= NTP = The download URL is http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/snapshots/ntp-stable/2006/02/ntp-stable-4.2.0a-20060224.tar.gz [[br]] == NTPD privsep == Installing ntpd to drop to non-root -[[BR]] If you have libacl and libattr installed, you can configure NTP with: {{{ --enable-linuxcaps }}} Then add an ntpd user: {{{ groupadd ntpd && useradd -c 'ntpd PrivSep' -d /var/lib/ntpd -g ntpd \ -s /bin/false ntpd && install -v -m710 -g ntpd -d /var/lib/ntpd }}} Install the blfs bootscript, and modify /etc/rc.d/init.d/ntp with this: {{{ loadproc /usr/sbin/ntpd --configfile=/etc/ntpd.conf \ --jaildir=/var/lib/ntpd --logfile=/var/log/ntpd.log \ --pidfile=/var/run/ntpd.pid --user=ntpd:ntpd \ --no-load-opts }}} To give the ntpd user minimal privileges create a tmpfs just big enough for the drift file: {{{ install -d -m 0000 /var/lib/ntpd/drift }}} And add this to /etc/fstab, and replace the gid with ntpd's group id: {{{ tmpfs /var/lib/ntpd/drift tmpfs size=9k,nosuid,noexec,nodev,mode=1770,gid=1003,nr_inodes=2,nr_blocks=2 0 0 }}} == Fixes if synchronisation fails following frequent suspend to RAM == On one of my machines, ntp had lost synchronisation. I initially blamed the tsc clocksource in a particular kernel version, and recommended changing it back to acpi_pm. === From the initial version of this section: === On one of my machines, in one kernel release, I lost synchronisation and the log showed: {{{ frequency error 1726 PPM exceeds tolerance 500 PPM }}} Google found a not-too-old link to redhat [​https://access.redhat.com/solutions/35640] which suggested checking the available drivers with {{{ cat /sys/devices/system/clocksource/clocksource0/available_clocksource }}} and assuming that acpi_pm is available, temporarily changing to it with {{{ echo acpi_pm >/sys/devices/system/clocksource/clocksource0/current_clocksource }}} and seeing if that helps. If useful, it can forced by adding {{{ clocksource=acpi_pm }}} to the bootargs in grub. === A better fix (sysvinit) === I forgot about the problem, until one day when I discovered that my desktop clock was 5 minutes slow. In the end, this appears to be related to frequent suspend to RAM, sometimes for a few days. In early versions of pm-utils (which is what I use for s2ram) there was a script to fix up ntpd - but that was removed long ago, in the belief that the clock would only drift for a maximum of 64 seconds realtime (not drift *by* 64 seconds!) and then ntpd would start to sync it. For systemd the preferred methods are apparently different. Anyway,I've now added the following script as /usr/lib/pm-utils/sleep.d/48ntpd (mode 755) and things seem to work - using 'ntpq -p' I can sometimes see offsets of several hundred milliseconds (and increasing!) even when the box has sync'd to my local server, but it seems to stay accurate to within a second, and eventually syncs to a few milliseconds. {{{ #!/bin/sh # stop ntpd on suspend, fix and start fresh on wakeup . "${PM_FUNCTIONS}" case $1 in suspend) /etc/rc.d/init.d/ntpd stop ;; resume) /usr/sbin/ntpd -gq /etc/rc.d/init.d/ntpd start *) exit 0 ;; esac exit 0 }}} == When the clock is too far away from the correct time == If ntpd bails out because the clock is too far from the correct time, try stopping ntpd, then use {{{ ntpd -gq }}} to let it sync, and then restart ntpd. According to the man page, -g can be used multiple times if the clock is far adrift. [wiki:BasicNetworkingPrograms Up][[br]] [wiki:BlfsNotes Top]