= NTP =
The download URL is http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/snapshots/ntp-stable/2006/02/ntp-stable-4.2.0a-20060224.tar.gz
[[br]]


== NTPD privsep ==
Installing ntpd to drop to non-root -[[BR]]

If you have libacl and libattr installed, you can configure NTP with:

{{{
--enable-linuxcaps
}}}

Then add an ntpd user:


{{{
groupadd ntpd &&
useradd -c 'ntpd PrivSep' -d /var/lib/ntpd -g ntpd \
    -s /bin/false ntpd &&
install -v -m710 -g ntpd -d /var/lib/ntpd
}}}

Install the blfs bootscript, and modify /etc/rc.d/init.d/ntp with this:


{{{
loadproc /usr/sbin/ntpd --configfile=/etc/ntpd.conf \
                   --jaildir=/var/lib/ntpd --logfile=/var/log/ntpd.log \
                   --pidfile=/var/run/ntpd.pid --user=ntpd:ntpd \
                   --no-load-opts
}}}

To give the ntpd user minimal privileges create a tmpfs just big enough for the drift file:

{{{
install -d -m 0000 /var/lib/ntpd/drift
}}}

And add this to /etc/fstab, and replace the gid with ntpd's group id:

{{{
tmpfs /var/lib/ntpd/drift tmpfs size=9k,nosuid,noexec,nodev,mode=1770,gid=1003,nr_inodes=2,nr_blocks=2 0 0
}}}

[wiki:BasicNetworkingPrograms Up][[br]]
[wiki:BlfsNotes Top]