On 06-03-18 21:09, Richard Laager wrote: > Previously, you could not override ExecStart, only add to it. In systemd > 197 (available in Fedora 18), this syntax should work: > > ExecStart= > EnvironmentFile=-/etc/sysconfig/ntpd > ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS > > The empty ExecStart= indicates that you are clearing out the previous > ExecStart entry (or entries, but that's not applicable here) and then > you add your replacement. > > See this, especially starting at comment 9: > https://bugzilla.redhat.com/show_bug.cgi?id=756787 > > Note that I have not personally tested this. If this doesn't work for > you, what is your systemd version, and what is the output of `systemctl > show ntpd.service`?
# rpm -q systemd systemd-233-7.fc26.x86_64 # systemctl show ntpd.service Type=forking Restart=no NotifyAccess=none RestartUSec=100ms TimeoutStartUSec=1min 30s TimeoutStopUSec=1min 30s RuntimeMaxUSec=infinity WatchdogUSec=0 WatchdogTimestamp=Wed 2018-03-07 04:37:21 CET WatchdogTimestampMonotonic=428019742222 FailureAction=none PermissionsStartOnly=no RootDirectoryStartOnly=no RemainAfterExit=no GuessMainPID=yes MainPID=32058 ControlPID=0 FileDescriptorStoreMax=0 NFileDescriptorStore=0 StatusErrno=0 Result=success UID=4294967295 GID=4294967295 ExecMainStartTimestamp=Wed 2018-03-07 04:37:21 CET ExecMainStartTimestampMonotonic=428019742208 ExecMainExitTimestampMonotonic=0 ExecMainPID=32058 ExecMainCode=0 ExecMainStatus=0 ExecStart={ path=/usr/sbin/ntpd ; argv[]=/usr/sbin/ntpd -g -N -u ntp:ntp ; ignore_errors=no ; start_time=[Wed 2018-03-07 04:37:21 CET] ; stop_time=[Wed 2018-03-07 04:37:21 CET] ; pid=32057 ; code=exited ; status=0 } Slice=system.slice ControlGroup=/system.slice/ntpd.service MemoryCurrent=18446744073709551615 CPUUsageNSec=18446744073709551615 TasksCurrent=18446744073709551615 Delegate=no CPUAccounting=no CPUWeight=18446744073709551615 StartupCPUWeight=18446744073709551615 CPUShares=18446744073709551615 StartupCPUShares=18446744073709551615 CPUQuotaPerSecUSec=infinity IOAccounting=no IOWeight=18446744073709551615 StartupIOWeight=18446744073709551615 BlockIOAccounting=no BlockIOWeight=18446744073709551615 StartupBlockIOWeight=18446744073709551615 MemoryAccounting=no MemoryLow=0 MemoryHigh=18446744073709551615 MemoryMax=18446744073709551615 MemorySwapMax=18446744073709551615 MemoryLimit=18446744073709551615 DevicePolicy=auto TasksAccounting=yes TasksMax=4915 UMask=0022 LimitCPU=18446744073709551615 LimitCPUSoft=18446744073709551615 LimitFSIZE=18446744073709551615 LimitFSIZESoft=18446744073709551615 LimitDATA=18446744073709551615 LimitDATASoft=18446744073709551615 LimitSTACK=18446744073709551615 LimitSTACKSoft=8388608 LimitCORE=18446744073709551615 LimitCORESoft=18446744073709551615 LimitRSS=18446744073709551615 LimitRSSSoft=18446744073709551615 LimitNOFILE=4096 LimitNOFILESoft=1024 LimitAS=18446744073709551615 LimitASSoft=18446744073709551615 LimitNPROC=60910 LimitNPROCSoft=60910 LimitMEMLOCK=65536 LimitMEMLOCKSoft=65536 LimitLOCKS=18446744073709551615 LimitLOCKSSoft=18446744073709551615 LimitSIGPENDING=60910 LimitSIGPENDINGSoft=60910 LimitMSGQUEUE=819200 LimitMSGQUEUESoft=819200 LimitNICE=0 LimitNICESoft=0 LimitRTPRIO=0 LimitRTPRIOSoft=0 LimitRTTIME=18446744073709551615 LimitRTTIMESoft=18446744073709551615 OOMScoreAdjust=0 Nice=0 IOScheduling=0 CPUSchedulingPolicy=0 CPUSchedulingPriority=0 TimerSlackNSec=50000 CPUSchedulingResetOnFork=no NonBlocking=no StandardInput=null StandardOutput=journal StandardError=inherit TTYReset=no TTYVHangup=no TTYVTDisallocate=no SyslogPriority=30 SyslogLevelPrefix=yes SyslogLevel=6 SyslogFacility=3 SecureBits=0 CapabilityBoundingSet=18446744073709551615 AmbientCapabilities=0 DynamicUser=no RemoveIPC=no MountFlags=0 PrivateTmp=yes PrivateDevices=no ProtectKernelTunables=no ProtectKernelModules=no ProtectControlGroups=no PrivateNetwork=no PrivateUsers=no ProtectHome=no ProtectSystem=no SameProcessGroup=no UtmpMode=init IgnoreSIGPIPE=yes NoNewPrivileges=no SystemCallErrorNumber=0 RuntimeDirectoryMode=0755 MemoryDenyWriteExecute=no RestrictRealtime=no RestrictNamespaces=no MountAPIVFS=no KillMode=control-group KillSignal=15 SendSIGKILL=yes SendSIGHUP=no Id=ntpd.service Names=ntpd.service Requires=var.mount -.mount system.slice sysinit.target tmp.mount Wants=network.target RequisiteOf=ntp-wait.service WantedBy=multi-user.target Conflicts=shutdown.target systemd-timesyncd.service Before=multi-user.target shutdown.target ntp-wait.service After=systemd-journald.socket var.mount ldattach@ttyS2.service system.slice nss-lookup.target network.target sysinit.target -.mount basic.target tmp.mount systemd-tmpfiles-setup.service RequiresMountsFor=/tmp /var/tmp Documentation=man:ntpd(8) Description=Network Time Service LoadState=loaded ActiveState=active SubState=running FragmentPath=/usr/lib/systemd/system/ntpd.service DropInPaths=/etc/systemd/system/ntpd.service.d/10-environment.conf UnitFileState=enabled UnitFilePreset=disabled StateChangeTimestamp=Wed 2018-03-07 04:37:21 CET StateChangeTimestampMonotonic=428019742223 InactiveExitTimestamp=Wed 2018-03-07 04:37:21 CET InactiveExitTimestampMonotonic=428019716599 ActiveEnterTimestamp=Wed 2018-03-07 04:37:21 CET ActiveEnterTimestampMonotonic=428019742223 ActiveExitTimestamp=Wed 2018-03-07 04:37:21 CET ActiveExitTimestampMonotonic=428019659250 InactiveEnterTimestamp=Wed 2018-03-07 04:37:21 CET InactiveEnterTimestampMonotonic=428019700479 CanStart=yes CanStop=yes CanReload=no CanIsolate=no StopWhenUnneeded=no RefuseManualStart=no RefuseManualStop=no AllowIsolate=no DefaultDependencies=yes OnFailureJobMode=replace IgnoreOnIsolate=no NeedDaemonReload=no JobTimeoutUSec=infinity JobTimeoutAction=none ConditionResult=yes AssertResult=yes ConditionTimestamp=Wed 2018-03-07 04:37:21 CET ConditionTimestampMonotonic=428019701063 AssertTimestamp=Wed 2018-03-07 04:37:21 CET AssertTimestampMonotonic=428019701109 Transient=no Perpetual=no StartLimitIntervalSec=10000000 StartLimitBurst=5 StartLimitAction=none InvocationID=6187906c59814810b7c4e097fe7772c0 I noticed that systemd does notice changes to the drop in file but that it does not change the ntpd parameters. # cat /etc/sysconfig/ntpd # Command line options for ntpd OPTIONS="-g -6" # cat /lib/systemd/system/ntpd.service [Unit] Description=Network Time Service Documentation=man:ntpd(8) Wants=network.target ConditionCapability=CAP_SYS_TIME After=network.target nss-lookup.target Conflicts=systemd-timesyncd.service [Service] Type=forking PrivateTmp=true ExecStart=/usr/sbin/ntpd -g -N -u ntp:ntp # Specifying -g on the command line allows ntpd to make large adjustments to # the clock on boot. However, if Restart=yes is set, a malicious (or broken) # server could send the incorrect time, trip the panic threshold, and when # ntpd restarts, serve it the incorrect time (which would be accepted). Restart=no [Install] WantedBy=multi-user.target # cat 10-environment.conf ExecStart= EnvironmentFile=-/etc/sysconfig/ntpd ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS If this is without obvious errors and should work I can file a bug elsewhere as this is not a systemd development forum... Kind regards, Udo _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel