View previous topic :: View next topic |
Author |
Message |
geophagus n00b
Joined: 16 Dec 2002 Posts: 36 Location: Tönisvorst/Germany
|
Posted: Sat Dec 20, 2003 1:50 pm Post subject: "ntpd -U ntp" not working with kernel 2.6 |
|
|
The error message in ntpd.log is
Code: | 20 Dec 14:39:58 ntpd[19866]: frequency initialized 0.000 from /var/lib/ntp/ntp.drift
20 Dec 14:39:58 ntpd[19867]: signal_no_reset: signal 17 had flags 4000000
20 Dec 14:39:58 ntpd[19866]: cap_set_proc failed.
20 Dec 14:40:00 ntpd[19867]: parent died before we finished, exiting |
The problem is caused by libcap. This library is needed when ntpd should drop root privileges. But libcap seems to be available only for kernel versions lower than 2.6. Even on the libcap homepage (www.kernel.org) I didn't find a 2.6 aware version of libcap.
Running ntpd as root works fine. But ist's not really what I want. Did someone else experience this problem? |
|
Back to top |
|
|
geophagus n00b
Joined: 16 Dec 2002 Posts: 36 Location: Tönisvorst/Germany
|
Posted: Sat Dec 20, 2003 2:19 pm Post subject: |
|
|
Hmmm. I tried to find an answer for days now. But just after having written down my problem, the solution flashed into my mind. It's (not only?) libcap, it's the new kernel config parameter CONFIG_SECURITY_CAPABILITIES. On my system it's set to "m". After having modprobe'd capability, ntpd now runs as user ntp |
|
Back to top |
|
|
kepik_k n00b
Joined: 27 Nov 2004 Posts: 40 Location: USA
|
Posted: Wed Dec 22, 2004 2:12 am Post subject: |
|
|
Thanks for the pointer, I just got my nptd -u ntp:ntp to work after recompiling 2.6.9-r10 with CONFIG_SECURITY_CAPABILITIES=yes _________________ I'm still learning, so I guess that means I'm still alive |
|
Back to top |
|
|
tecknojunky Veteran
Joined: 19 Oct 2002 Posts: 1937 Location: Montréal
|
Posted: Sat Feb 26, 2005 5:12 am Post subject: |
|
|
kepik_k wrote: | Thanks for the pointer, I just got my nptd -u ntp:ntp to work after recompiling 2.6.9-r10 with CONFIG_SECURITY_CAPABILITIES=yes | Thank you _________________ (7 of 9) Installing star-trek/species-8.4.7.2::talax. |
|
Back to top |
|
|
jonaswidarsson Apprentice
Joined: 16 Jan 2004 Posts: 273 Location: Göteborg, Sweden
|
Posted: Wed Mar 22, 2006 12:32 pm Post subject: |
|
|
Doesn't work for me.
Running gentoo sources 2.6.10-gentoo-r6 on a file server.
Code: | fp1 jonas # grep CONFIG_SECURITY /usr/src/linux/.config
CONFIG_SECURITY=y
# CONFIG_SECURITY_NETWORK is not set
CONFIG_SECURITY_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
# CONFIG_SECURITY_SECLVL is not set
# CONFIG_SECURITY_SELINUX is not set
fp1 jonas # |
but still: Code: | fp1 jonas # tail /var/log/everything/current
Mar 22 13:25:52 [rc-scripts] WARNING: "ntpd" has already been started.
Mar 22 13:25:57 [rc-scripts] Failed to stop ntpd
Mar 22 13:25:59 [rc-scripts] WARNING: "ntpd" has already been started.
Mar 22 13:26:04 [ntpd] ntpd 4.2.0a@1.1190-r Wed Mar 22 13:16:53 CET 2006 (1)
Mar 22 13:26:04 [ntpd] precision = 1.000 usec
Mar 22 13:26:04 [ntpd] Listening on interface wildcard, 0.0.0.0#123
Mar 22 13:26:04 [ntpd] Listening on interface lo, 127.0.0.1#123
Mar 22 13:26:04 [ntpd] Listening on interface eth0, 192.168.1.196#123
Mar 22 13:26:04 [ntpd] kernel time sync status 0040
Mar 22 13:26:04 [ntpd] cap_set_proc() failed to drop root privileges: Operation not permitted
fp1 jonas # | Is it required to be a module?
Maybe I should upgrade to a newer kernel, but you know how lazy one can get...
here's my command line, echoed from the initscript:
/usr/sbin/ntpd -p /var/run/ntpd.pid -u ntp:ntp |
|
Back to top |
|
|
jonaswidarsson Apprentice
Joined: 16 Jan 2004 Posts: 273 Location: Göteborg, Sweden
|
Posted: Wed Mar 22, 2006 10:31 pm Post subject: |
|
|
SOLVED by upgrading to latest kernel 2.6.15-gentoo-r1, which forced me to upgrade baselayout first, due to the udev stuff.
I am not sure what fixed the problem, but I am glad to see ntpd survives the user switch now.
Note that I do not have CONFIG_SECURITY_CAPABILITIES as a module. It is compiled in, and works fine with this newer kernel. |
|
Back to top |
|
|
BizarroJack n00b
Joined: 04 Dec 2003 Posts: 29
|
Posted: Tue Oct 17, 2006 8:31 pm Post subject: |
|
|
I had a problem in the same ballpark, more or less - From an older version of the ebuild, I automatically had ntpd configured to start with " -u ntp:ntp" (based on conf.d/ntpd), but this would never work without a build with "USE=caps" enabled. Interestingly, ntpd had been failing with no error message, so I wasn't even aware that it wasn't running for a time. More importantly, I was not shown WHY it wasn't running. My only clue was that when I tested in debug mode of ntpd (-d), a "usage:" text was printed that wasn't shown before, and I saw that the "-u" syntax was not part of the usage text. From that, I inferred that it must be a build problem, and examined the meanings of the USE options for the ntp package. _________________ Jack |
|
Back to top |
|
|
mbaecker n00b
Joined: 13 May 2003 Posts: 10
|
Posted: Tue Oct 31, 2006 8:23 am Post subject: |
|
|
I tried the solution from the last post:
/etc/portage/package.use:
net-misc/ntp caps
After this change, it worked like a charme.
Thanks for the help! |
|
Back to top |
|
|
numbaonestunna n00b
Joined: 05 Mar 2003 Posts: 48
|
Posted: Mon Mar 12, 2007 8:27 pm Post subject: |
|
|
mbaecker wrote: | I tried the solution from the last post:
/etc/portage/package.use:
net-misc/ntp caps
After this change, it worked like a charm!
Thanks for the help! |
Most beautiful post ever. =) /sniff Thank you. Fixed my problem too! |
|
Back to top |
|
|
nobspangle Veteran
Joined: 23 Mar 2004 Posts: 1318 Location: Manchester, UK
|
Posted: Thu Mar 22, 2007 8:49 am Post subject: |
|
|
Thanks, I've been searching for a solution to this too. |
|
Back to top |
|
|
drumgod n00b
Joined: 12 Dec 2003 Posts: 61
|
Posted: Thu Apr 19, 2007 2:58 am Post subject: |
|
|
WooHoo! Another thank you from me... |
|
Back to top |
|
|
ben_dash Apprentice
Joined: 12 Aug 2003 Posts: 239
|
Posted: Mon May 28, 2007 6:20 pm Post subject: |
|
|
Thanks from here too! |
|
Back to top |
|
|
|