ntpd w/ --enable-early-droproot

Eric S. Raymond esr at thyrsus.com
Sat Nov 26 20:36:07 UTC 2016


Achim Gratz <Stromeko at nexgo.de>:
> Configuring ntpd to drop root early makes it fail to open the refclock
> devices (which are owned by root).  I guess they should be readyble by
> group ntp at least on Raspbian, which starts ntpd with that group?

Yes, they should be.

Our philosophy in situations like this is to go for the high-security option
even if it needs a little more one-time setup, like a chmod or a udev rule.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>


More information about the devel mailing list