[ntp:questions] Re: running ntpd as user in solaris 9
dmagda+trace050401 at ee.ryerson.ca
Sat Feb 18 04:35:54 UTC 2006
mayer at ntp.isc.org (Danny Mayer) writes:
> Dale Bright wrote:
>> Hi All,
>> Newbie here, looking for a little help from those who have come
>> before me, Has anyone got 2.0 to work as non-root privileges in
>> solaris 9. is it even possible... if so can someone point me a a
>> good link. Googled for a while and do not find much solaris
>> help... ( no jokes on that please :-) )
> You need privileges to bind to the NTP port (123) and then you need
> privileges to change the clock. If you don't have the requisite
> privileges, and this applies to all operating systems, not just
> Solaris, then you may as well forget it.
To the OP,
What do you mean "2.0" ?
In general, you'd probably want to check out Solaris's RBAC system
(available since Solaris 8). There's a pretty good introduction on
RBAC on Solaris 10 at:
>From the article:
Allow a process to bind to a privileged port number. The
privilege port numbers are 1-1023 (the traditional UNIX
privileged ports) as well as those ports marked as
"udp/tcp_extra_priv_ports" with the exception of the ports
reserved for use by NFS.
There's a bit of an example at the following URL that may be of use
(note the 'sys_time' privilege):
And an example of configuring a role on Solaris 10 with a patched
There was also a thread on the ntp-hackers mailing list back in April
(the following message would be quite pertinent):
You may want to ask in comp.unix.solaris. If you do manage to do this
please let us know (or at least me :).
It would be nice if Sun change ntp to use privileges (it would also be
nice if they started using NTP 4.x :).
David Magda <dmagda at ee.ryerson.ca>
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
More information about the questions