I'm looking at the documentation, subsection "Access Control Commands,"
section "Access Control Options," at URL
http://www.eecis.udel.edu/~mills/ntp...ccopt.html#cmd

The doc states "The flags are not orthogonal, in that more restrictive
flags will often make less restrictive ones redundant." And then

"noquery[:] Deny ntpq and ntpdc queries. Time service is not affected."

"nomodify[:] Deny ntpq and ntpdc queries which attempt to modify the
state of the server (i.e., run time reconfiguration). Queries which
return information are permitted."

A naive reading would indicate that noquery is stricter than nomodify,
hence if one has noquery, nomodify is redundant.

That, however, is contradicted by numerous examples on the web and
usenet.

So is the naive reading incorrect?