Logfile permissions and ntp group
hmurray at megapathdsl.net
Tue Jun 7 23:17:38 UTC 2016
esr at thyrsus.com said:
> You are suggesting that this is not so - that as long as we open log files
> before privilege-dropping the ntp user/group pair isn't necessary at all. If
> true I would mildly prefer to do things that way, it's simpler.
There are 2 types of "log" files. There is ntpd.log and there are several
ntpd.log gets opened while still root. It doesn't cooperate with logrotate
yet, but we should set things up so that will work. ntpd.log should probably
be in /var/log/ntpstats/ so ntp can own that directory. That may be
unnecessary if logrotate makes the new file.
The stats files automatically roll over. You can specify how often, but
daily works for me. They don't get opened until needed which is long after
dropping root, so they need the right user:group on the directory as well as
any existing current files if any.
I find it handy to have all the ntp logging in one directory.
These are my opinions. I hate spam.
More information about the devel