Re: Starting with reduced capabilities (non root)

> Doesn't ntpd need to be started as root to set that? > But how does ntpd set its caps before it starts? man 8 setcap You set them on your ntpd when you mark it setuid as part of the install process. The capabilities on the file get OR-ed in to whatever they inherit from the starting user. S

Re: Starting with reduced capabilities (non root)

Yo Hal! On Thu, 15 Feb 2018 11:53:04 -0800 Hal Murray wrote: > >> Yes, please. I see no reason why ntpd should start up as root > >> these days. > > > It needs to be able to read /dev/pps*, SHM(0) and SHM(1) > > You don't need root for /dev/whatever if you set the owner to ntp:ntp > befor

Re: Starting with reduced capabilities (non root)

>> Yes, please. I see no reason why ntpd should start up as root these >> days. > It needs to be able to read /dev/pps*, SHM(0) and SHM(1) You don't need root for /dev/whatever if you set the owner to ntp:ntp before starting ntpd. Linux has split the root-does-everything permissions to various

Re: Starting with reduced capabilities (non root)

Yo Achim! On Thu, 15 Feb 2018 19:17:51 +0100 Achim Gratz via devel wrote: > Hal Murray via devel writes: > > I've been running on Linux with ntpd starting as non-root with > > reduced capabilities. Do we want to merge this in? > > Yes, please. I see no reason why ntpd should start up as roo

Re: Starting with reduced capabilities (non root)

Hal Murray via devel writes: > I've been running on Linux with ntpd starting as non-root with reduced > capabilities. Do we want to merge this in? Yes, please. I see no reason why ntpd should start up as root these days. > It's not a big deal, but one more small step in the right direction. T

Re: crypto stuff is broken with old versions of OpenSSL

Should be fixed now. Is anybody other than me testing the authentication stuff? Poke me off list if you want to set something up. -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/list

Re: ntpd working set

Hal Murray via devel : > Does anybody know what the working set of a server answering a request is? > Or how to measure it? This looks useful: http://www.brendangregg.com/blog/2018-01-17/measure-working-set-size.html -- http://www.catb.org/~esr/";>Eric S. Raymond My work is fu

crypto stuff is broken with old versions of OpenSSL

Rats/sorry. I broke it last night. Usually I test things better than this. Should be fixed soon. -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel