[ntp:questions] Re: running ntpd as user in solaris 9

David Magda dmagda+trace050401 at ee.ryerson.ca
Sat Feb 18 04:35:54 UTC 2006


mayer at ntp.isc.org (Danny Mayer) writes:

> Dale Bright wrote:
>> Hi All,
>> 
>> Newbie here, looking for a little help from those who have come
>> before me, Has anyone got 2.0 to work as non-root privileges in
>> solaris 9.  is it even possible... if so can someone point me a a
>> good link.  Googled for a while and do not find much solaris
>> help... ( no jokes on that please :-) )
>> 
>> Thx
>> Dale
>
> You need privileges to bind to the NTP port (123) and then you need
> privileges to change the clock. If you don't have the requisite
> privileges, and this applies to all operating systems, not just
> Solaris, then you may as well forget it.

To the OP,

What do you mean "2.0" ?


In general, you'd probably want to check out Solaris's RBAC system
(available since Solaris 8). There's a pretty good introduction on
RBAC on Solaris 10 at:

http://www.sun.com/bigadmin/features/articles/least_privilege.html

>From the article:

    PRIV_NET_PRIVADDR
        Allow a process to bind to a privileged port number. The
        privilege port numbers are 1-1023 (the traditional UNIX
        privileged ports) as well as those ports marked as
        "udp/tcp_extra_priv_ports" with the exception of the ports
        reserved for use by NFS.

There's a bit of an example at the following URL that may be of use
(note the 'sys_time' privilege):

http://docs.sun.com/app/docs/doc/816-4557/6maosrjgo?a=view

And an example of configuring a role on Solaris 10 with a patched
OpenNTPD:

http://www.pitt.edu/~toc1/openntpd.html

There was also a thread on the ntp-hackers mailing list back in April
(the following message would be quite pertinent):

http://lists.ntp.isc.org/pipermail/hackers/2005-April/001219.html

You may want to ask in comp.unix.solaris. If you do manage to do this
please let us know (or at least me :).


It would be nice if Sun change ntp to use privileges (it would also be
nice if they started using NTP 4.x :).

-- 
David Magda <dmagda at ee.ryerson.ca> 
Because the innovator has for enemies all those who have done well under 
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI 




More information about the questions mailing list