Re: [gentoo-user] ntp problems

Re: [gentoo-user] ntp problems

[David Corbin]

On Sunday 12 March 2006 04:28 pm, Peter Ruskin wrote:
> On Sunday 12 March 2006 20:16, David Corbin wrote:
> > ntp-client is in my "default" run level.  However, when I it runs
> > at boot time, I get this error message:
> >
> > 12 Mar 09:06:24 ntpd[9516]: cap_set_proc() failed to drop root
> > privileges: Operation not permitted
> > 12 Mar 09:06:26 ntpd[9561]: parent died before we finished,
> > exiting
> >
> >
> > If I run it as root manually, it runs fine.
>
> Add nodroproot to your USE flags and remerge ntp

I will, but why does it work fine "from the command line"?

>
> --
> Peter
> ========================================================================
> Gentoo Linux: Portage 2.0.54.	kernel-2.6.15-gentoo-r5.
> i686 AMD Athlon(tm) XP 3200+.		gcc(GCC): 3.4.5.
> KDE: 3.5.1.				Qt: 3.3.4.
> ========================================================================
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] ntp problems

[David Corbin]

ntp-client is in my "default" run level.  However, when I it runs at boot 
time, I get this error message:

12 Mar 09:06:24 ntpd[9516]: cap_set_proc() failed to drop root privileges: 
Operation not permitted
12 Mar 09:06:26 ntpd[9561]: parent died before we finished, exiting


If I run it as root manually, it runs fine.  

Any ideas as to what the problem is?

David
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problems

[Peter Ruskin]

On Sunday 12 March 2006 20:16, David Corbin wrote:
> ntp-client is in my "default" run level.  However, when I it runs
> at boot time, I get this error message:
>
> 12 Mar 09:06:24 ntpd[9516]: cap_set_proc() failed to drop root
> privileges: Operation not permitted
> 12 Mar 09:06:26 ntpd[9561]: parent died before we finished,
> exiting
>
>
> If I run it as root manually, it runs fine.
>
Add nodroproot to your USE flags and remerge ntp

-- 
Peter
========================================================================
Gentoo Linux: Portage 2.0.54.	kernel-2.6.15-gentoo-r5.
i686 AMD Athlon(tm) XP 3200+.		gcc(GCC): 3.4.5.
KDE: 3.5.1.				Qt: 3.3.4.
========================================================================
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problems

[Rumen Yotov]

[-- Attachment #1: Type: text/plain, Size: 1456 bytes --]

On Sunday 12 March 2006 19:43, David Corbin wrote:
> On Sunday 12 March 2006 04:28 pm, Peter Ruskin wrote:
> > On Sunday 12 March 2006 20:16, David Corbin wrote:
> > > ntp-client is in my "default" run level.  However, when I it runs
> > > at boot time, I get this error message:
> > >
> > > 12 Mar 09:06:24 ntpd[9516]: cap_set_proc() failed to drop root
> > > privileges: Operation not permitted
> > > 12 Mar 09:06:26 ntpd[9561]: parent died before we finished,
> > > exiting
> > >
> > >
> > > If I run it as root manually, it runs fine.
> >
> > Add nodroproot to your USE flags and remerge ntp
>
> I will, but why does it work fine "from the command line"?
>
> > --
> > Peter
> > ========================================================================
> > Gentoo Linux: Portage 2.0.54.	kernel-2.6.15-gentoo-r5.
> > i686 AMD Athlon(tm) XP 3200+.		gcc(GCC): 3.4.5.
> > KDE: 3.5.1.				Qt: 3.3.4.
> > ========================================================================
Hi,
Because when it wants to drop it's privileges from root to e.g. ntpd (user or 
group) it can't - get's killed.
Usually permission problems or in this case it/ntpd can't access /proc to set 
time (cap_set_proc()).
Just a sidenote, recently (a day ago) exchanged "ntp" for "openntpd" (from 
OpenBSD) on a hardened router, because ntp wanted to lock too much memory 
(RLIMIT_MEMLOCK - from 32K (default) -> ~8 MB) and other minor issues.
HTH.Rumen

[-- Attachment #2: Type: application/pgp-signature, Size: 200 bytes --]

Re: [gentoo-user] ntp problems

[David Corbin]

On Monday 13 March 2006 12:22 am, Rumen Yotov wrote:
> On Sunday 12 March 2006 19:43, David Corbin wrote:
> > On Sunday 12 March 2006 04:28 pm, Peter Ruskin wrote:
> > > On Sunday 12 March 2006 20:16, David Corbin wrote:
> > > > ntp-client is in my "default" run level.  However, when I it runs
> > > > at boot time, I get this error message:
> > > >
> > > > 12 Mar 09:06:24 ntpd[9516]: cap_set_proc() failed to drop root
> > > > privileges: Operation not permitted
> > > > 12 Mar 09:06:26 ntpd[9561]: parent died before we finished,
> > > > exiting
> > > >
> > > >
> > > > If I run it as root manually, it runs fine.
> > >
> > > Add nodroproot to your USE flags and remerge ntp
> >
> > I will, but why does it work fine "from the command line"?
> Hi,

I don't mean to sound like child who continues to go "but why?".  Still, it 
doesn't make sense to me.

> Because when it wants to drop it's privileges from root to e.g. ntpd (user
> or group) it can't - get's killed.

First, I don't understand how root could ever have a permission problem try to 
"downgrade its privleges".

Second, I don't understand how it could not have the require privileges during 
the boot process (presumably running starting as root), and yet it works when 
I run it by hand as root.

> Usually permission problems or in this case it/ntpd can't access /proc to
> set time (cap_set_proc()).


> Just a sidenote, recently (a day ago) exchanged "ntp" for "openntpd" (from
> OpenBSD) on a hardened router, because ntp wanted to lock too much memory
> (RLIMIT_MEMLOCK - from 32K (default) -> ~8 MB) and other minor issues.
> HTH.Rumen
-- 
gentoo-user@gentoo.org mailing list