> Which causes ntpd to fail on startup (I assume after dropping root): Looks like you are dying trying to read the certificate. It will get worse when you want to read the key.
-------------- Do you trust user ntp? If so, the fix is to change ownership. I copy the cert and key over to /etc/ntp/ and change to user ntp:ntp If not, things get complicated. The current code will reload the certificate if it is updated. Are you willing to give that up? If so, we can add an option to read the certificate before dropping root and disable trying to reload. That probably won't work with early drop root. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
