17492 – /net-misc/ntp extended ntp.conf to include access restrictions

Bug 17492 - /net-misc/ntp extended ntp.conf to include access restrictions

Summary: /net-misc/ntp extended ntp.conf to include access restrictions

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Seemant Kulleen (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-03-14 06:02 UTC by Daniel Seyffer
Modified:	2003-07-23 18:08 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Suggestion for an updated ntp.conf template. (ntp.conf,1.54 KB, text/plain) 2003-03-14 06:04 UTC, Daniel Seyffer	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Seyffer 2003-03-14 06:02:19 UTC

Hello,

I just emerged ntp and found that the included config template is a bit
"minimalistic" as it does not include any access restrictions or hints to
configure them at all.

So please find attached a suggestion for an updated ntpd.conf template.

Thanks.
Daniel

PS: By the way...trivial but also check the einfo output of the ebuild - or is
this meant to stress "RTFM"? ;-)

--- Quote ---
[...]
 * Please run etc-update and then read all the comments
 * all the comments in /etc/ntp.conf and
[...]
--- /Quote ---


Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Daniel Seyffer 2003-03-14 06:04:07 UTC

Created attachment 9374 [details]
Suggestion for an updated ntp.conf template.

Diff:
*** /usr/share/ntp/ntp.conf	Fri Mar 14 11:43:12 2003
--- ntp.conf	Fri Mar 14 11:42:30 2003
***************
*** 19,21 ****
--- 19,53 ----
  # you should not need to modify the following paths
  logfile		/var/log/ntpd.log
  driftfile	/var/lib/misc/ntp.drift
+
+
+ # Warning: Using default NTP settings will leave your NTP
+ #	     server accessible to all hosts on the Internet.
+
+ #
+ # If you want to deny all machines from accessing
+ # your NTP server, uncomment:
+ #
+ #restrict default ignore
+
+
+ # To only deny other machines from changing the
+ # configuration but allow localhost uncomment:
+ #
+ #restrict default notrust nomodify
+ #restrict 127.0.0.1
+
+
+ # To allow machines within your network to synchronize
+ # their clocks with your server, but ensure they are
+ # not allowed to configure the server or used as peers
+ # to synchronize against, uncomment this line.
+ #
+ #restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
+
+
+ # To only deny other machines from changing the
+ # configuration but allow localhost uncomment:
+ #
+ #restrict default notrust nomodify
+ #restrict 127.0.0.1

Comment 2 Seemant Kulleen (RETIRED) gentoo-dev

2003-03-14 06:12:17 UTC

thanks daniel, will look into this

Comment 3 Daniel Seyffer 2003-03-14 06:34:11 UTC

Another but rather trivial suggestion that just came to my mind, would be to consider 
adding an example for setting a "prefer" statement to the server part of the 
configuration when using multiple servers, similar to: 
 
  #server ntplocal.example.com prefer 
  #server timeserver.example.org 
 
Thanks. :-)

Comment 4 Seemant Kulleen (RETIRED) gentoo-dev

2003-03-18 02:20:15 UTC

changed in portage, thanks Daniel

Comment 5 SpanKY gentoo-dev

2003-07-23 18:08:13 UTC

the extra einfo is a 'rtfm' msg simply because people were not doing so and were 
filing bugs/complaining on mailing lists + forums 
 
i added the einfo so as to quiet them ;)