What's magic about /tmp/? ntpd can't find UNIX socket

Hal Murray halmurray at sonic.net
Thu Oct 19 20:42:08 UTC 2023

devel at ntpsec.org said:
> Can you provide:
> ~ $ ls -ld /tmp drwxrwxrwt 12 root root 580 Oct 19 11:00 /tmp

srwxrwxrwx  1 murray murray   0 Oct 18 20:51 /tmp/fake-samba-socket/socket
drwxrwxrwx  2 ntp    ntp     60 Oct 18 20:51 /tmp/fake-samba-socket/
drwxrwxrwt 19 root   root   500 Oct 19 13:19 /tmp/

Changing the owner to ntp didn't make any difference.

> And:
>  ~ $ mount | fgrep /tmp tmpfs on /tmp type tmpfs (rw,nosuid,relatime,size=3D20
> 97152k) 

tmpfs on /tmp type tmpfs (rw,nosuid,nodev,nr_inodes=1048576,inode64)

We may be shooting ourselves in the foot.  There is a lot of stuff in 
ntp_sandbox.  When we droproot, we retain privs for setting the clock.  Is 
there a priv for accessing /tmp/?  I just scanned the list in the 
capabilities(7) man page and didn't see anything but I could easily have 
missed something.

These are my opinions.  I hate spam.

More information about the devel mailing list