Also adds configuration to run as user ntp to the configuration file. I tested it locally in a vagrant debian/jessie virtual machine and it worked.
There are other things that might useful such as updating some documentation. I may also not have done things exactly right - not being a developer but please let me know and I can submit another patch. Andrew
diff --git a/chrony-1.30/debian/changelog b/chrony-1.30/debian/changelog index 5ecef0f..a188d33 100644 --- a/chrony-1.30/debian/changelog +++ b/chrony-1.30/debian/changelog @@ -1,3 +1,10 @@ +chrony (1.30-2amw1) UNRELEASED; urgency=medium + + * Support user configuration option (Closes: #688971) + - Causes daemon to drop root priviledges and run as user ntp + + -- Andrew Worsley <andrew.worsley> <[email protected]> Sat, 15 Aug 2015 20:58:56 +1000 + chrony (1.30-2) unstable; urgency=medium * With the following security bugfixes (Closes: #782160): diff --git a/chrony-1.30/debian/chrony.conf b/chrony-1.30/debian/chrony.conf index e8d9200..6ef0798 100644 --- a/chrony-1.30/debian/chrony.conf +++ b/chrony-1.30/debian/chrony.conf @@ -22,6 +22,8 @@ server 1.debian.pool.ntp.org offline minpoll 8 server 2.debian.pool.ntp.org offline minpoll 8 server 3.debian.pool.ntp.org offline minpoll 8 +# Drop root priviledges and run as ntp +user ntp # Look here for the admin password needed for chronyc. The initial # password is generated by a random process at install time. You may diff --git a/chrony-1.30/debian/control b/chrony-1.30/debian/control index 81df18c..c2f2627 100644 --- a/chrony-1.30/debian/control +++ b/chrony-1.30/debian/control @@ -21,7 +21,8 @@ Depends: ${misc:Depends}, ucf, timelimit, install-info, net-tools, - lsb-base + lsb-base, + adduser (>= 3.11) Recommends: udev (>= 0.124-1) Conflicts: time-daemon, ntp Provides: time-daemon diff --git a/chrony-1.30/debian/postinst b/chrony-1.30/debian/postinst index bb13102..119f427 100644 --- a/chrony-1.30/debian/postinst +++ b/chrony-1.30/debian/postinst @@ -10,6 +10,14 @@ set -e case "$1" in configure) + if [ -z "`id -u ntp 2> /dev/null`" ]; then + echo -n "Adding system user ntp" + adduser --system --group --no-create-home --gecos "chrony ntp daemon" \ + --no-create-home --disabled-password --quiet ntp || true + else + echo -n "Using existing user ntp" + fi + cp /usr/share/chrony/chrony.conf /etc/chrony/chrony.conf.new MAILUTC="" TZONE=""
