On Fri, Apr 24, 2009 at 01:51:22PM -0400, Brian Utterback wrote: > While I am not adverse to having an ntp user and group, I have > discussed this with a few people off and on, and there doesn't seem to > be a consensus as to whether or not it is worth it. It will definitely > make administration more difficult, because of the requirements placed > on the key files. Also, in discussion with Nico just now, we agreed to > have the pid for ntp written to /var/run, which will be more > complicated if the daemon runs as anything other than root or daemon. > Having a ntp user will definitely break the reading of existing keyfiles.
I'd be happier if there were no ntp pid file though... In the world of SMF PID files should generally be unnecessary (if signals are used as IPC then pid files are tolerable). Also, since ntpd is aware of Linux capabilities, surely making it aware of Solaris privileges should be acceptable (either as part of this case or a folow-on CR). Nico --
