[rsbac] rsbac and ntpd

jochem_ippers at email.de jochem_ippers at email.de
Thu Jan 19 12:56:17 CET 2006

HI, it's me again ;-),
I've got a problem with the ntpd (working as a client). I set AUTH capabilities (to user/group ntp) and then an ACL entry for ntpd (SCD: capability/MODIFY_SYTEM_DATA or: clock) so that the rsbac log entries (...NOT GRANTED...) disappeared. When I start ntpd it contacts the ntp server but then it mmm dies, and the ntp log says: 
cap_set_proc() failed to drop root privileges: Operation not permitted
So I tried different settings, but even setting CAP:min_caps to ALL and suid to on (for /usr/sbin/ntpd) doesn't change it.
Does anyone know the 'trick'?  (Is it a posix capaility (module) thing?)
Thanks in advance.

More information about the rsbac mailing list