21444 – ntp should create and run as user ntp

Bug 21444 - ntp should create and run as user ntp

Summary: ntp should create and run as user ntp

Status:	VERIFIED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	SpanKY

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-05-21 16:48 UTC by Rajiv Aaron Manglani (RETIRED)
Modified:	2004-02-01 00:04 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ntp droproot patch. (ntp-4.0.99m-rc2-droproot.patch,12.23 KB, patch) 2003-05-22 02:13 UTC, Rajiv Aaron Manglani (RETIRED)	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rajiv Aaron Manglani (RETIRED) gentoo-dev

2003-05-21 16:48:34 UTC

currently net-misc/ntp-4.1.1b-r5 runs as root after it is installed.

the ebuild should create a user and group called ntp (maybe uid/gid 123 since
ntp runs on port 123?). in /etc/conf.d/ntpd NTPD_OPTS="-U ntp" should be set.

gentoo currently does this for bind and sshd, and possibly others.

also, /etc/ntp/ should be created and owned by ntp/ntp. then
/usr/share/ntp/ntp.conf should be copied to /etc/ntp.conf but modified so the
drift file is stored in /etc/ntp/drift.

Comment 1 Luke-Jr 2003-05-21 23:19:17 UTC

Due to NTP's functionality (setting the system clock), it cannot be run as a normal 
user. Nor does the -U option you suggested exist for ntpd.

Comment 2 Rajiv Aaron Manglani (RETIRED) gentoo-dev

2003-05-22 02:12:04 UTC

turns out that this feature is provided by a patch included with redhat rpms. check out <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=35653> for more info. note: "This requires kernel >=2.2.18 and libcap package..."

i downloaded the src rpm from ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/os/i386/SRPMS/ntp-4.1.0-4.src.rpm and extracted the patch.

Comment 3 Rajiv Aaron Manglani (RETIRED) gentoo-dev

2003-05-22 02:13:47 UTC

Created attachment 12278 [details, diff]
ntp droproot patch.

originally from
<ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/os/i386/SRPMS/ntp-4.1.0-4.src.rpm>
... i modified the patch file by adding this source url to the top of it. i
made no modifications to the code.

Comment 4 Luke-Jr 2003-05-22 02:18:28 UTC

doesn't change the fact that normal users can't change the system time, does  
it? o.O

Comment 5 Rajiv Aaron Manglani (RETIRED) gentoo-dev

2003-05-22 13:32:36 UTC

fyi i submitted this patch to the ntp maintainers. even though it looks like it was written in august 2001, they had not seen it. i will try and find out if/when they are going to include it with the source. lets hold off on adding it.

Comment 6 Luke-Jr 2003-05-24 19:32:56 UTC

Why not apply the patch for now, though? Most of the patches in gentoo-sources 
are in future kernels, yet we apply them instead of waiting for a new version with 
them...

Comment 7 Rajiv Aaron Manglani (RETIRED) gentoo-dev

2003-05-27 05:25:55 UTC

re comment #6: makes sense. the maintainers are looking to include the patch but it could be a while because they are waiting for something similar on bsd. so let's go ahead and include this one with the ebuild.

also fyi, once the patch is in gentoo-src/eid_database/ needs to be updated.

all yours luke-jr.

Comment 8 SpanKY gentoo-dev

2003-08-06 00:47:17 UTC

i updated the patch to work with 4.1.2 and added it to portage

i also added enewgroup/enewuser to the ebuild to add ntp

finally, i updated the ntp server to (by default) pass '-U ntp' in the OPTS

Comment 9 Rajiv Aaron Manglani (RETIRED) gentoo-dev

2003-12-07 17:04:07 UTC

test, works great. thanks.

Comment 10 Kalin KOZHUHAROV 2004-02-01 00:04:25 UTC

4.2.0 is out and here is the patch:
http://bugzilla.ntp.org/attachment.cgi?id=103&action=view