ntp config tech note

james edwards hackerwacker at cybermesa.com
Fri May 21 17:26:36 UTC 2004

> My personal feeling was that for most systems its better to not have the
> daemon running - i.e. the benefit of smaller more frequent clock
> adjustments does not outweigh the cost of another service running,
> especially as root or even as a jailed non-root user.

Well, present NTP drops to a nonroot user after it sets the time &
proprer use of the very flexable ACL lists in your ntp.conf should help
non-local NTP exploits, ie, don't offer NTP service to the world or anyone
for that matter.

I need better than one second resolution for syslog and other loging info to
be useful
in debugging problems across multiple hosts.

James H. Edwards
Routing and Security Administrator
At the Santa Fe Office: Internet at Cyber Mesa
jamesh at cybermesa.com
noc at cybermesa.com
(505) 795-7101

More information about the NANOG mailing list