Starting with reduced capabilities (non root)
Stromeko at nexgo.de
Thu Feb 15 18:17:51 UTC 2018
Hal Murray via devel writes:
> I've been running on Linux with ntpd starting as non-root with reduced
> capabilities. Do we want to merge this in?
Yes, please. I see no reason why ntpd should start up as root these days.
> It's not a big deal, but one more small step in the right direction. The
> biggest disadvantage I can see is the increased complexity in the startup
It'll be better in the long run to get fixed.
> I think we can avoid cap_setgid and cap_setuid by not switching to
Yes, that is something systemd should take care of.
> You also have to get the permissions right on log files and refclock device
Device files can be taken care of by udev rules. Statistics files
already are owned by ntp:ntp.
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Wavetables for the Terratec KOMPLEXER:
More information about the devel