>> Yes, please. I see no reason why ntpd should start up as root these >> days.
> It needs to be able to read /dev/pps*, SHM(0) and SHM(1) You don't need root for /dev/whatever if you set the owner to ntp:ntp before starting ntpd. Linux has split the root-does-everything permissions to various separate flags. See man 7 capabilities for the list and details. cap_ipc_lock covers SHM The idea is to set the capabilities that you need on ntpd and switch to ntp:ntp before starting it. Then you only start with some of the capabilities, not everything. You can still drop the capabilities that you don't need any more. One more tweak that I missed on my previous message: If you use -p <pid file name> on the command line, you need to be able to write that file. I fixed that with a touch and chown. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel