famobr at yahoo.com.br
Thu May 16 17:49:40 PDT 2013
Em 16-05-2013 21:22, Bruce Dubbs escreveu:
> Fernando wrote:
>> I have built without libcap, erased "-u ntp:ntp" from the bootscript.
>> and it is running fine in SVN > 7.3 as in their older sisters.
>> Is it unsafe, or are there other reasons for the modification?
> I don't think building without libpcap is a problem.
> Running as root has a theoretical possibility of problems, but I've
> never heard of any practical issue. The ntp server may be queried
> and/or controlled by another system with some circumstances, but you
> have to read the (extensive) documentation to understand all the
> nuances. Generally I use the following configuration:
> restrict default nomodify nopeer noquery
> restrict 127.0.0.1
> server 0.us.pool.ntp.org
> server 1.us.pool.ntp.org
> server 2.us.pool.ntp.org
> server 3.us.pool.ntp.org
> driftfile /var/cache/ntp.drift
> pidfile /var/run/ntp.pid
> If you want to set up ntp to act as a server for other systems or set up
> a hierarchy of servers for local (or distributed) use, the security
> issues may get a little more more complicated.
No, it will not be used as server for time sync.
> Is there any particular reason you don't want to use the ntp user?
No, I will redo it. It was the latest thing done today, used old script
just changing versions, to build, did not notice libcap was required,
ntpd failed on boot, only then I saw the missed dependency. So I was
curious about the modification.
Tomorrow it will be the first thing to do, when I start again with that
machine. Your comment above about running as root was enough to consider
And will also change the configuration.
More information about the blfs-support