Gary said:
>> What would ntpd need root for?
> SHM(0) and SHM(1).
That would mean that you would have to restart ntpd to add SHM drivers.
Or, we could fix SHM so the client side is read-only.
The comments in ntpd.c
#ifdef ENABLE_EARLY_DROPROOT
/* drop root privileges */
/* This doesn't work on NetBSD or with SHM */
if (sandbox(droproot, user, group, chrootdir, interface_interval!=0)) {
interface_interval = 0;
/*
* for now assume that the privilege to bind to privileged
ports
* is associated with running with uid 0 - should be refined on
* ports that allow binding to NTP_PORT with uid != 0
*/
disable_dynamic_updates = true;
msyslog(LOG_INFO, "INIT: running as non-root disables dynamic
interface tracking");
}
#endif
--
These are my opinions. I hate spam.
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
