Fincer
/
openntpd-portable
mirror of https://github.com/Fincer/openntpd-portable
1
0
Fork 0
Code Issues 0 Projects 0 Releases 10 Wiki Activity
Browse Source

re-add the configurable --with-privsep-path install-time sanity check 

While this still doesn't affect the behavior of the daemon, the
configuration option can at least be set to check the correct privsep
directory for permissions. Revisit in 5.8 as a possible extension to the
runtime check instead to remove the 'knob'.
OPENBSD_5_7
Brent Cook 10 years ago
parent
7933741802
commit
70ed567131
2 changed files with 16 additions and 6 deletions
Unified View
  1. +9
    -5
      INSTALL
  2. +7
    -1
      configure.ac

+ 9
- 5
INSTALL View File

@ -64,8 +64,8 @@ On most Linux and BSD systems, something like should work:
chmod 0755 /var/empty chmod 0755 /var/empty
/var/empty here is a chroot directory used by ntpd for privilege separation of /var/empty here is a chroot directory used by ntpd for privilege separation of
the DNS and NTP processes. This directory should be completely empty, owned by the DNS and NTP processes. This directory should not contain any files, must be
root, and must not be group or world-writable. owned by root, and must not be group or world-writable.
NOTE: NOTE:
If you installed a previous OpenNTPD release and created a /var/empty/ntp If you installed a previous OpenNTPD release and created a /var/empty/ntp
@ -90,13 +90,17 @@ As of OS X 10.10, something like this should work similarly
dseditgroup -o create _ntp dseditgroup -o create _ntp
dscl . append /Groups/_ntp GroupMembership _ntp dscl . append /Groups/_ntp GroupMembership _ntp
There are few options to the configure script in addition to the ones There are a few options to the configure script in addition to the ones
provided by autoconf itself: provided by autoconf itself:
--with-privsep-user=[user] --with-privsep-user=[user]
Specify unprivileged user used for privilege separation. The default Specify unprivileged user used for privilege separation. The default
is "_ntp". The home directory of this user will be used for privilege is "_ntp".
separation. --with-privsep-path=path
ntpd will always use the home directory of the privsep user
to chroot to, but specifying this parameter will change the
post-installation checks and instructions to match the specified path.
--with-cacert=[path] --with-cacert=[path]
Specify the CA certificate location for HTTPS constraint validation. Specify the CA certificate location for HTTPS constraint validation.


+ 7
- 1
configure.ac View File

@ -230,7 +230,13 @@ AC_ARG_WITH(cacert,
) )
AC_SUBST(CONSTRAINT_CA) AC_SUBST(CONSTRAINT_CA)
PRIVSEP_PATH=/var/empty AC_ARG_WITH(privsep-path,
[ --with-privsep-path=path Specify privilege separation chroot path],
[ AC_DEFINE_UNQUOTED(NTPD_CHROOT_DIR, "$withval",
[Privilege separation chroot path])
PRIVSEP_PATH=$withval ],
[ PRIVSEP_PATH=/var/empty ]
)
AC_SUBST(PRIVSEP_PATH) AC_SUBST(PRIVSEP_PATH)
AC_CONFIG_FILES([ AC_CONFIG_FILES([


Write Preview
|||||||
|||||||
xxxxxxxxxx
 
000:0
x
 
000:0
Loading…
Cancel
Save