[rsbac] rsbac and ntpd

Arkady A Drovosekov drawa at suct.uu.ru
Fri Jan 20 05:15:17 CET 2006

On Thu, Jan 19, 2006 at 05:10:46PM +0100, jochem_ippers at email.de wrote:
> Thank you very much! The rpm is great, because there are a lot of 
> examples how to use/configure rsbac, and that's really helpful for a 
> beginner. I just got ntp working (in a chroot jail) by giving the user 
> 'ntp' ACL rights (on SCD: capabilities, clock, time_strucs) and the RC 
> Role System_Admin, but I guess, that's not the most secure configuration 
> ;-) so I will try your solution soon.
you can add some like that (I know it's not perfect) and start ntpd as
ordinary user:
attr_set_file_dir -a CAP FILE /usr/sbin/ntpd min_caps NET_BIND_SERVICE SYS_TIME
attr_set_file_dir FILE /usr/sbin/ntpd fake_root_uid 3

sure you need correct access rights for jail dir
Best regards,

More information about the rsbac mailing list