# ntpd in ntp-4.2.0-r2 ,  'failed to drop root privileges'

## vanoorschot

Hi,

I'am trying to run ntpd in an up-to-date gentoo system with a gentoo-dev-sources kernel (2.6.5).

Doing an:

 *Quote:*   

> 
> 
> /etc/init.d/ntpd start 
> 
> 

 

succeeds, without warnings in /var/log/messages, but no ntpd is started.

Doing an:

 *Quote:*   

> 
> 
> /usr/bin/ntpd -d -u ntp:ntp
> 
> 

 

from the command line gives a list of messages:

 *Quote:*   

> 
> 
> addto_syslog: ntpd 4.2.0@1.1161-r Fri Apr 16 10:43:40 CEST 2004 (1)
> 
> addto_syslog: signal_no_reset: signal 13 had flags 4000000
> ...

 

The last one is alarming to say the least. 

Removing the '-u' option fixes this. 

When i remove the equivalent line from /etc/conf.d/ntpd, '/etc/init.d/ntpd start' works as expected.

However, i'd rather not run ntpd as root   :Razz: 

Can somebody confirm this problem?

Jan

----------

## vanoorschot

don't you just love talking to yourself?  :Wink: 

Ok, just emerged the same ntp on a 2.4.23_pre8-gss box. On that system, the problem just isn't there. After setting the configuration the same as on the 2.6 box, a ps aux shows:

 *Quote:*   

> 
> 
> ntp      18360  0.0  1.5  3812 3812 ?        SL   16:30   0:00 /usr/bin/ntpd -p /var/run/ntpd.pid -u ntp:ntp
> 
> 

 

so is this a 2.6 problem?

Jan

----------

## -=LeXuS=-

Yes, same problem here with 2.6. 

modprobe capability  

solve the problem.

----------

## vanoorschot

Thanks -=LeXuS=- ... i only read your reply after a couple of months, when

i encountered the exact same problem on a new machine.

Your reply, together with this thread (https://forums.gentoo.org/viewtopic.php?t=116871) directed me towards the answer. It costed me a couple of prime-time hours, reading sources, googling and experimenting, so i thought i had better write this all down so maybe an other poor soul would be saved from the same troubles ... so here goes:

The 'modprobe capability' -=LeXus=- is refering to is closely related to the kernel option 'CONFIG_SECURITY'. You will find this in 'Security Options'/'Enable different Security Models'.

If this option is set in the kernel, and you have not done 'modprobe capability' (or you don't have that module, as was my case) ... ntp will not be able to drop the root privileges !!!!!! Removing that option (it's off by default), recompiling the kernel and activating that kernel will solve the ntp problem.

If you do enable the CONFIG SECURITY option in your kernel, you will need to make sure that the module 'capability' is loaded.

That's it .... it's real simple if you know it  :Wink: 

Jan

----------

## FreeFly42

Thanks, vanoorschot!  I just noticed I had this problem even though I upgraded to 2.6 years ago...

----------

## tecknojunky

 *FreeFly42 wrote:*   

> Thanks, vanoorschot!  I just noticed I had this problem even though I upgraded to 2.6 years ago...

 Me too  :Sad: 

You got to love Gentoo's init script system that start stuffs with a [ok] but is plain too dumb to monitor if actualy their is a process #pid in /proc and if it's named ntpd.  How hard can it be?

Boy do I feel like ranting now.  I'll restrain myself  :Rolling Eyes: 

----------

