Should we check permissions on files that should be secret?

Hal Murray hmurray at
Wed Aug 26 00:29:32 UTC 2020

There are 3 files I can think of.  Did I miss any?
  The keys file for shared key authentication.
  The NTS private key for the server certificate
  The NTS key file for making/decoding cookies

We need to be able to write the cookie file.  The others can be (should be?) 
read only.

Things may be slightly complicated with switching to user ntp.


There is a related tangle.  We want to switch to the log file as early as 
possible, probably before switching to user ntp.  I think logrotate and 
friends copy the owner and mode.  After a fresh install, the log file gets 
created by user root but ntpd won't be able to open the new file on a SIGHUP.  
Once you manually set the owner to ntp, things are good.  Should we set the 
owner to ntp (if needed) before switching to ntp?

These are my opinions.  I hate spam.

More information about the devel mailing list