nanog mailing list archives
Re: ntp config tech note
From: "james edwards" <hackerwacker () cybermesa com>
Date: Fri, 21 May 2004 11:26:36 -0600
My personal feeling was that for most systems its better to not have the daemon running - i.e. the benefit of smaller more frequent clock adjustments does not outweigh the cost of another service running, especially as root or even as a jailed non-root user.
Well, present NTP drops to a nonroot user after it sets the time & proprer use of the very flexable ACL lists in your ntp.conf should help midigate non-local NTP exploits, ie, don't offer NTP service to the world or anyone else for that matter. I need better than one second resolution for syslog and other loging info to be useful in debugging problems across multiple hosts. -- James H. Edwards Routing and Security Administrator At the Santa Fe Office: Internet at Cyber Mesa jamesh () cybermesa com noc () cybermesa com (505) 795-7101
Current thread:
- Re: ntp config tech note, (continued)
- Re: ntp config tech note Jared Mauch (May 20)
- Re: ntp config tech note Adrian Chadd (May 20)
- Re: ntp config tech note C. Jon Larsen (May 20)
- Re: ntp config tech note Adrian Chadd (May 20)
- Re: ntp config tech note Randy Bush (May 20)
- Re: ntp config tech note sthaug (May 21)
- Re: ntp config tech note C. Jon Larsen (May 21)
- Re: ntp config tech note Eric A. Hall (May 21)
- Re: ntp config tech note Mike Leber (May 24)
- Re: ntp config tech note Crist Clark (May 21)
- Re: ntp config tech note james edwards (May 21)
- Re: ntp config tech note Charles Sprickman (May 20)
- Re: ntp config tech note Pekka Savola (May 21)
- Re: ntp config tech note John Kristoff (May 20)
- Re: ntp config tech note Michael Sinatra (May 20)
- Re: ntp config tech note John Kristoff (May 21)
- Re: ntp config tech note Michael Sinatra (May 21)
- Re: ntp config tech note Stephen J. Wilcox (May 23)
- Re: ntp config tech note Tony Li (May 23)