Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 21444 - ntp should create and run as user ntp
Summary: ntp should create and run as user ntp
Status: VERIFIED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: SpanKY
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-05-21 16:48 UTC by Rajiv Aaron Manglani (RETIRED)
Modified: 2004-02-01 00:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
ntp droproot patch. (ntp-4.0.99m-rc2-droproot.patch,12.23 KB, patch)
2003-05-22 02:13 UTC, Rajiv Aaron Manglani (RETIRED) 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-21 16:48:34 UTC 
currently net-misc/ntp-4.1.1b-r5 runs as root after it is installed.

the ebuild should create a user and group called ntp (maybe uid/gid 123 since
ntp runs on port 123?). in /etc/conf.d/ntpd NTPD_OPTS="-U ntp" should be set.

gentoo currently does this for bind and sshd, and possibly others.

also, /etc/ntp/ should be created and owned by ntp/ntp. then
/usr/share/ntp/ntp.conf should be copied to /etc/ntp.conf but modified so the
drift file is stored in /etc/ntp/drift.
Comment 1 Luke-Jr 2003-05-21 23:19:17 UTC 
Due to NTP's functionality (setting the system clock), it cannot be run as a normal 
user. Nor does the -U option you suggested exist for ntpd.
Comment 2 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-22 02:12:04 UTC 
turns out that this feature is provided by a patch included with redhat rpms. check out <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=35653> for more info. note: "This requires kernel >=2.2.18 and libcap package..."

i downloaded the src rpm from ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/os/i386/SRPMS/ntp-4.1.0-4.src.rpm and extracted the patch.
Comment 3 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-22 02:13:47 UTC 
Created attachment 12278 [details, diff]
ntp droproot patch.

originally from
<ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/os/i386/SRPMS/ntp-4.1.0-4.src.rpm>
... i modified the patch file by adding this source url to the top of it. i
made no modifications to the code.
Comment 4 Luke-Jr 2003-05-22 02:18:28 UTC 
doesn't change the fact that normal users can't change the system time, does  
it? o.O
Comment 5 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-22 13:32:36 UTC 
fyi i submitted this patch to the ntp maintainers. even though it looks like it was written in august 2001, they had not seen it. i will try and find out if/when they are going to include it with the source. lets hold off on adding it.
Comment 6 Luke-Jr 2003-05-24 19:32:56 UTC 
Why not apply the patch for now, though? Most of the patches in gentoo-sources 
are in future kernels, yet we apply them instead of waiting for a new version with 
them...
Comment 7 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-27 05:25:55 UTC 
re comment #6: makes sense. the maintainers are looking to include the patch but it could be a while because they are waiting for something similar on bsd. so let's go ahead and include this one with the ebuild.

also fyi, once the patch is in gentoo-src/eid_database/ needs to be updated.

all yours luke-jr.
Comment 8 SpanKY gentoo-dev 2003-08-06 00:47:17 UTC 
i updated the patch to work with 4.1.2 and added it to portage

i also added enewgroup/enewuser to the ebuild to add ntp

finally, i updated the ntp server to (by default) pass '-U ntp' in the OPTS
Comment 9 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-12-07 17:04:07 UTC 
test, works great. thanks.
Comment 10 Kalin KOZHUHAROV 2004-02-01 00:04:25 UTC 
4.2.0 is out and here is the patch:
http://bugzilla.ntp.org/attachment.cgi?id=103&action=view