ntpd Certificate Loading
Hal Murray
hmurray at megapathdsl.net
Tue Jun 9 10:51:20 UTC 2020
> When I recently installed 3.19 from repo on the new 'raspberry pi os (64
> bit)', I had to change /etc/letsencrypt from ownership ntp:ntp to root:ntp
> in order to get past the 'permission denied' errors.
3.19 sounds more like a GPSD version. Did you update ntpsec too?
I can't figure out how changing something from ntp:ntp to root:ntp is going to
allow ntpd to read it. Could you say more?
If it tries to read pre-drop root, it is still root and can read anything. If
it tries to read post-drop-root when it has switched to user ntp, then it
should be able to read files owned by ntp. Changing to root:ntp would make it
harder to read.
--
These are my opinions. I hate spam.
More information about the devel
mailing list