accurate statistics for the difference between the real time clock and
system clock last time the computer was on.
@item -u <user>
-When this option is used, chronyd will drop root privileges to the specified
-user. So far, it works only on Linux when compiled with capabilities support.
+This option sets the name of the user to which will @code{chronyd} switch to
+drop root privileges if compiled with Linux capabilities support (default
+@code{@DEFAULT_USER@}).
@item -q
When run in this mode, @code{chronyd} will set the system clock once
and exit. It will not detach from the terminal.
@node user directive
@subsection user
The @code{user} directive sets the name of the user to which will
-@code{chronyd} drop root privileges after the initialisation. So far, it works
-only on Linux when compiled with capabilities support.
+@code{chronyd} switch on initialisation to drop root privileges.
+So far, it works only on Linux when compiled with capabilities support.
+Setting the name to root will disable it.
-By default, root privileges are not dropped.
+The default value is @code{@DEFAULT_USER@}.
@c }}}
@c }}}
@c {{{ S:Running chronyc
computer was on.
.TP
\fB\-u\fR \fIuser\fR
-When this option is used, chronyd will drop root privileges to the specified
-user. So far, it works only on Linux when compiled with capabilities support.
+This option sets the name of the user to which will \fBchronyd\fR switch to
+drop root privileges if compiled with Linux capabilities support (default
+\fB@DEFAULT_USER@\fR).
.TP
.B \-q
When run in this mode, chronyd will set the system clock once
static char *leapsec_tz = NULL;
/* Name of the user to which will be dropped root privileges. */
-static char *user = NULL;
+static char *user = DEFAULT_USER;
typedef struct {
NTP_Source_Type type;
--disable-rtc Don't include RTC even on Linux
--disable-linuxcaps Disable Linux capabilities support
--disable-forcednsretry Don't retry on permanent DNS error
+ --with-user=USER Specify default chronyd user [root]
--with-sendmail=PATH Path to sendmail binary [/usr/lib/sendmail]
--enable-debug Enable debugging support
try_setsched=0
try_lockmem=0
feat_forcednsretry=1
+default_user="root"
mail_program="/usr/lib/sendmail"
for option
--disable-forcednsretry)
feat_forcednsretry=0
;;
+ --with-user=* )
+ default_user=`echo $option | sed -e 's/^.*=//;'`
+ ;;
--with-sendmail=* )
mail_program=`echo $option | sed -e 's/^.*=//;'`
;;
add_def DEBUG $debug
add_def DEFAULT_CONF_FILE "\"$SYSCONFDIR/chrony.conf\""
+add_def DEFAULT_USER "\"$default_user\""
add_def MAIL_PROGRAM "\"$mail_program\""
if [ -f version.txt ]; then
s%@MANDIR@%${MANDIR}%;\
s%@INFODIR@%${INFODIR}%;\
s%@LOCALSTATEDIR@%${LOCALSTATEDIR}%;\
- s%@CHRONYVARDIR@%${CHRONYVARDIR}%;"\
+ s%@CHRONYVARDIR@%${CHRONYVARDIR}%;\
+ s%@DEFAULT_USER@%${default_user}%;"\
< ${f}.in > $f
done
if (!user) {
user = CNF_GetUser();
}
- if (user) {
+ if (user && strcmp(user, "root")) {
SYS_DropRoot(user);
}
projects / thirdparty / chrony.git / commitdiff
