[ntpsec/ntpsec] Refactor ntpd to support non-root execution (PR #10)
Hal Murray
halmurray at sonic.net
Mon Jun 9 21:26:24 UTC 2025
As Gary pointed out, our home base is on GitLab, so comments here will be
hard to find.
Let's move the discussion to devel at ntpsec.org
Henrique Moraes said:
> I may be misunderstanding something, but I was under the impression that
> ntpd can drop privileges using the -u option to run as a non-root user,
> and use CAP_SYS_TIME capability to adjust the system time. Could you
> please clarify how this aligns with the decision that non-root user and
> processes may never have an input on the system time?
We had a similar request a while ago. The details of how to get started
seemed complicated, but maybe we overlooked a critical idea.
How are you planning to start a program with the right user and
capabilities? (and scheduler priority)
I consider splitting ntpd into 2 programs too disruptive. I think it
would be reasonable to patch the root-check to check for the needed
capabilities if started as non-root.
--
These are my opinions. I hate spam.
More information about the devel
mailing list