Description of problem: The default "/etc/sysconfig/ntpd" file contains: ------------- # Drop root to id 'ntp:ntp' by default. OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid" ------------- The string "ntp:ntp" is uselessly overspecifying the user's group. Anything beyond the ":" is filtered away by RHES /etc/rc.d/init.d/ntpd script and the manpage of ntpd indicates that the ntpd daemon will drop to the user's primary group. Thus I suggest just writing ------------- # Drop root to id 'ntp' by default. OPTIONS="-u ntp -p /var/run/ntpd.pid" -------------
With "-u ntp" ntpd will change user ID, but not group ID. The man page needs to be fixed instead.
"The man page needs to be fixed instead." Indeed! I am somewhat amazed: # ps -o command,euid,egid,ruid,rgid 11632 COMMAND EUID EGID RUID RGID ntpd -u ntp -p / 38 0 38 0 Shouldn't this be, like, fixed as a security-related problem with the RH4.6 ntpd? I just looked for some additional details and found this: http://xforce.iss.net/xforce/xfdb/22035 AND THE SOLUTION IS! The manpage of ntpd delivered with RH ES4.6 is too old. The real manpage gives it away: http://www.eecis.udel.edu/~mills/ntp/html/ntpd.html -u user[:group] Specify a user, and optionally a group, to switch to. This option is only available if the OS supports to run the server without full root privileges. Currently, this option is supported under NetBSD (configure with --enable-clockctl) and Linux (configure with --enable-linuxcaps). So, if one changes the RH /etc/rc.d/init.d/ntpd script to NOT filter out the ":gid" in "-u uid:gid" and if one leaves "/etc/sysconfig/ntpd" file at the delivered default: ------------- # Drop root to id 'ntp:ntp' by default. OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid" ------------- THEN EVERYONE IS HAPPY: # ps -o command,euid,egid,ruid,rgid 12919 COMMAND EUID EGID RUID RGID ntpd -u ntp:ntp 38 38 38 38 Setting urgency to "high"...
Closing as duplicate of another bug that needs updating man pages from html. *** This bug has been marked as a duplicate of 426761 ***
Hi, Original Reporter here. This bug is actually not a duplicate of #426761. #426761 says "the man pages must be updated" This bug exposes a problem (rendered more confusing because the man pages are out of date) whereby the GID of the ntpd daemon is not dropped from "root" because: 1) The delivered ntpd.sysconfig contains "-u ntp:ntp" 2) The delivered ntpd.init erases the ":ntp" in that string in "readconf()", yielding "-u ntpd" 3) which means that ntpd runs with GID "root" as only -u ntpd:ntpd would drop the GID in additiona to the UID (This needs confirmation from an untouched RHES4.6 system; I do not have that on hand) Changing the title of the bug from "The "-u" option in "/etc/sysconfig/ntpd" contains useless group name" to "Default RH ntpd startup script makes ntpd not drop its root GID"
No, ntpd in default configuration with default init script drops root GID. The $dropstr variable containing "-U ntp" is used only for ntpdate which doesn't accept group specification, but changes GID to the primary group of the specified user.
Oh yes, I see. So there is no problem. This is all pretty confusing; needs more comments ;-)