Em 16-05-2013 21:22, Bruce Dubbs escreveu: > Fernando wrote: >> I have built without libcap, erased "-u ntp:ntp" from the bootscript. >> and it is running fine in SVN > 7.3 as in their older sisters. >> >> Is it unsafe, or are there other reasons for the modification? > > I don't think building without libpcap is a problem. > > Running as root has a theoretical possibility of problems, but I've > never heard of any practical issue. The ntp server may be queried > and/or controlled by another system with some circumstances, but you > have to read the (extensive) documentation to understand all the > nuances. Generally I use the following configuration: > > > restrict default nomodify nopeer noquery > restrict 127.0.0.1 > > server 0.us.pool.ntp.org > server 1.us.pool.ntp.org > server 2.us.pool.ntp.org > server 3.us.pool.ntp.org > > driftfile /var/cache/ntp.drift > pidfile /var/run/ntp.pid > > If you want to set up ntp to act as a server for other systems or set up > a hierarchy of servers for local (or distributed) use, the security > issues may get a little more more complicated.
Thanks, Bruce, No, it will not be used as server for time sync. > > Is there any particular reason you don't want to use the ntp user? No, I will redo it. It was the latest thing done today, used old script just changing versions, to build, did not notice libcap was required, ntpd failed on boot, only then I saw the missed dependency. So I was curious about the modification. Tomorrow it will be the first thing to do, when I start again with that machine. Your comment above about running as root was enough to consider rebuilding. And will also change the configuration. Thanks, again. -- []s, Fernando -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
