Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 21444

Summary: ntp should create and run as user ntp
Product: Gentoo Linux Reporter: Rajiv Aaron Manglani (RETIRED) <rajiv>
Component: New packagesAssignee: SpanKY <vapier>
Status: VERIFIED FIXED    
Severity: normal CC: mr_bones_
Priority: High    
Version: 1.4_rc4   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: ntp droproot patch.

Description Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-21 16:48:34 UTC 
currently net-misc/ntp-4.1.1b-r5 runs as root after it is installed.

the ebuild should create a user and group called ntp (maybe uid/gid 123 since
ntp runs on port 123?). in /etc/conf.d/ntpd NTPD_OPTS="-U ntp" should be set.

gentoo currently does this for bind and sshd, and possibly others.

also, /etc/ntp/ should be created and owned by ntp/ntp. then
/usr/share/ntp/ntp.conf should be copied to /etc/ntp.conf but modified so the
drift file is stored in /etc/ntp/drift.
Comment 1 Luke-Jr 2003-05-21 23:19:17 UTC 
Due to NTP's functionality (setting the system clock), it cannot be run as a normal 
user. Nor does the -U option you suggested exist for ntpd.
Comment 2 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-22 02:12:04 UTC 
turns out that this feature is provided by a patch included with redhat rpms. check out <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=35653> for more info. note: "This requires kernel >=2.2.18 and libcap package..."

i downloaded the src rpm from ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/os/i386/SRPMS/ntp-4.1.0-4.src.rpm and extracted the patch.
Comment 3 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-22 02:13:47 UTC 
Created attachment 12278 [details, diff]
ntp droproot patch.

originally from
<ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/os/i386/SRPMS/ntp-4.1.0-4.src.rpm>
... i modified the patch file by adding this source url to the top of it. i
made no modifications to the code.
Comment 4 Luke-Jr 2003-05-22 02:18:28 UTC 
doesn't change the fact that normal users can't change the system time, does  
it? o.O
Comment 5 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-22 13:32:36 UTC 
fyi i submitted this patch to the ntp maintainers. even though it looks like it was written in august 2001, they had not seen it. i will try and find out if/when they are going to include it with the source. lets hold off on adding it.
Comment 6 Luke-Jr 2003-05-24 19:32:56 UTC 
Why not apply the patch for now, though? Most of the patches in gentoo-sources 
are in future kernels, yet we apply them instead of waiting for a new version with 
them...
Comment 7 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-27 05:25:55 UTC 
re comment #6: makes sense. the maintainers are looking to include the patch but it could be a while because they are waiting for something similar on bsd. so let's go ahead and include this one with the ebuild.

also fyi, once the patch is in gentoo-src/eid_database/ needs to be updated.

all yours luke-jr.
Comment 8 SpanKY gentoo-dev 2003-08-06 00:47:17 UTC 
i updated the patch to work with 4.1.2 and added it to portage

i also added enewgroup/enewuser to the ebuild to add ntp

finally, i updated the ntp server to (by default) pass '-U ntp' in the OPTS
Comment 9 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-12-07 17:04:07 UTC 
test, works great. thanks.
Comment 10 Kalin KOZHUHAROV 2004-02-01 00:04:25 UTC 
4.2.0 is out and here is the patch:
http://bugzilla.ntp.org/attachment.cgi?id=103&action=view