ntpd w/ --enable-early-droproot
Eric S. Raymond
esr at thyrsus.com
Sat Nov 26 20:36:07 UTC 2016
Achim Gratz <Stromeko at nexgo.de>:
> Configuring ntpd to drop root early makes it fail to open the refclock
> devices (which are owned by root). I guess they should be readyble by
> group ntp at least on Raspbian, which starts ntpd with that group?
Yes, they should be.
Our philosophy in situations like this is to go for the high-security option
even if it needs a little more one-time setup, like a chmod or a udev rule.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
More information about the devel
mailing list