ntpd.service change

Udo van den Heuvel udovdh at xs4all.nl
Wed Mar 7 03:45:38 UTC 2018 

On 06-03-18 21:09, Richard Laager wrote:
> Previously, you could not override ExecStart, only add to it. In systemd
> 197 (available in Fedora 18), this syntax should work:
> 
> ExecStart=
> EnvironmentFile=-/etc/sysconfig/ntpd
> ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS
> 
> The empty ExecStart= indicates that you are clearing out the previous
> ExecStart entry (or entries, but that's not applicable here) and then
> you add your replacement.
> 
> See this, especially starting at comment 9:
> https://bugzilla.redhat.com/show_bug.cgi?id=756787
> 
> Note that I have not personally tested this. If this doesn't work for
> you, what is your systemd version, and what is the output of `systemctl
> show ntpd.service`?

# rpm -q systemd
systemd-233-7.fc26.x86_64

# systemctl show ntpd.service
Type=forking
Restart=no
NotifyAccess=none
RestartUSec=100ms
TimeoutStartUSec=1min 30s
TimeoutStopUSec=1min 30s
RuntimeMaxUSec=infinity
WatchdogUSec=0
WatchdogTimestamp=Wed 2018-03-07 04:37:21 CET
WatchdogTimestampMonotonic=428019742222
FailureAction=none
PermissionsStartOnly=no
RootDirectoryStartOnly=no
RemainAfterExit=no
GuessMainPID=yes
MainPID=32058
ControlPID=0
FileDescriptorStoreMax=0
NFileDescriptorStore=0
StatusErrno=0
Result=success
UID=4294967295
GID=4294967295
ExecMainStartTimestamp=Wed 2018-03-07 04:37:21 CET
ExecMainStartTimestampMonotonic=428019742208
ExecMainExitTimestampMonotonic=0
ExecMainPID=32058
ExecMainCode=0
ExecMainStatus=0
ExecStart={ path=/usr/sbin/ntpd ; argv[]=/usr/sbin/ntpd -g -N -u ntp:ntp
; ignore_errors=no ; start_time=[Wed 2018-03-07 04:37:21 CET] ;
stop_time=[Wed 2018-03-07 04:37:21 CET] ; pid=32057 ; code=exited ;
status=0 }
Slice=system.slice
ControlGroup=/system.slice/ntpd.service
MemoryCurrent=18446744073709551615
CPUUsageNSec=18446744073709551615
TasksCurrent=18446744073709551615
Delegate=no
CPUAccounting=no
CPUWeight=18446744073709551615
StartupCPUWeight=18446744073709551615
CPUShares=18446744073709551615
StartupCPUShares=18446744073709551615
CPUQuotaPerSecUSec=infinity
IOAccounting=no
IOWeight=18446744073709551615
StartupIOWeight=18446744073709551615
BlockIOAccounting=no
BlockIOWeight=18446744073709551615
StartupBlockIOWeight=18446744073709551615
MemoryAccounting=no
MemoryLow=0
MemoryHigh=18446744073709551615
MemoryMax=18446744073709551615
MemorySwapMax=18446744073709551615
MemoryLimit=18446744073709551615
DevicePolicy=auto
TasksAccounting=yes
TasksMax=4915
UMask=0022
LimitCPU=18446744073709551615
LimitCPUSoft=18446744073709551615
LimitFSIZE=18446744073709551615
LimitFSIZESoft=18446744073709551615
LimitDATA=18446744073709551615
LimitDATASoft=18446744073709551615
LimitSTACK=18446744073709551615
LimitSTACKSoft=8388608
LimitCORE=18446744073709551615
LimitCORESoft=18446744073709551615
LimitRSS=18446744073709551615
LimitRSSSoft=18446744073709551615
LimitNOFILE=4096
LimitNOFILESoft=1024
LimitAS=18446744073709551615
LimitASSoft=18446744073709551615
LimitNPROC=60910
LimitNPROCSoft=60910
LimitMEMLOCK=65536
LimitMEMLOCKSoft=65536
LimitLOCKS=18446744073709551615
LimitLOCKSSoft=18446744073709551615
LimitSIGPENDING=60910
LimitSIGPENDINGSoft=60910
LimitMSGQUEUE=819200
LimitMSGQUEUESoft=819200
LimitNICE=0
LimitNICESoft=0
LimitRTPRIO=0
LimitRTPRIOSoft=0
LimitRTTIME=18446744073709551615
LimitRTTIMESoft=18446744073709551615
OOMScoreAdjust=0
Nice=0
IOScheduling=0
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
TimerSlackNSec=50000
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardOutput=journal
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SyslogLevel=6
SyslogFacility=3
SecureBits=0
CapabilityBoundingSet=18446744073709551615
AmbientCapabilities=0
DynamicUser=no
RemoveIPC=no
MountFlags=0
PrivateTmp=yes
PrivateDevices=no
ProtectKernelTunables=no
ProtectKernelModules=no
ProtectControlGroups=no
PrivateNetwork=no
PrivateUsers=no
ProtectHome=no
ProtectSystem=no
SameProcessGroup=no
UtmpMode=init
IgnoreSIGPIPE=yes
NoNewPrivileges=no
SystemCallErrorNumber=0
RuntimeDirectoryMode=0755
MemoryDenyWriteExecute=no
RestrictRealtime=no
RestrictNamespaces=no
MountAPIVFS=no
KillMode=control-group
KillSignal=15
SendSIGKILL=yes
SendSIGHUP=no
Id=ntpd.service
Names=ntpd.service
Requires=var.mount -.mount system.slice sysinit.target tmp.mount
Wants=network.target
RequisiteOf=ntp-wait.service
WantedBy=multi-user.target
Conflicts=shutdown.target systemd-timesyncd.service
Before=multi-user.target shutdown.target ntp-wait.service
After=systemd-journald.socket var.mount ldattach at ttyS2.service
system.slice nss-lookup.target network.target sysinit.target -.mount
basic.target tmp.mount systemd-tmpfiles-setup.service
RequiresMountsFor=/tmp /var/tmp
Documentation=man:ntpd(8)
Description=Network Time Service
LoadState=loaded
ActiveState=active
SubState=running
FragmentPath=/usr/lib/systemd/system/ntpd.service
DropInPaths=/etc/systemd/system/ntpd.service.d/10-environment.conf
UnitFileState=enabled
UnitFilePreset=disabled
StateChangeTimestamp=Wed 2018-03-07 04:37:21 CET
StateChangeTimestampMonotonic=428019742223
InactiveExitTimestamp=Wed 2018-03-07 04:37:21 CET
InactiveExitTimestampMonotonic=428019716599
ActiveEnterTimestamp=Wed 2018-03-07 04:37:21 CET
ActiveEnterTimestampMonotonic=428019742223
ActiveExitTimestamp=Wed 2018-03-07 04:37:21 CET
ActiveExitTimestampMonotonic=428019659250
InactiveEnterTimestamp=Wed 2018-03-07 04:37:21 CET
InactiveEnterTimestampMonotonic=428019700479
CanStart=yes
CanStop=yes
CanReload=no
CanIsolate=no
StopWhenUnneeded=no
RefuseManualStart=no
RefuseManualStop=no
AllowIsolate=no
DefaultDependencies=yes
OnFailureJobMode=replace
IgnoreOnIsolate=no
NeedDaemonReload=no
JobTimeoutUSec=infinity
JobTimeoutAction=none
ConditionResult=yes
AssertResult=yes
ConditionTimestamp=Wed 2018-03-07 04:37:21 CET
ConditionTimestampMonotonic=428019701063
AssertTimestamp=Wed 2018-03-07 04:37:21 CET
AssertTimestampMonotonic=428019701109
Transient=no
Perpetual=no
StartLimitIntervalSec=10000000
StartLimitBurst=5
StartLimitAction=none
InvocationID=6187906c59814810b7c4e097fe7772c0



I noticed that systemd does notice changes to the drop in file but that
it does not change the ntpd parameters.

# cat /etc/sysconfig/ntpd
# Command line options for ntpd
OPTIONS="-g -6"
# cat /lib/systemd/system/ntpd.service
[Unit]
Description=Network Time Service
Documentation=man:ntpd(8)
Wants=network.target
ConditionCapability=CAP_SYS_TIME
After=network.target nss-lookup.target
Conflicts=systemd-timesyncd.service

[Service]
Type=forking
PrivateTmp=true
ExecStart=/usr/sbin/ntpd -g -N -u ntp:ntp
# Specifying -g on the command line allows ntpd to make large adjustments to
# the clock on boot.  However, if Restart=yes is set, a malicious (or
broken)
# server could send the incorrect time, trip the panic threshold, and when
# ntpd restarts, serve it the incorrect time (which would be accepted).
Restart=no

[Install]
WantedBy=multi-user.target
# cat 10-environment.conf
ExecStart=
EnvironmentFile=-/etc/sysconfig/ntpd
ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS



If this is without obvious errors and should work I can file a bug
elsewhere as this is not a systemd development forum...

Kind regards,
Udo

More information about the devel mailing list