Starting with reduced capabilities (non root)
Achim Gratz
Stromeko at nexgo.de
Thu Feb 15 18:17:51 UTC 2018
Hal Murray via devel writes:
> I've been running on Linux with ntpd starting as non-root with reduced
> capabilities. Do we want to merge this in?
Yes, please. I see no reason why ntpd should start up as root these days.
> It's not a big deal, but one more small step in the right direction. The
> biggest disadvantage I can see is the increased complexity in the startup
> scripts.
It'll be better in the long run to get fixed.
> I think we can avoid cap_setgid and cap_setuid by not switching to
> ntp:ntp.
Yes, that is something systemd should take care of.
> You also have to get the permissions right on log files and refclock device
> files.
Device files can be taken care of by udev rules. Statistics files
already are owned by ntp:ntp.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves
More information about the devel
mailing list