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
|
|
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
|
|
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
|
|
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
|
|
bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
|
|
unbound:*:59:59::0:0:Unbound DNS Resolver:/var/unbound:/usr/sbin/nologin
|
|
proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
|
|
_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
|
|
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
|
|
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
|
|
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
|
|
auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
|
|
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
|
|
ntpd:*:123:123::0:0:NTP Daemon:/var/db/ntp:/usr/sbin/nologin
|
|
_ypldap:*:160:160::0:0:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin
|
|
hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin
|
|
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
|