ntpd cannot write to its drift file.

  • Done
  • quality assurance status badge
Details
4 participants
  • John Darrington
  • John Darrington
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Submitted by
John Darrington
Severity
normal

Debbugs page

John Darrington wrote 9 years ago
(address . bug-guix@gnu.org)
20160904174547.GA3727@jocasta.intra
Running the ntpd service I see lots of messages in /var/log/messages like:

Sep 4 13:02:21 localhost ntpd[302]: frequency file /var/run/ntp.drift.TEMP: Permission denied

J'


--
Avoid eavesdropping. Send strong encryted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.netor any PGP keyserver for public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlfMXcsACgkQimdxnC3oJ7OyiQCfWsdxC5pFFrh3CUNQW8SW5cES
MjEAmwQm2zO1FS5AZQJpEqUJyhMWpK6O
=ppGf
-----END PGP SIGNATURE-----


Leo Famulari wrote 9 years ago
(name . John Darrington)(address . john@darrington.wattle.id.au)(address . 24366@debbugs.gnu.org)
20160904202209.GB32311@jasmine
On Sun, Sep 04, 2016 at 07:45:47PM +0200, John Darrington wrote:
Toggle quote (4 lines)
> Running the ntpd service I see lots of messages in /var/log/messages like:
>
> Sep 4 13:02:21 localhost ntpd[302]: frequency file /var/run/ntp.drift.TEMP: Permission denied

Can the user that runs ntpd write to that directory?

Is there a build time configuration that we should tweak?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXzIJxAAoJECZG+jC6yn8IbWIQAI0TBcA/uUqNjJ3WzGBPzKww
CeaudHu/djB22NcflT71LdZif0TPfG4hijB+5bUgR9QtQbatFgjgplubqduCQ0aM
6nUL47ZEuEG6fyxndUg57bephgBBYBSBuTzkpu8LJETMwwKok4EZX4QpdH8i3mlk
305wqO6o3j/JtncaFlpnN8cOTostUi2LJZCB6dpwQx0C658/VCTwaemoeX5kHDs5
3cjM+z5BFSRD7SFAqgeMKYqvW2aOOC7Ik+WMZOTAcp42NvYkNUAhWLD2dFAh5nH/
eoGsMdeii0WtEoA3U4NgIduA/iQB6FYDN17UlFV658Hn3wZrOrnFFdEHRKSobwNU
ah/JbHIeTsX+8w9bUWWh+eO8ib9VH1jI5NgX0iWWKwFutOYAAZtGUGbEonKzQohO
bB9fXPCWJEjp8Gcdpb4aeX05eN3jjaG+RXDEIXJy6SKpk8Sct/uNQtVAJ6toaYlm
+7aFGTbYTXEHPj6jbJQIRK5kwGmVpckP6G7GAgpkpgJrHdH7j9FsrMhhoX0EX3bd
s85AaGmdAChdeV56wCu/NpmPDkR8AK8QWVaMOVPo5TREcOgImJnEPOVDGHoP1IuV
ZmkMsQZaLefX9wyRgGVls87NUkzCAfhhB0ndax1cxjotyJdPpFlPcdm/5i1ZO5bQ
dOVlCjXLOce4sfTIaBtr
=Mmnl
-----END PGP SIGNATURE-----


John Darrington wrote 9 years ago
(name . Leo Famulari)(address . leo@famulari.name)(address . 24366@debbugs.gnu.org)(name . John Darrington)(address . john@darrington.wattle.id.au)
20160904202454.GA5108@jocasta.intra
On Sun, Sep 04, 2016 at 04:22:09PM -0400, Leo Famulari wrote:
On Sun, Sep 04, 2016 at 07:45:47PM +0200, John Darrington wrote:
> Running the ntpd service I see lots of messages in /var/log/messages like:
>
> Sep 4 13:02:21 localhost ntpd[302]: frequency file /var/run/ntp.drift.TEMP: Permission denied
Can the user that runs ntpd write to that directory?

No. ntpd runs as its own user. /var/run is owned by root.
Is there a build time configuration that we should tweak?

Not that I'm aware of.

J'


--
Avoid eavesdropping. Send strong encryted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.netor any PGP keyserver for public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlfMgxYACgkQimdxnC3oJ7NgugCfYu1WIHwCpFNbQZlawn6A8u7w
b+MAnA9jja0dXVGeC69jBK09BLbrc4OP
=xVIE
-----END PGP SIGNATURE-----


Leo Famulari wrote 9 years ago
(name . John Darrington)(address . john@darrington.wattle.id.au)(address . 24366@debbugs.gnu.org)
20160904204353.GA515@jasmine
On Sun, Sep 04, 2016 at 10:24:54PM +0200, John Darrington wrote:
Toggle quote (14 lines)
> On Sun, Sep 04, 2016 at 04:22:09PM -0400, Leo Famulari wrote:
> On Sun, Sep 04, 2016 at 07:45:47PM +0200, John Darrington wrote:
> > Running the ntpd service I see lots of messages in /var/log/messages like:
> >
> > Sep 4 13:02:21 localhost ntpd[302]: frequency file /var/run/ntp.drift.TEMP: Permission denied
>
> Can the user that runs ntpd write to that directory?
>
> No. ntpd runs as its own user. /var/run is owned by root.
>
> Is there a build time configuration that we should tweak?
>
> Not that I'm aware of.

Hm, how do other distros avoid this problem?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXzIeJAAoJECZG+jC6yn8IKRgQALcLxlkjGOnoYyvlXFIA500t
upqD4GDzSzs/OXV8OCLfWQ9MOBbjYfB4acxH9akR+tdxu4r6Y5uhuFRRrRJIo1Kb
QKvZES839cH04P+tj/zpOkcjNK1xJvES4WN6Qup0IGzFimeABc8h4sOtvjscswg6
FL+Tg/hKRghoKv3OOhYTZG3ZRM+8IF82xcHABCZ2YDcbnZCr/0GahbLfr1Tv0VeS
4mkCa298KHI55uhn+PIhi6/IIWLF1IQKtYGqM41EbKUsHufFU4kYMiex+B/3KBsJ
0L+m6xITKOZJehCg3h+IF8D+kIr+wLhjyvGjhK+igEZNMLugQ0Jvd7dXRKiZdg32
lV1eVzq/l2tXvVyYe6zTR4nF+2A9+Ztduau/rCFZjWyoRNLM5p1t+/WLLetoB6IE
mNME790g3kXQ7zboijhyPOzRVzm5wMPGdQtnKrpsS4RVJ+18QJluJap+Wl7xuLaw
kNDq0i3+QAGFz4X2X8Lwfg6s8CukAtf//bknbFLhRxa88wTZx68/jrWVE40+ss/D
Cb2O3/t2BZ2ud+6BZ9IrDgpMeRQmabtV9oHsSVTo8P42pz8IxBC0a4260WPHpSiz
wy8PMQ1mP8UNo1nf91H+61LCMLb5JuTcN/aeBYiEaNGhUl3bV7Xbr0Zjg/OqKn3V
/9McRVbfW8LwrancOZgi
=2j7L
-----END PGP SIGNATURE-----


John Darrington wrote 9 years ago
(name . Leo Famulari)(address . leo@famulari.name)(address . 24366@debbugs.gnu.org)(name . John Darrington)(address . john@darrington.wattle.id.au)
20160904211215.GA5463@jocasta.intra
On Sun, Sep 04, 2016 at 04:43:53PM -0400, Leo Famulari wrote:
On Sun, Sep 04, 2016 at 10:24:54PM +0200, John Darrington wrote:
> On Sun, Sep 04, 2016 at 04:22:09PM -0400, Leo Famulari wrote:
> On Sun, Sep 04, 2016 at 07:45:47PM +0200, John Darrington wrote:
> > Running the ntpd service I see lots of messages in /var/log/messages like:
> >
> > Sep 4 13:02:21 localhost ntpd[302]: frequency file /var/run/ntp.drift.TEMP: Permission denied
>
> Can the user that runs ntpd write to that directory?
>
> No. ntpd runs as its own user. /var/run is owned by root.
>
> Is there a build time configuration that we should tweak?
>
> Not that I'm aware of.
Hm, how do other distros avoid this problem?

Well the obvious way would be to use a directory which is owned by the ntpd user.

J'



--
Avoid eavesdropping. Send strong encryted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.netor any PGP keyserver for public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlfMji8ACgkQimdxnC3oJ7O1nQCfVGBGJhOPBz6GB2NOCH3fNJnx
XeYAn2pt5Tx9Cxs9+pyJpa/11fQmcNOG
=N6f+
-----END PGP SIGNATURE-----


John Darrington wrote 9 years ago
[PATCH] gnu: Use a directory owned by ntpd user for drift file.
(address . 24366@debbugs.gnu.org)(name . John Darrington)(address . jmd@gnu.org)
1473188721-15624-1-git-send-email-jmd@gnu.org
I think this fixes the problem. What do you think?


* gnu/services/networking.scm (ntp-shepherd-service): Create new
directory at startup.
---
gnu/services/networking.scm | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

Toggle diff (28 lines)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 71f49a0..714dc80 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -271,8 +271,11 @@ Protocol (DHCP) client, on all the non-loopback network interfaces."
(($ <ntp-configuration> ntp servers)
(let ()
;; TODO: Add authentication support.
+ (define %user
+ (getpw "ntpd"))
+
(define config
- (string-append "driftfile /var/run/ntp.drift\n"
+ (string-append "driftfile /var/run/ntpd/ntp.drift\n"
(string-join (map (cut string-append "server " <>)
servers)
"\n")
@@ -294,6 +297,8 @@ restrict -6 ::1\n"))
(documentation "Run the Network Time Protocol (NTP) daemon.")
(requirement '(user-processes networking))
(start #~(make-forkexec-constructor
+ (mkdir-p "/var/run/ntpd")
+ (chown "/var/run/nptd" (passwd:uid %user) (passwd:gid %user))
(list (string-append #$ntp "/bin/ntpd") "-n"
"-c" #$ntpd.conf "-u" "ntpd")))
(stop #~(make-kill-destructor))))))))
--
2.1.4
Ludovic Courtès wrote 9 years ago
(name . John Darrington)(address . jmd@gnu.org)(address . 24366-done@debbugs.gnu.org)
87sht95etx.fsf@gnu.org
Fixed in 1c6c0ad067b558fcbebd87e8cb51d342d808163e.

Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 24366@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 24366
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help