ntp.conf: ownership and permissions - NTP

This is a discussion on ntp.conf: ownership and permissions - NTP ; What is the minimal access rights that can be placed on ntp.conf in order for ntpd to work properly? I.e., does the non-root user (say, "ntp") that runs ntpd need read access? Or does ntpd start up as root, read ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: ntp.conf: ownership and permissions

  1. ntp.conf: ownership and permissions

    What is the minimal access rights that can be placed on ntp.conf in
    order for ntpd to work properly?

    I.e., does the non-root user (say, "ntp") that runs ntpd need read
    access? Or does ntpd start up as root, read ntp.conf, then spawn a
    process owned by ntp and hand the information off without user ntp ever
    needing to read ntp.conf?


  2. Re: ntp.conf: ownership and permissions

    woger151@jqpx37.cotse.net wrote:

    > What is the minimal access rights that can be placed on ntp.conf in
    > order for ntpd to work properly?
    >
    > I.e., does the non-root user (say, "ntp") that runs ntpd need read
    > access? Or does ntpd start up as root, read ntp.conf, then spawn a
    > process owned by ntp and hand the information off without user ntp ever
    > needing to read ntp.conf?
    >


    I suspect that a great deal depends on what O/S you are using. On
    Solaris, ntpd runs as root (necessary to adjust system clock). I
    believe that some flavors of Linux somehow "drop root privileges" but
    I'm not familiar with the details.

    Whatever account is running nptd needs read access. Since there is
    normally nothing particularly secret about an ntpd configuration you
    need not worry about who can read it. Since it's not "executable" you
    need not worry about who can execute it. It should normally be
    writeable only by root.

    Mine is:
    sunblok_$ ls -al /etc/ntp.conf
    -rw-r--r-- 1 root other 1657 May 27 2006 /etc/ntp.conf


  3. Re: ntp.conf: ownership and permissions

    On 2006-12-19, Richard B. Gilbert wrote:
    > woger151@jqpx37.cotse.net wrote:
    >
    >> What is the minimal access rights that can be placed on ntp.conf in
    >> order for ntpd to work properly?

    >
    > Whatever account is running nptd needs read access.


    ntpd does not write to its configuration file.

    > Since there is normally nothing particularly secret about an ntpd
    > configuration you need not worry about who can read it.


    If you are using NTP Authentication (e.g. Autokey or symmetric keys)
    your ntp.conf will contain password information that should only be
    visible to the ntpd user. In that case ntp.conf should _not_ be world
    readable.

    It could, therefore, be considered a good practice to make your ntp.conf
    writeable only by root and readable only by root and the ntp user.

    chmod 640
    chown root:ntp (or chown root:root)

    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

+ Reply to Thread