On Mon, 06 Jun 2005 10:03:34 -0500 Bruce Dubbs <[EMAIL PROTECTED]> wrote:
> Matthias Berndt wrote: > > > I think it makes sense to run ntpd as restricted user to prevent > > security problems. By adding "--enable-linuxcaps" as configure > > switch, one user:group combo to the system and appending "-u > > ntp:ntp" to the bootscripts all nedded things get done. > > This is a reasonable thing to do, but what is the "--enable-linuxcaps" > thing? I found it the documentation and it was required here to get it work as restricted user. > > [/usr/src/ntp/ntp-4.2.0]$ grep linuxcaps configure > [/usr/src/ntp/ntp-4.2.0]$ > > Looking at the source, it appears that the variable HAVE_CLOCKCTL must > be defined to change user and that is only if sys/clockctl.h exists > (which it doesn't). That's correct. This option is only available if the OS supports to run the server without full root privileges. Currently, this option is supported under NetBSD and Linux. It's disabled by default. Regards, Matthias -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
