Logfile permissions and ntp group
Eric S. Raymond
esr at thyrsus.com
Tue Jun 7 22:46:44 UTC 2016
Mike <bellyacres at gmail.com>:
> On 06/07/2016 05:57 PM, Hal Murray wrote:
> >>Ntpd is running as user nobody, whom can't write to that directory.
> >Hopefully that is user ntp rather than nobody.
> >The file permissions need to be setup for log files as well as the drift file.
> The HOWTO setsup ntpd to run as nobody:nogroup.
> The logfile set to /var/log/ntpd.log is root:root. I'm not getting errors
> there, gathering that it was opened before privileges were dropped.
OK, this permissions issue was next on my list of things to fix today,
but you have just confounded my plans.
I thought I was going to have to tweak clockmaker to create an ntp
user and group if it doesn't already exist, then set ntp to run with
those IDs in the init script. That's easy enough to do.
You are suggesting that this is not so - that as long as we open log files
before privilege-dropping the ntp user/group pair isn't necessary at all.
If true I would mildly prefer to do things that way, it's simpler.
Input from those with operational experience, please. What are the pros
and cons here?
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
More information about the devel