| Version 4 (modified by , 8 years ago) ( diff ) |
|---|
NTP ¶
The download URL is http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/snapshots/ntp-stable/2006/02/ntp-stable-4.2.0a-20060224.tar.gz
NTPD privsep ¶
Installing ntpd to drop to non-root -
If you have libacl and libattr installed, you can configure NTP with:
--enable-linuxcaps
Then add an ntpd user:
groupadd ntpd &&
useradd -c 'ntpd PrivSep' -d /var/lib/ntpd -g ntpd \
-s /bin/false ntpd &&
install -v -m710 -g ntpd -d /var/lib/ntpd
Install the blfs bootscript, and modify /etc/rc.d/init.d/ntp with this:
loadproc /usr/sbin/ntpd --configfile=/etc/ntpd.conf \
--jaildir=/var/lib/ntpd --logfile=/var/log/ntpd.log \
--pidfile=/var/run/ntpd.pid --user=ntpd:ntpd \
--no-load-opts
To give the ntpd user minimal privileges create a tmpfs just big enough for the drift file:
install -d -m 0000 /var/lib/ntpd/drift
And add this to /etc/fstab, and replace the gid with ntpd's group id:
tmpfs /var/lib/ntpd/drift tmpfs size=9k,nosuid,noexec,nodev,mode=1770,gid=1003,nr_inodes=2,nr_blocks=2 0 0
Fixes if synchronisation fails ¶
For a long time the default kernel clocksource has been tsc, but it used to be acpi_pm. On one of my machines, in one kernel release, I lost synchronisation and the log showed:
frequency error 1726 PPM exceeds tolerance 500 PPM
Google found a not-too-old link to redhat [https://access.redhat.com/solutions/35640] which suggested checking the available drivers with
cat /sys/devices/system/clocksource/clocksource0/available_clocksource
and assuming that acpi_pm is available, temporarily changing to it with
echo acpi_pm >/sys/devices/system/clocksource/clocksource0/current_clocksource
and seeing if that helps. If useful, it can forced by adding
clocksource=acpi_pm
to the bootargs in grub.
When the clock is too far away from the correct time ¶
If ntpd bails out because the clock is too far from the correct time, try stopping ntpd, using
ntpd -gq
to let it sync, and then restarting ntpd. According to the man page, -g can be used multiple times if the clock is far adrift.
