Re: Starting ntpd as non-root

2025-04-05 Thread James Browning via devel
On Monday, March 17, 2025 4:52:25 PM Pacific Daylight Time Hal Murray via devel wrote: > Back in 2018, I did some work on getting ntpd to start as ntp:ntp > There was a way on Linux to set some capabilities on a file. > > Somebody talked me/us out of this. I don't remember why. > > I've poked a

Re: Starting ntpd as non-root

2025-03-19 Thread Hal Murray via devel
Found it: https://lists.ntpsec.org/pipermail/devel/2019-February/007659.html From: Richard Laager Subject: Is it time to drop seccomp? Here is the key chunk. Thanks Richard!! I think the setuid/setcap as described above is dangerous. Unless you limit the permissions on "other" (e.g. chmod 27

Re: Starting ntpd as non-root

2025-03-18 Thread Hal Murray via devel
James said: > I do not; a quick search suggests that SHM needed root. "needed root" doesn't make sense in the context of that discussion. Linux has a fine grained capabilities facility. See man capabilities(7). There is one for SHM. CAP_IPC_LOCK . Lock memory (mlock(2

Starting ntpd as non-root

2025-03-17 Thread Hal Murray via devel
Back in 2018, I did some work on getting ntpd to start as ntp:ntp There was a way on Linux to set some capabilities on a file. Somebody talked me/us out of this. I don't remember why. I've poked around in the archives, but I haven't found the message that I'm looking for. Does anybody rememb