freebsd-skq/contrib/ntp
Ian Lepore 3496c981ac Make it possible to run ntpd as a non-root user, add ntpd uid and gid.
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.

This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.

Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.

Differential Revision:	https://reviews.freebsd.org/D16281
2018-07-19 23:55:29 +00:00
..
adjtimed MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
clockstuff MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
conf
html MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
include MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
kernel MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
lib/isc MFV r315791: ntp 4.2.8p10. 2017-03-23 22:06:06 +00:00
libjsmn
libntp MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
libparse MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
ntpd Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 2018-07-19 23:55:29 +00:00
ntpdate MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
ntpdc MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
ntpq MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
ntpsnmpd MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
parseutil MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
scripts MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
sntp MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
util MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
aclocal.m4 MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
bincheck.mf
bootstrap
build
ChangeLog MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
check-libopts.mf
CommitLog MFV r315791: ntp 4.2.8p10. 2017-03-23 22:06:06 +00:00
CommitLog-4.1.0
config.h.in MFV r315791: ntp 4.2.8p10. 2017-03-23 22:06:06 +00:00
configure MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
configure.ac MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
COPYRIGHT MFV r315791: ntp 4.2.8p10. 2017-03-23 22:06:06 +00:00
deps-ver
depsver.mf
dot.emacs
flock-build
includes.mf
INSTALL
Makefile.am MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
Makefile.in MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
NEWS MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
NOTES.y2kfixes
packageinfo.sh MFV r330102: ntp 4.2.8p11 2018-02-28 07:59:55 +00:00
README
README.bk
README.hackers
README.leapsmear
README.patches
README.pullrequests MFV r298691: 2016-04-27 07:46:38 +00:00
README.refclocks
README.versions
readme.y2kfixes
results.y2kfixes
TODO
WHERE-TO-START

Submit patches, bug reports, and enhancement requests via

			http://bugs.ntp.org

		  The ntp Distribution Base Directory

This directory and its subdirectories contain the Network Time Protocol
Version 4 (NTP) distribution for Unix and Windows/NT systems.  This release
may still work on VxWorks, too.

The contents of the base directory are given in this file. The contents of
subdirectories are given in the README files in each subdirectory.

A complete explanation of the configure, compile and install process, as
well as setting up an NTP subnet, is in the HTML pages in the ./html/
directory. For more information on NTP and how to get a working setup,
read WHERE-TO-START.

For Windows/NT, visit html/build/hints/winnt.html .

The base directory ./ contains the autoconfiguration files, source
directories and related stuff:

COPYRIGHT	Excerpt from the HTML file ./html/copyright.html. This file
		specifies copyright conditions, together with a list of
		major authors and electric addresses.

INSTALL		Generic installation instructions for autoconf-based programs.
		Unless you really know what you are doing, you should read the
		directions in the HTML pages, starting with ./html/index.html.

NEWS		What's new in this release.

README		This file.

README.bk	Instructions for folks who use the BitKeeper-repository
		version of NTP.

README.hackers	Notes to folks who want to hack on the code.

TODO            List of items the NTP developers are working on.

WHERE-TO-START	Hints on what to read in order to get a working
		configuration.

Makefile.am	Automake file configuration file. Edit only if you have the
		GNU automake and autoconf utilities installed.

Makefile.in	Autoconf make file template for Unix.

adjtimed        Directory containing the sources for the adjtime daemon
		for HP/UX systems prior to HP-UX 10.0.

authstuff       Directory containing sources for miscellaneous programs
		to test, calibrate and certify the cryptographic
		mechanisms for DES and MD5 based authentication. These
		programs do not include the cryptographic routines
		themselves, so are free of U.S. export restrictions.

build		A script to build the distribution in A.`config.guess`
		subdirectory (more or less).

clockstuff	Directory containing sources for miscellaneous programs
		to test certain auxiliary programs used with some kernel
		configurations, together with a program to calculate
		propagation delays for use with radio clocks and
		national time dissemination services such as WWV/WWVH,
		WWVB and CHU.

conf            Directory containing a motley collection of
		configuration files for various systems. For example only.

config.guess	Script used to identify the machine architecture and
		operating system.

config.h.in	Configuration file generated automatically from
		configure.in. Do not edit.

configure	Script used to configure the distribution. See the HTML pages
		(./html/index.html) for a complete description of the options
		available.

configure.in	Master configuration template. Edit only if you have the
		GNU automake and autoconf utilities installed.

dot.emacs	C-mode indentation rules for code "Just the way Dave likes it".

flock_build	(UDel only) Build the distribution on a number of
		different platforms.

html            Directory containing a complete set of documentation on
		building and configuring a NTP server or client. The
		documentation is in the form of HTML files suitable for
		browsing and contains links to additional documentation
		at various web sites. If a browser is unavailable, an
		ordinary text editor can be used.

include		Directory containing include header files used by most
		programs in the distribution.

install-sh	Script to install a program, script or data file.

kernel		Directory containing sources for kernel programs such as
		line disciplines and STREAMS modules used with the CHU
		decoder and precision PPS signals.

libntp		Directory containing library source code used by most
		programs in the distribution.

ntpdate		Directory containing sources for a program to set the
		local machine time from one or more remote machines
		running NTP.  Operates like rdate, but much more accurate.

ntpq            Directory containing sources for a utility program to
		query local and remote NTP peers for state variables and
		related timekeeping information. This program conforms
		to Appendix A of the NTP Version 3 Specification RFC 1305.

ntptrace        Directory containing sources for a utility program that
		can be used to reveal the chain of NTP peers from a
		designated peer to the primary server at the root of the
		timekeeping subnet.

parse		Directory containing files belonging to the generic
		parse reference clock driver. For reasonably simple
		clocks it is possible to get away with about 3-4Kb of
		code. additionally the SunOS 4.x/Solaris 5.3 streams
		module for parse squats here.

patches		Directory containing patches already applied to this
		distribution. These are included for record and to help
		in possible porting problems.

scripts		Directory containing scripts to build the configuration
		files in this directory and then the makefiles used in
		various dependent directories. the subdirectories
		monitoring and support hold various perl and shell
		scripts for visualizing synchronization and daemon startup.

stamp.h.in	Configuration file generated automatically from configure.in.
		Do not edit.

util            Directory containing sources for various utility and
		testing programs.

David L. Mills (mills@udel.edu)
21 June 1998