[Linuxptp-devel] [PATCH RFC 2/4] ptp4l: Add support for dropping root privileges

Fri, 10 Aug 2018 07:38:15 -0700 

If a username is specified with the user option, switch to the user
between opening the PHC and opening the ports.

Signed-off-by: Miroslav Lichvar <mlich...@redhat.com>
---
 clock.c  | 5 +++++
 config.c | 1 +
 ptp4l.8  | 7 +++++++
 3 files changed, 13 insertions(+)

diff --git a/clock.c b/clock.c
index faf2dea..5990b12 100644
--- a/clock.c
+++ b/clock.c
@@ -1111,6 +1111,11 @@ struct clock *clock_create(enum clock_type type, struct 
config *config,
                return NULL;
        }
 
+       /* Drop the root privileges before opening the ports. */
+       if (drop_root_privileges(config_get_string(config, NULL, "user"))) {
+               return NULL;
+       }
+
        /* Create the UDS interface. */
        c->uds_port = port_open(phc_index, timestamping, 0, udsif, c);
        if (!c->uds_port) {
diff --git a/config.c b/config.c
index 7914ba4..dcd4510 100644
--- a/config.c
+++ b/config.c
@@ -270,6 +270,7 @@ struct config_item config_tab[] = {
        PORT_ITEM_INT("unicast_master_table", 0, 0, INT_MAX),
        PORT_ITEM_INT("unicast_req_duration", 3600, 10, INT_MAX),
        GLOB_ITEM_INT("use_syslog", 1, 0, 1),
+       GLOB_ITEM_STR("user", ""),
        GLOB_ITEM_STR("userDescription", ""),
        GLOB_ITEM_INT("utc_offset", CURRENT_UTC_OFFSET, 0, INT_MAX),
        GLOB_ITEM_INT("verbose", 0, 0, 1),
diff --git a/ptp4l.8 b/ptp4l.8
index 10c5c2f..8ec1b1b 100644
--- a/ptp4l.8
+++ b/ptp4l.8
@@ -661,6 +661,13 @@ The time source is a single byte code that gives an idea 
of the kind
 of local clock in use. The value is purely informational, having no
 effect on the outcome of the Best Master Clock algorithm, and is
 advertised when the clock becomes grand master.
+.TP
+.B user
+The name of the user to which should
+.B ptp4l
+switch in order to drop the root privileges. By default,
+.B ptp4l
+will keep the identity of the user under which it is started.
 
 .SH UNICAST DISCOVERY OPTIONS
 
-- 
2.17.1


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linuxptp-devel mailing list
Linuxptp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel

Reply via email to