ntp config tech note

Adrian Chadd adrian at creative.net.au
Fri May 21 02:33:19 UTC 2004


On Thu, May 20, 2004, C. Jon Larsen wrote:
> 
> 
> On Thu, 20 May 2004, Jared Mauch wrote:
> 
> > 
> > 
> > 	I've found it useful on older machines (PCs with cheap clocks and
> > oscilators) to cron ntpdate once an hour to prevent the clock from
> > getting too far off by itself.  I've found the daemon doesn't do good enough
> > of a job to sync on it's own...
> 
> Isn't that a lot safer anyway than running a daemon (ntpd) as root ?  I do 
> this on my systems (run ntpdate from cron), even though the xntpd 
> docs IIRC specifically advised against this hack. One less 
> vulnerability waiting to be exploited ... is the way I see it.

Kind of. ntpdate just sets the time. ntpd will actually notice your clock
running fast/slow and slowly step your kernel time to deal with your
bad clock frequency.

man ntpd. Its quite fascinating.

RE the "ntpd as root" thing, is there a capability in some UNIXen
which lets you fudge with the kernel time/timecounter frequency without
being root?  I think thats all it really needs root privilege for.




Adrian

-- 
Adrian Chadd			I'm only a fanboy if
<adrian at creative.net.au>	    I emailed Wesley Crusher.

			




More information about the NANOG mailing list