[ntp:questions] Re: running ntpd as user in solaris 9

David Magda dmagda+trace050401 at ee.ryerson.ca
Sat Feb 18 04:35:54 UTC 2006

mayer at ntp.isc.org (Danny Mayer) writes:

> Dale Bright wrote:
>> Hi All,
>> Newbie here, looking for a little help from those who have come
>> before me, Has anyone got 2.0 to work as non-root privileges in
>> solaris 9.  is it even possible... if so can someone point me a a
>> good link.  Googled for a while and do not find much solaris
>> help... ( no jokes on that please :-) )
>> Thx
>> Dale
> You need privileges to bind to the NTP port (123) and then you need
> privileges to change the clock. If you don't have the requisite
> privileges, and this applies to all operating systems, not just
> Solaris, then you may as well forget it.

To the OP,

What do you mean "2.0" ?

In general, you'd probably want to check out Solaris's RBAC system
(available since Solaris 8). There's a pretty good introduction on
RBAC on Solaris 10 at:


>From the article:

        Allow a process to bind to a privileged port number. The
        privilege port numbers are 1-1023 (the traditional UNIX
        privileged ports) as well as those ports marked as
        "udp/tcp_extra_priv_ports" with the exception of the ports
        reserved for use by NFS.

There's a bit of an example at the following URL that may be of use
(note the 'sys_time' privilege):


And an example of configuring a role on Solaris 10 with a patched


There was also a thread on the ntp-hackers mailing list back in April
(the following message would be quite pertinent):


You may want to ask in comp.unix.solaris. If you do manage to do this
please let us know (or at least me :).

It would be nice if Sun change ntp to use privileges (it would also be
nice if they started using NTP 4.x :).

David Magda <dmagda at ee.ryerson.ca> 
Because the innovator has for enemies all those who have done well under 
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI 

More information about the questions mailing list