Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 21444 - ntp should create and run as user ntp
Summary: ntp should create and run as user ntp
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: SpanKY
Depends on:
Reported: 2003-05-21 16:48 UTC by Rajiv Aaron Manglani (RETIRED)
Modified: 2004-02-01 00:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

ntp droproot patch. (ntp-4.0.99m-rc2-droproot.patch,12.23 KB, patch)
2003-05-22 02:13 UTC, Rajiv Aaron Manglani (RETIRED)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-21 16:48:34 UTC
currently net-misc/ntp-4.1.1b-r5 runs as root after it is installed.

the ebuild should create a user and group called ntp (maybe uid/gid 123 since
ntp runs on port 123?). in /etc/conf.d/ntpd NTPD_OPTS="-U ntp" should be set.

gentoo currently does this for bind and sshd, and possibly others.

also, /etc/ntp/ should be created and owned by ntp/ntp. then
/usr/share/ntp/ntp.conf should be copied to /etc/ntp.conf but modified so the
drift file is stored in /etc/ntp/drift.
Comment 1 Luke-Jr 2003-05-21 23:19:17 UTC
Due to NTP's functionality (setting the system clock), it cannot be run as a normal 
user. Nor does the -U option you suggested exist for ntpd. 
Comment 2 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-22 02:12:04 UTC
turns out that this feature is provided by a patch included with redhat rpms. check out <> for more info. note: "This requires kernel >=2.2.18 and libcap package..."

i downloaded the src rpm from and extracted the patch.

Comment 3 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-22 02:13:47 UTC
Created attachment 12278 [details, diff]
ntp droproot patch.

originally from
... i modified the patch file by adding this source url to the top of it. i
made no modifications to the code.
Comment 4 Luke-Jr 2003-05-22 02:18:28 UTC
doesn't change the fact that normal users can't change the system time, does  
it? o.O  
Comment 5 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-22 13:32:36 UTC
fyi i submitted this patch to the ntp maintainers. even though it looks like it was written in august 2001, they had not seen it. i will try and find out if/when they are going to include it with the source. lets hold off on adding it.
Comment 6 Luke-Jr 2003-05-24 19:32:56 UTC
Why not apply the patch for now, though? Most of the patches in gentoo-sources 
are in future kernels, yet we apply them instead of waiting for a new version with 
Comment 7 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-05-27 05:25:55 UTC
re comment #6: makes sense. the maintainers are looking to include the patch but it could be a while because they are waiting for something similar on bsd. so let's go ahead and include this one with the ebuild.

also fyi, once the patch is in gentoo-src/eid_database/ needs to be updated.

all yours luke-jr.
Comment 8 SpanKY gentoo-dev 2003-08-06 00:47:17 UTC
i updated the patch to work with 4.1.2 and added it to portage

i also added enewgroup/enewuser to the ebuild to add ntp

finally, i updated the ntp server to (by default) pass '-U ntp' in the OPTS
Comment 9 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2003-12-07 17:04:07 UTC
test, works great. thanks.
Comment 10 Kalin KOZHUHAROV 2004-02-01 00:04:25 UTC
4.2.0 is out and here is the patch: