chrony: run the daemon as system user chrony

2016-11-25 17:51:29 +01:00 · 2016-11-25 17:51:29 +01:00 · 35af3bca43
commit 35af3bca43
parent 80678859ec
7 changed files with 34 additions and 9 deletions
--- a/chrony/.footprint
+++ b/chrony/.footprint
@ -17,8 +17,8 @@ drwxr-xr-x	root/root	usr/share/man/man8/
 -rw-r--r--	root/root	usr/share/man/man8/chronyd.8.gz
 drwxr-xr-x	root/root	var/
 drwxr-xr-x	root/root	var/lib/
-drwxr-xr-x	root/root	var/lib/chrony/
+drwxr-x---	chrony/chrony	var/lib/chrony/
 drwxr-xr-x	root/root	var/log/
-drwxr-xr-x	root/root	var/log/chrony/
+drwxr-x---	chrony/chrony	var/log/chrony/
 drwxr-xr-x	root/root	var/run/
-drwxr-x---	root/root	var/run/chrony/
+drwxr-x---	chrony/chrony	var/run/chrony/
--- a/chrony/.md5sum
+++ b/chrony/.md5sum
@ -1,2 +1,2 @@
 d08dd5a7d79a89891d119adcccb4397d  chrony-2.4.1.tar.gz
-4bdea4aea28853c7be54ffdb9f6b87a8  chronyd
+b34048039655b0eba564f10cca23e3ce  chronyd
--- a/chrony/Pkgfile
+++ b/chrony/Pkgfile
@ -5,19 +5,19 @@

 name=chrony
 version=2.4.1
-release=1
+release=2
 source=(http://download.tuxfamily.org/$name/$name-$version.tar.gz
        chronyd)

 build () {
    cd $name-$version

-    ./configure --prefix=/usr
+    ./configure --prefix=/usr --with-user=chrony
+
    make
    make DESTDIR=$PKG install

-    install -d $PKG/var/{lib,log}/chrony
-    install -d -m 0750 $PKG/var/run/chrony
+    install -d -o chrony -g chrony -m 0750 $PKG/var/{lib,log,run}/chrony
    install -D -m 0755 $SRC/chronyd $PKG/etc/rc.d/chronyd
    install examples/chrony.conf.example1 $PKG/etc/chrony.conf
 }
--- a/chrony/README
+++ b/chrony/README
@ -0,0 +1,15 @@
+README for chrony 2.4.x 
+
+REQUIREMENTS
+
+PRE-INSTALL
+   Run the included pre-install script to create a new
+   user/group chrony.
+
+PRECAUTION
+   As of version 2.4.1-2 chrony no longer runs as root 
+   but as a dedicated user/group chrony. 
+   Chown all files and directories created by chrony
+   to chrony:chrony or run the supplied post-install
+   script.
+
--- a/chrony/chronyd
+++ b/chrony/chronyd
@ -13,7 +13,7 @@ start)
 	$SSD --start --pidfile $PID --exec $PROG -- $OPTS
 	;;
 stop)
-	$SSD --stop --retry 10 --pidfile $PID
+	$SSD --stop --remove-pidfile --retry 10 --pidfile $PID
 	;;
 restart)
 	$0 stop
--- a/chrony/post-install
+++ b/chrony/post-install
@ -0,0 +1,4 @@
+#!/bin/sh
+
+chown -R chrony:chrony /var/lib/chrony /var/log/chrony
+
--- a/chrony/pre-install
+++ b/chrony/pre-install
@ -0,0 +1,6 @@
+#!/bin/sh
+
+getent group chrony || /usr/sbin/groupadd -g 55 chrony
+getent passwd chrony || /usr/sbin/useradd -g chrony -u 55 -d /var/lib/chrony -s /bin/false chrony
+/usr/bin/passwd -l chrony
+