| View previous topic :: View next topic |
| Author |
Message |
geophagus
n00b
Joined: 16 Dec 2002
Posts: 36
Location: Tönisvorst/Germany
|
 Posted: Sat Dec 20, 2003 1:50 pm Post subject: "ntpd -U ntp" not working with kernel 2.6 |
 |
|
The error message in ntpd.log is
| Code: | 20 Dec 14:39:58 ntpd[19866]: frequency initialized 0.000 from /var/lib/ntp/ntp.drift
20 Dec 14:39:58 ntpd[19867]: signal_no_reset: signal 17 had flags 4000000
20 Dec 14:39:58 ntpd[19866]: cap_set_proc failed.
20 Dec 14:40:00 ntpd[19867]: parent died before we finished, exiting |
The problem is caused by libcap. This library is needed when ntpd should drop root privileges. But libcap seems to be available only for kernel versions lower than 2.6. Even on the libcap homepage (www.kernel.org) I didn't find a 2.6 aware version of libcap.
Running ntpd as root works fine. But ist's not really what I want. Did someone else experience this problem? |
|
| Back to top |
|
 |
geophagus
n00b
Joined: 16 Dec 2002
Posts: 36
Location: Tönisvorst/Germany
|
| Posted: Sat Dec 20, 2003 2:19 pm Post subject: |
|
|
Hmmm. I tried to find an answer for days now. But just after having written down my problem, the solution flashed into my mind. It's (not only?) libcap, it's the new kernel config parameter CONFIG_SECURITY_CAPABILITIES. On my system it's set to "m". After having modprobe'd capability, ntpd now runs as user ntp  |
|
| Back to top |
|
|
kepik_k
n00b
Joined: 27 Nov 2004
Posts: 40
Location: USA
|
| Posted: Wed Dec 22, 2004 2:12 am Post subject: |
|
|
Thanks for the pointer, I just got my nptd -u ntp:ntp to work after recompiling 2.6.9-r10 with CONFIG_SECURITY_CAPABILITIES=yes
_________________
I'm still learning, so I guess that means I'm still alive |
|
| Back to top |
|
|
tecknojunky
Veteran
Joined: 19 Oct 2002
Posts: 1937
Location: Montréal
|
| Posted: Sat Feb 26, 2005 5:12 am Post subject: |
|
|
| kepik_k wrote: | | Thanks for the pointer, I just got my nptd -u ntp:ntp to work after recompiling 2.6.9-r10 with CONFIG_SECURITY_CAPABILITIES=yes |
Thank you
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax. |
|
| Back to top |
|
|
jonaswidarsson
Apprentice
Joined: 16 Jan 2004
Posts: 273
Location: Göteborg, Sweden
|
| Posted: Wed Mar 22, 2006 12:32 pm Post subject: |
|
|
Doesn't work for me.
Running gentoo sources 2.6.10-gentoo-r6 on a file server.
| Code: | fp1 jonas # grep CONFIG_SECURITY /usr/src/linux/.config
CONFIG_SECURITY=y
# CONFIG_SECURITY_NETWORK is not set
CONFIG_SECURITY_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
# CONFIG_SECURITY_SECLVL is not set
# CONFIG_SECURITY_SELINUX is not set
fp1 jonas # |
but still: | Code: | fp1 jonas # tail /var/log/everything/current
Mar 22 13:25:52 [rc-scripts] WARNING: "ntpd" has already been started.
Mar 22 13:25:57 [rc-scripts] Failed to stop ntpd
Mar 22 13:25:59 [rc-scripts] WARNING: "ntpd" has already been started.
Mar 22 13:26:04 [ntpd] ntpd 4.2.0a@1.1190-r Wed Mar 22 13:16:53 CET 2006 (1)
Mar 22 13:26:04 [ntpd] precision = 1.000 usec
Mar 22 13:26:04 [ntpd] Listening on interface wildcard, 0.0.0.0#123
Mar 22 13:26:04 [ntpd] Listening on interface lo, 127.0.0.1#123
Mar 22 13:26:04 [ntpd] Listening on interface eth0, 192.168.1.196#123
Mar 22 13:26:04 [ntpd] kernel time sync status 0040
Mar 22 13:26:04 [ntpd] cap_set_proc() failed to drop root privileges: Operation not permitted
fp1 jonas # |
Is it required to be a module?
Maybe I should upgrade to a newer kernel, but you know how lazy one can get...
here's my command line, echoed from the initscript:
/usr/sbin/ntpd -p /var/run/ntpd.pid -u ntp:ntp |
|
| Back to top |
|
|
jonaswidarsson
Apprentice
Joined: 16 Jan 2004
Posts: 273
Location: Göteborg, Sweden
|
| Posted: Wed Mar 22, 2006 10:31 pm Post subject: |
|
|
SOLVED by upgrading to latest kernel 2.6.15-gentoo-r1, which forced me to upgrade baselayout first, due to the udev stuff.
I am not sure what fixed the problem, but I am glad to see ntpd survives the user switch now.
Note that I do not have CONFIG_SECURITY_CAPABILITIES as a module. It is compiled in, and works fine with this newer kernel. |
|
| Back to top |
|
|
BizarroJack
n00b
Joined: 04 Dec 2003
Posts: 29
|
| Posted: Tue Oct 17, 2006 8:31 pm Post subject: |
|
|
I had a problem in the same ballpark, more or less - From an older version of the ebuild, I automatically had ntpd configured to start with " -u ntp:ntp" (based on conf.d/ntpd), but this would never work without a build with "USE=caps" enabled. Interestingly, ntpd had been failing with no error message, so I wasn't even aware that it wasn't running for a time. More importantly, I was not shown WHY it wasn't running. My only clue was that when I tested in debug mode of ntpd (-d), a "usage:" text was printed that wasn't shown before, and I saw that the "-u" syntax was not part of the usage text. From that, I inferred that it must be a build problem, and examined the meanings of the USE options for the ntp package.
_________________
Jack |
|
| Back to top |
|
|
mbaecker
n00b
Joined: 13 May 2003
Posts: 10
|
| Posted: Tue Oct 31, 2006 8:23 am Post subject: |
|
|
I tried the solution from the last post:
/etc/portage/package.use:
net-misc/ntp caps
After this change, it worked like a charme.
Thanks for the help!  |
|
| Back to top |
|
|
numbaonestunna
n00b
Joined: 05 Mar 2003
Posts: 48
|
| Posted: Mon Mar 12, 2007 8:27 pm Post subject: |
|
|
| mbaecker wrote: | I tried the solution from the last post:
/etc/portage/package.use:
net-misc/ntp caps
After this change, it worked like a charm!
Thanks for the help! |
Most beautiful post ever. =) /sniff Thank you. Fixed my problem too! |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Thu Mar 22, 2007 8:49 am Post subject: |
|
|
| Thanks, I've been searching for a solution to this too. |
|
| Back to top |
|
|
drumgod
n00b
Joined: 12 Dec 2003
Posts: 61
|
| Posted: Thu Apr 19, 2007 2:58 am Post subject: |
|
|
| WooHoo! Another thank you from me... |
|
| Back to top |
|
|
ben_dash
Apprentice
Joined: 12 Aug 2003
Posts: 239
|
| Posted: Mon May 28, 2007 6:20 pm Post subject: |
|
|
| Thanks from here too! |
|
| Back to top |
|
|
|
Other Things Gentoo
