[blfs-support] ntp-4.2.6p5

Fernando famobr at yahoo.com.br
Thu May 16 17:49:40 PDT 2013


Em 16-05-2013 21:22, Bruce Dubbs escreveu:
> Fernando wrote:
>> I have built without libcap, erased "-u ntp:ntp" from the bootscript.
>> and it is running fine in SVN > 7.3 as in their older sisters.
>>
>> Is it unsafe, or are there other reasons for the modification?
> 
> I don't think building without libpcap is a problem.
> 
> Running as root has a theoretical possibility of problems, but I've 
> never heard of any practical issue.  The ntp server may be queried 
> and/or controlled by another system with some circumstances, but you 
> have to read the (extensive) documentation to understand all the 
> nuances.  Generally I use the following configuration:
> 
> 
> restrict default   nomodify nopeer noquery
> restrict 127.0.0.1
> 
> server 0.us.pool.ntp.org
> server 1.us.pool.ntp.org
> server 2.us.pool.ntp.org
> server 3.us.pool.ntp.org
> 
> driftfile /var/cache/ntp.drift
> pidfile   /var/run/ntp.pid
> 
> If you want to set up ntp to act as a server for other systems or set up 
> a hierarchy of servers for local (or distributed) use, the security 
> issues may get a little more more complicated.

Thanks, Bruce,

No, it will not be used as server for time sync.

> 
> Is there any particular reason you don't want to use the ntp user?


No, I will redo it. It was the latest thing done today, used old script
just changing versions, to build, did not notice libcap was required,
ntpd failed on boot, only then I saw the missed dependency. So I was
curious about the modification.

Tomorrow it will be the first thing to do, when I start again with that
machine. Your comment above about running as root was enough to consider
rebuilding.

And will also change the configuration.

Thanks, again.


-- 
[]s,
Fernando



More information about the blfs-support mailing list