Changes between Version 2 and Version 3 of ntp


Ignore:
Timestamp:
02/06/2009 11:51:18 PM (15 years ago)
Author:
robert@…
Comment:

ntpd privsep

Legend:

Unmodified
Added
Removed
Modified

  • ntp

    v2 v3  
    22The download URL is http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/snapshots/ntp-stable/2006/02/ntp-stable-4.2.0a-20060224.tar.gz
    33[[br]]
     4
     5
     6== NTPD privsep ==
     7Installing ntpd to drop to non-root -[[BR]]
     8
     9If you have libacl and libattr installed, you can configure NTP with:
     10
     11{{{
     12--enable-linuxcaps
     13}}}
     14
     15Then add an ntpd user:
     16
     17
     18{{{
     19groupadd ntpd &&
     20useradd -c 'ntpd PrivSep' -d /var/lib/ntpd -g ntpd \
     21    -s /bin/false ntpd &&
     22install -v -m710 -g ntpd -d /var/lib/ntpd
     23}}}
     24
     25Install the blfs bootscript, and modify /etc/rc.d/init.d/ntp with this:
     26
     27
     28{{{
     29loadproc /usr/sbin/ntpd --configfile=/etc/ntpd.conf \
     30                   --jaildir=/var/lib/ntpd --logfile=/var/log/ntpd.log \
     31                   --pidfile=/var/run/ntpd.pid --user=ntpd:ntpd \
     32                   --no-load-opts
     33}}}
     34
     35To give the ntpd user minimal privileges create a tmpfs just big enough for the drift file:
     36
     37{{{
     38install -d -m 0000 /var/lib/ntpd/drift
     39}}}
     40
     41And add this to /etc/fstab, and replace the gid with ntpd's group id:
     42
     43{{{
     44tmpfs /var/lib/ntpd/drift tmpfs size=9k,nosuid,noexec,nodev,mode=1770,gid=1003,nr_inodes=2,nr_blocks=2 0 0
     45}}}
     46
    447[wiki:BasicNetworkingPrograms Up][[br]]
    548[wiki:BlfsNotes Top]
     49