Re: ntp config tech note

[Adrian Chadd <adrian () creative net au>]

On Thu, May 20, 2004, C. Jon Larsen wrote:
> On Thu, 20 May 2004, Jared Mauch wrote:
>
> >     I've found it useful on older machines (PCs with cheap clocks and
> > oscilators) to cron ntpdate once an hour to prevent the clock from
> > getting too far off by itself.  I've found the daemon doesn't do good enough
> > of a job to sync on it's own...
>
> Isn't that a lot safer anyway than running a daemon (ntpd) as root ?  I do 
> this on my systems (run ntpdate from cron), even though the xntpd 
> docs IIRC specifically advised against this hack. One less 
> vulnerability waiting to be exploited ... is the way I see it.

Kind of. ntpdate just sets the time. ntpd will actually notice your clock
running fast/slow and slowly step your kernel time to deal with your
bad clock frequency.

man ntpd. Its quite fascinating.

RE the "ntpd as root" thing, is there a capability in some UNIXen
which lets you fudge with the kernel time/timecounter frequency without
being root?  I think thats all it really needs root privilege for.




Adrian

-- 
Adrian Chadd                    I'm only a fanboy if
<adrian () creative net au>         I emailed Wesley Crusher.