[rsbac] rsbac and ntpd
Amon Ott
ao at rsbac.org
Thu Jan 19 13:06:34 CET 2006
On Donnerstag 19 Januar 2006 12:56, jochem_ippers at email.de wrote:
> I've got a problem with the ntpd (working as a client). I set AUTH
capabilities (to user/group ntp) and then an ACL entry for ntpd (SCD:
capability/MODIFY_SYTEM_DATA or: clock) so that the rsbac log entries
(...NOT GRANTED...) disappeared. When I start ntpd it contacts the
ntp server but then it mmm dies, and the ntp log says:
> cap_set_proc() failed to drop root privileges: Operation not
permitted
> So I tried different settings, but even setting CAP:min_caps to ALL
and suid to on (for /usr/sbin/ntpd) doesn't change it.
> Does anyone know the 'trick'? (Is it a posix capaility (module)
thing?)
Do you run ntpd in a jail? Or with a max_caps setting?
Does it work in global softmode?
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list