Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

ntpd in ntp-4.2.0-r2 , 'failed to drop root privileges'
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
vanoorschot
n00b
n00b


Joined: 22 Jan 2004
Posts: 9
PostPosted: Sat Apr 17, 2004 1:40 pm    Post subject: ntpd in ntp-4.2.0-r2 , 'failed to drop root privileges' Reply with quote
Hi,

I'am trying to run ntpd in an up-to-date gentoo system with a gentoo-dev-sources kernel (2.6.5).
Doing an:

Quote:

/etc/init.d/ntpd start


succeeds, without warnings in /var/log/messages, but no ntpd is started.

Doing an:
Quote:

/usr/bin/ntpd -d -u ntp:ntp

from the command line gives a list of messages:
Quote:

addto_syslog: ntpd 4.2.0@1.1161-r Fri Apr 16 10:43:40 CEST 2004 (1)
addto_syslog: signal_no_reset: signal 13 had flags 4000000
addto_syslog: precision = 1.000 usec
create_sockets(123)
addto_syslog: no IPv6 interfaces found
bind() fd 4, family 2, port 123, addr 0.0.0.0, flags=8
bind() fd 5, family 2, port 123, addr 192.168.234.2, flags=8
bind() fd 6, family 2, port 123, addr 127.0.0.1, flags=0
init_io: maxactivefd 6
local_clock: at 0 state 0
key_expire: at 0
peer_clear: at 0 assoc ID 40588 refid INIT
newpeer: 192.168.234.2->130.161.180.1 mode 3 vers 4 poll 6 10 flags 0x201 0x1 ttl 0 key 00000000
addto_syslog: frequency initialized -66.673 PPM from /var/lib/ntp/ntp.drift

local_clock: at 0 state 1
addto_syslog: cap_set_proc() failed to drop root privileges: Operation not permitted


The last one is alarming to say the least.

Removing the '-u' option fixes this.

When i remove the equivalent line from /etc/conf.d/ntpd, '/etc/init.d/ntpd start' works as expected.

However, i'd rather not run ntpd as root :P

Can somebody confirm this problem?

Jan
Back to top
View user's profile Send private message
vanoorschot
n00b
n00b


Joined: 22 Jan 2004
Posts: 9
PostPosted: Sat Apr 17, 2004 2:35 pm    Post subject: Reply with quote
don't you just love talking to yourself? ;)

Ok, just emerged the same ntp on a 2.4.23_pre8-gss box. On that system, the problem just isn't there. After setting the configuration the same as on the 2.6 box, a ps aux shows:

Quote:

ntp 18360 0.0 1.5 3812 3812 ? SL 16:30 0:00 /usr/bin/ntpd -p /var/run/ntpd.pid -u ntp:ntp


so is this a 2.6 problem?

Jan
Back to top
View user's profile Send private message
-=LeXuS=-
n00b
n00b


Joined: 04 Nov 2003
Posts: 56
PostPosted: Wed May 05, 2004 7:21 pm    Post subject: Reply with quote
Yes, same problem here with 2.6.

modprobe capability

solve the problem.
Back to top
View user's profile Send private message
vanoorschot
n00b
n00b


Joined: 22 Jan 2004
Posts: 9
PostPosted: Fri Aug 06, 2004 9:21 am    Post subject: Reply with quote
Thanks -=LeXuS=- ... i only read your reply after a couple of months, when
i encountered the exact same problem on a new machine.
Your reply, together with this thread (https://forums.gentoo.org/viewtopic.php?t=116871) directed me towards the answer. It costed me a couple of prime-time hours, reading sources, googling and experimenting, so i thought i had better write this all down so maybe an other poor soul would be saved from the same troubles ... so here goes:

The 'modprobe capability' -=LeXus=- is refering to is closely related to the kernel option 'CONFIG_SECURITY'. You will find this in 'Security Options'/'Enable different Security Models'.
If this option is set in the kernel, and you have not done 'modprobe capability' (or you don't have that module, as was my case) ... ntp will not be able to drop the root privileges !!!!!! Removing that option (it's off by default), recompiling the kernel and activating that kernel will solve the ntp problem.
If you do enable the CONFIG SECURITY option in your kernel, you will need to make sure that the module 'capability' is loaded.

That's it .... it's real simple if you know it ;)

Jan
Back to top
View user's profile Send private message
FreeFly42
l33t
l33t


Joined: 03 Nov 2003
Posts: 848
Location: Houston, TX
PostPosted: Mon Oct 18, 2004 9:56 pm    Post subject: Reply with quote
Thanks, vanoorschot! I just noticed I had this problem even though I upgraded to 2.6 years ago...
_________________
Kent

Planes are dangerous, get out of 'em quick
Back to top
View user's profile Send private message
tecknojunky
Veteran
Veteran


Joined: 19 Oct 2002
Posts: 1937
Location: Montréal
PostPosted: Wed Nov 17, 2004 4:55 am    Post subject: Reply with quote
FreeFly42 wrote:
Thanks, vanoorschot! I just noticed I had this problem even though I upgraded to 2.6 years ago...
Me too :(

You got to love Gentoo's init script system that start stuffs with a [ok] but is plain too dumb to monitor if actualy their is a process #pid in /proc and if it's named ntpd. How hard can it be?

Boy do I feel like ranting now. I'll restrain myself :roll:
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy