Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
currently net-misc/ntp-4.1.1b-r5 runs as root after it is installed. the ebuild should create a user and group called ntp (maybe uid/gid 123 since ntp runs on port 123?). in /etc/conf.d/ntpd NTPD_OPTS="-U ntp" should be set. gentoo currently does this for bind and sshd, and possibly others. also, /etc/ntp/ should be created and owned by ntp/ntp. then /usr/share/ntp/ntp.conf should be copied to /etc/ntp.conf but modified so the drift file is stored in /etc/ntp/drift.
Due to NTP's functionality (setting the system clock), it cannot be run as a normal user. Nor does the -U option you suggested exist for ntpd.
turns out that this feature is provided by a patch included with redhat rpms. check out <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=35653> for more info. note: "This requires kernel >=2.2.18 and libcap package..." i downloaded the src rpm from ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/os/i386/SRPMS/ntp-4.1.0-4.src.rpm and extracted the patch.
Created an attachment (id=12278) [details] ntp droproot patch. originally from <ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/os/i386/SRPMS/ntp-4.1.0-4.src.rpm> ... i modified the patch file by adding this source url to the top of it. i made no modifications to the code.
doesn't change the fact that normal users can't change the system time, does it? o.O
fyi i submitted this patch to the ntp maintainers. even though it looks like it was written in august 2001, they had not seen it. i will try and find out if/when they are going to include it with the source. lets hold off on adding it.
Why not apply the patch for now, though? Most of the patches in gentoo-sources are in future kernels, yet we apply them instead of waiting for a new version with them...
re comment #6: makes sense. the maintainers are looking to include the patch but it could be a while because they are waiting for something similar on bsd. so let's go ahead and include this one with the ebuild. also fyi, once the patch is in gentoo-src/eid_database/ needs to be updated. all yours luke-jr.
i updated the patch to work with 4.1.2 and added it to portage i also added enewgroup/enewuser to the ebuild to add ntp finally, i updated the ntp server to (by default) pass '-U ntp' in the OPTS
test, works great. thanks.
4.2.0 is out and here is the patch: http://bugzilla.ntp.org/attachment.cgi?id=103&action=view
