Package: ntp Version: 1:4.2.0a-11 Severity: wishlist Tags: patch Hi!
ntpd currently runs as root, which is far more than it needs (the only privilege it needs is CAP_SYS_TIME). Ubuntu contains a patch to run ntpd as normal user with CAP_SYS_TIME, you can get the patch from http://patches.ubuntu.com/patches/ntp.no-root.diff Please consider adopting it for Debian. Thanks! Martin ntp (1:4.2.0a-11ubuntu2) hoary; urgency=low * Run ntpd as normal user (with CAP_SYS_TIME) instead of root * ntpd/ntpd.c: - activate root dropping to user and group "ntp" - add runtime check whether the kernel really supports capabilities; do not drop root privileges if not - do not set CAP_SYS_TIME as inheritable * debian/rules: - configure with --enable-linuxcaps * debian/control, packages ntp-simple/ntp-refclock: - add "adduser" dependency * debian/ntp-{simple,refclock}.postinst: - create system user and group "ntp" - chown /var/lib/ntp and /var/log/ntpstats to ntp:ntp to allow ntpd to write into them - restart the server (for the case that ntp-server's postinst ran before ntp-{simple,refclock}'s) * debian/ntp-{simple,refclock}.postrm: - remove user and group ntp on package purge -- Martin Pitt <[EMAIL PROTECTED]> Thu, 25 Nov 2004 15:23:53 +0100 -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages ntp depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libreadline4 4.3-11 GNU readline and history libraries ii libssl0.9.7 0.9.7e-2 SSL shared libraries ii psmisc 21.5-1 Utilities that use the proc filesy -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
signature.asc
Description: Digital signature
