Feature request for dropping privileges #1779
Replies: 1 comment
-
The server actually doesn't need root, even for binding to a port < 1024. In fact, our default systemd unit file already contains the Completely dropping to an unprivileged user is not the easy solution it might seem, as the NTP client still needs to adjust the clock, and needs the |
Beta Was this translation helpful? Give feedback.
-
Currently, as far as I can see,
ntp-daemon
does not have the ability to drop privileges after startup, that is, it can't change it's UID. In the example systemd service files,ntp-daemon
is started as an unprivileged user, which is fine for operation as a NTP client. However, when creating a NTP server, the software needs to start as root in order to open the server socket. Afterwards, it would be desirable, if it couldsetresuid()
to an unprivileged user that is specified in the configuration file.Is that a planned feature for the near future?
Beta Was this translation helpful? Give feedback.
All reactions