[rsbac] rsbac and ntpd

Amon Ott ao at rsbac.org
Thu Jan 19 13:06:34 CET 2006

On Donnerstag 19 Januar 2006 12:56, jochem_ippers at email.de wrote:
> I've got a problem with the ntpd (working as a client). I set AUTH 
capabilities (to user/group ntp) and then an ACL entry for ntpd (SCD: 
capability/MODIFY_SYTEM_DATA or: clock) so that the rsbac log entries 
(...NOT GRANTED...) disappeared. When I start ntpd it contacts the 
ntp server but then it mmm dies, and the ntp log says: 
> cap_set_proc() failed to drop root privileges: Operation not 
> So I tried different settings, but even setting CAP:min_caps to ALL 
and suid to on (for /usr/sbin/ntpd) doesn't change it.
> Does anyone know the 'trick'?  (Is it a posix capaility (module) 

Do you run ntpd in a jail? Or with a max_caps setting?

Does it work in global softmode?

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list