Boris Goldberg wrote: [snip] > There are pros and cons in the "demon" and in the "cron" schema. I > decided to use cron and I know why. Every sysadmin/architect should make > that decision for *his* systems (and know why). "Home users" should > probably stay with the default (ntpd), but they are usually using Windows > and cheap "hardware" firewalls anyway. ;) [snip]
I hate beating a dead horse, but this one needs one more whack. OpenNTPD runs as a 'daemon,' yes, but it does so using privilege separation and other goodies. The network code runs as a normal user, isolated from other users. This is superior to running rdate AS ROOT from a cronjob. OpenNTPD does not open any TCP or UDP ports by default. It is true that rdate has about 63% less lines of code than ntpd and is older, and may have had more code audits performed; However, ntpd is new code, written with security in mind, runs as a normal user (privilege separated for the most part) and has superior time keeping ability. Your advice about not running a daemon if it's possible to do the task otherwise may be true with a (bloated) daemon such as ntp.org ntpd, however, with OpenNTPD the tables are turned. It is far safer to run the 'daemon' than to perform the task otherwise. That being said, it is up to the individual users to decide what to do. Hopefully this above explanation will help those who don't necessarily understand the risks of running programs as root vice daemons which execute code with proper separation of privileges. -Brian [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
