main: always call getpwnam()

Don't hardcode root as the user with zero uid/gid.

diff --git a/chrony.texi.in b/chrony.texi.in
index fe08a01cd710791dc41b14de8638809919694c6d..15a94c85b547bb9b735ed4570f1f567608076b01 100644 (file)
--- a/chrony.texi.in
+++ b/chrony.texi.in
@@ -1024,9 +1024,11 @@ the last modification of the drift file (specified by the @code{driftfile}
 directive) to restore the system time at which @code{chronyd} was previously
 stopped.
 @item -u <user>
-This option sets the name of the user to which will @code{chronyd} switch to
-drop root privileges if compiled with Linux capabilities support (default
-@code{@DEFAULT_USER@}).
+This option sets the name of the system user to which @code{chronyd} will
+switch after start in order to drop root privileges.  It overrides the
+@code{user} directive (default @code{@DEFAULT_USER@}).  It may be set to a
+non-root user only when @code{chronyd} is compiled with support for Linux
+capabilities (libcap).
 @item -q
 When run in this mode, @code{chronyd} will set the system clock once
 and exit.  It will not detach from the terminal.
@@ -3200,10 +3202,10 @@ Valid measurements with corresponding compensations are logged to the
 @c {{{ user
 @node user directive
 @subsection user
-The @code{user} directive sets the name of the user to which will
-@code{chronyd} switch on initialisation to drop root privileges.
-So far, it works only on Linux when compiled with capabilities support.
-Setting the name to root will disable it.
+The @code{user} directive sets the name of the system user to which
+@code{chronyd} will switch after start in order to drop root privileges.
+It may be set to a non-root user only when @code{chronyd} is compiled with
+support for Linux capabilities (libcap).
 
 The default value is @code{@DEFAULT_USER@}.
 @c }}}

diff --git a/chronyd.8.in b/chronyd.8.in
index 91d9b7bfbee80002a10f1b110d21d8325cebcb75..387ea21be175a66bfcc812ed316ffbe21058faad 100644 (file)
--- a/chronyd.8.in
+++ b/chronyd.8.in
@@ -103,9 +103,11 @@ directive) to restore the system time at which \fBchronyd\fR was previously
 stopped.
 .TP
 \fB\-u\fR \fIuser\fR
-This option sets the name of the user to which will \fBchronyd\fR switch to
-drop root privileges if compiled with Linux capabilities support (default
-\fB@DEFAULT_USER@\fR).
+This option sets the name of the system user to which \fBchronyd\fR will switch
+after start in order to drop root privileges.  It overrides the \fBuser\fR
+directive (default \fB@DEFAULT_USER@\fR).  It may be set to a non-root user
+only when \fBchronyd\fR@ is compiled with support for Linux capabilities
+(libcap).
 .TP
 .B \-q
 When run in this mode, chronyd will set the system clock once

diff --git a/main.c b/main.c
index 25f05dc6c547a8e0635bcf0447d671fb27e4099d..bd9b0081a3785845731523f70b49778b245369c5 100644 (file)
--- a/main.c
+++ b/main.c
@@ -490,12 +490,12 @@ int main
     user = CNF_GetUser();
   }
 
-  if (user && strcmp(user, "root")) {
-    if ((pw = getpwnam(user)) == NULL)
-      LOG_FATAL(LOGF_Main, "Could not get %s uid/gid", user);
+  if ((pw = getpwnam(user)) == NULL)
+    LOG_FATAL(LOGF_Main, "Could not get %s uid/gid", user);
 
+  /* Drop root privileges if the user has non-zero uid or gid */
+  if (pw->pw_uid || pw->pw_gid)
     SYS_DropRoot(pw->pw_uid, pw->pw_gid);
-  }
 
   LOG_CreateLogFileDir();