[70652] in North American Network Operators' Group
Re: ntp config tech note
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Thu May 20 22:34:42 2004
Date: Fri, 21 May 2004 10:33:19 +0800
From: Adrian Chadd <adrian@creative.net.au>
To: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.44.0405201833270.20245-100000@pologrounds.richweb.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, May 20, 2004, C. Jon Larsen wrote:
>
>
> On Thu, 20 May 2004, Jared Mauch wrote:
>
> >
> >
> > I've found it useful on older machines (PCs with cheap clocks and
> > oscilators) to cron ntpdate once an hour to prevent the clock from
> > getting too far off by itself. I've found the daemon doesn't do good enough
> > of a job to sync on it's own...
>
> Isn't that a lot safer anyway than running a daemon (ntpd) as root ? I do
> this on my systems (run ntpdate from cron), even though the xntpd
> docs IIRC specifically advised against this hack. One less
> vulnerability waiting to be exploited ... is the way I see it.
Kind of. ntpdate just sets the time. ntpd will actually notice your clock
running fast/slow and slowly step your kernel time to deal with your
bad clock frequency.
man ntpd. Its quite fascinating.
RE the "ntpd as root" thing, is there a capability in some UNIXen
which lets you fudge with the kernel time/timecounter frequency without
being root? I think thats all it really needs root privilege for.
Adrian
--
Adrian Chadd I'm only a fanboy if
<adrian@creative.net.au> I emailed Wesley Crusher.
