Logfile permissions and ntp group

Hal Murray hmurray at megapathdsl.net
Tue Jun 7 23:17:38 UTC 2016

esr at thyrsus.com said:
> You are suggesting that this is not so - that as long as we open log files
> before privilege-dropping the ntp user/group pair isn't necessary at all. If
> true I would mildly prefer to do things that way, it's simpler. 

There are 2 types of "log" files.  There is ntpd.log and there are several 
stats files.

ntpd.log gets opened while still root.  It doesn't cooperate with logrotate 
yet, but we should set things up so that will work.  ntpd.log should probably 
be in /var/log/ntpstats/ so ntp can own that directory.  That may be 
unnecessary if logrotate makes the new file.

The stats files automatically roll over.  You can specify how often, but 
daily works for me.  They don't get opened until needed which is long after 
dropping root, so they need the right user:group on the directory as well as 
any existing current files if any.

I find it handy to have all the ntp logging in one directory.

These are my opinions.  I hate spam.

More information about the devel mailing list