Fernando wrote: > I have built without libcap, erased "-u ntp:ntp" from the bootscript. > and it is running fine in SVN > 7.3 as in their older sisters. > > Is it unsafe, or are there other reasons for the modification?
I don't think building without libpcap is a problem. Running as root has a theoretical possibility of problems, but I've never heard of any practical issue. The ntp server may be queried and/or controlled by another system with some circumstances, but you have to read the (extensive) documentation to understand all the nuances. Generally I use the following configuration: restrict default nomodify nopeer noquery restrict 127.0.0.1 server 0.us.pool.ntp.org server 1.us.pool.ntp.org server 2.us.pool.ntp.org server 3.us.pool.ntp.org driftfile /var/cache/ntp.drift pidfile /var/run/ntp.pid If you want to set up ntp to act as a server for other systems or set up a hierarchy of servers for local (or distributed) use, the security issues may get a little more more complicated. Is there any particular reason you don't want to use the ntp user? -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
