> On Jan 20, 2015, at 9:59 AM, John Long <codeb...@inbox.lv> wrote: > >> though I should fix the the portable version to adjust the manpage to >> point where it actually gets configured for installation. Some packagers >> have already been patching this for their distributions. By default, it >> should get written to: >> >> LOCALSTATEDIR "/db/ntpd.drift" > > Thanks, this helps. It was there, just not where I wanted since I install > addons in /usr/local. Unfortunately now that I fixed the build to use /var > like everything else I see there is a problem because /var/db is only root > writeable and I believe the _ntp user is the one trying to write the drift > file. It would be unfortunate to have to create a whole directory hierachy > no matter how small just to have a place the _ntp user could write his drift > file. I think I would even prefer /var/tmp to that. Any suggestions?
That's OK. Nothing will be written as the _ntp user. The unprivileged process instead sends a message to the privileged process, which actually does the writing of the drift file. You want it to be some place persistent, not /var/tmp. Note that a new drift file is not written immediately on start, only after the proper frequency adjustment has been determined. That might take a long time depending on the stability of your systems's clock (e.g. VMs) and how quickly time can be synced, etc. Give it an hour or ten :) > >>> Also, what is the purpose of /var/empty/ntp in the portable version? It's >>> empty ;) >> >> Thanks for bringing that up. This is a privilege-separation directory >> that the unprivileged ntpd processes chroot to on startup. It is >> intentionally empty and unwritable by the unprivileged processes. >> Having this directory empty and unwritable prevents the processes from >> having access to any files or file system privileges that they do not >> need to do their jobs. >> >> Since /var/empty might not exist, e.g. Debian does not provide it, >> your OS's package may have altered the privilege separation user >> directory to be somewhere else, like '/var/run/openntpd'. But, that >> should also be empty and unwritable. > > Ok, this was also fixed, presumably, when I set localstatedir for the > build. I think this might be more likely: 'make install' checks to see if you have a properly configured unprivileged user and gives instructions if none is found. If you already have one configured, it does not display the instructions again. > /jl > > -- > ASCII ribbon campaign ( ) Powered by Lemote Fuloong > against HTML e-mail X Loongson MIPS and OpenBSD > and proprietary / \ http://www.mutt.org > attachments / \ Code Blue or Go Home! > Encrypted email preferred PGP Key 2048R/DA65BC04
