Starting with reduced capabilities (non root)

Achim Gratz Stromeko at
Thu Feb 15 18:17:51 UTC 2018

Hal Murray via devel writes:
> I've been running on Linux with ntpd starting as non-root with reduced 
> capabilities.  Do we want to merge this in?

Yes, please.  I see no reason why ntpd should start up as root these days.

> It's not a big deal, but one more small step in the right direction.  The 
> biggest disadvantage I can see is the increased complexity in the startup 
> scripts.

It'll be better in the long run to get fixed.

> I think we can avoid  cap_setgid and cap_setuid by not switching to
> ntp:ntp.

Yes, that is something systemd should take care of.

> You also have to get the permissions right on log files and refclock device 
> files.

Device files can be taken care of by udev rules.  Statistics files
already are owned by ntp:ntp.

+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Terratec KOMPLEXER:

More information about the devel mailing list