10 Dec 04:29:01 ntpd[13537]: cap_set_proc() failed to drop root privileges: Operation not permitted 10 Dec 04:36:08 ntpd[15553]: cap_set_proc() failed to drop root privileges: Operation not permitted 10 Dec 23:57:25 ntpd[18455]: cap_set_proc() failed to drop root privileges: Operation not permitted Checked on google, questions, but no answers. I can start ntpd from the command line, but it does nothing, but the logs shows 10 Dec 01:20:30 ntpd[3119]: sendto(193.25.198.254): Bad file descriptor 10 Dec 01:21:14 ntpd[3127]: logging to file /var/log/ntp 10 Dec 01:21:14 ntpd[3127]: ntpd 4.2.0a@1.1190-r Sat Oct 2 01:41:25 UTC 2004 (1) 10 Dec 01:21:14 ntpd[3127]: precision = 3.000 usec 10 Dec 01:21:14 ntpd[3127]: Listening on interface wildcard, 0.0.0.0#123 10 Dec 01:21:14 ntpd[3127]: Listening on interface wildcard, ::#123 10 Dec 01:21:14 ntpd[3127]: Listening on interface lo, 127.0.0.1#123 10 Dec 01:21:14 ntpd[3127]: Listening on interface eth0, 192.168.10.1#123 10 Dec 01:21:14 ntpd[3127]: Listening on interface eth2, 10.10.10.1#123 10 Dec 01:21:14 ntpd[3127]: kernel time sync status 0040 # chkconfig -l xntpd xntpd 0:off 1:off 2:on 3:on 4:off 5:on 6:off My servers are all setup and they also work with rdate. All my other boxes, SuSE 9.2 x86 on the laptop, x86_64 laptop, Mandrake box gentoo box it's fine. Any clues? Regards Sid. -- Sid Boyce .... Hamradio G3VBV and keen Flyer =====LINUX ONLY USED HERE=====
Sid Boyce wrote:
10 Dec 04:29:01 ntpd[13537]: cap_set_proc() failed to drop root privileges: Operation not permitted 10 Dec 04:36:08 ntpd[15553]: cap_set_proc() failed to drop root privileges: Operation not permitted 10 Dec 23:57:25 ntpd[18455]: cap_set_proc() failed to drop root privileges: Operation not permitted
Checked on google, questions, but no answers. Any clues?
I believe it is related to the change in the 2.6.8 kernel. This happened to me when I ran 2.6.9 with 9.1. I found out there is a capability module which if loaded allowed xntpd (and bind) to work, but I couldn't figure out how it is supposed to load, so I compiled it into the kernel and no more problems. It is the same change that affected cdrecord. -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Registered Linux user 231871
Joe Morris (NTM) wrote:
Sid Boyce wrote:
10 Dec 04:29:01 ntpd[13537]: cap_set_proc() failed to drop root privileges: Operation not permitted 10 Dec 04:36:08 ntpd[15553]: cap_set_proc() failed to drop root privileges: Operation not permitted 10 Dec 23:57:25 ntpd[18455]: cap_set_proc() failed to drop root privileges: Operation not permitted
Checked on google, questions, but no answers. Any clues?
I believe it is related to the change in the 2.6.8 kernel. This happened to me when I ran 2.6.9 with 9.1. I found out there is a capability module which if loaded allowed xntpd (and bind) to work, but I couldn't figure out how it is supposed to load, so I compiled it into the kernel and no more problems. It is the same change that affected cdrecord.
This box and the x86_64 laptop are both running 2.6.10-rc3, the laptop is fine. The config files are the same on this box and the other laptop which currently is running the SuSE 2.6.4-24.default. Regards Sid. -- Sid Boyce .... Hamradio G3VBV and keen Flyer =====LINUX ONLY USED HERE=====
Sid Boyce wrote:
Joe Morris (NTM) wrote:
Sid Boyce wrote:
10 Dec 04:29:01 ntpd[13537]: cap_set_proc() failed to drop root privileges: Operation not permitted 10 Dec 04:36:08 ntpd[15553]: cap_set_proc() failed to drop root privileges: Operation not permitted 10 Dec 23:57:25 ntpd[18455]: cap_set_proc() failed to drop root privileges: Operation not permitted
Checked on google, questions, but no answers. Any clues?
I believe it is related to the change in the 2.6.8 kernel. This happened to me when I ran 2.6.9 with 9.1. I found out there is a capability module which if loaded allowed xntpd (and bind) to work, but I couldn't figure out how it is supposed to load, so I compiled it into the kernel and no more problems. It is the same change that affected cdrecord.
This box and the x86_64 laptop are both running 2.6.10-rc3, the laptop is fine. The config files are the same on this box and the other laptop which currently is running the SuSE 2.6.4-24.default. Regards Sid.
Changing XNTPD_OPTIONS="-u ntp" to XNTPD_OPTIONS="" fixed it. Hmmmmm......there is a user ntp though, whether it needed a password set ????? Regards Sid. -- Sid Boyce .... Hamradio G3VBV and keen Flyer =====LINUX ONLY USED HERE=====
Sid Boyce wrote:
Changing XNTPD_OPTIONS="-u ntp" to XNTPD_OPTIONS="" fixed it.
Which probably changes the user to root instead of ntp.
Hmmmmm......there is a user ntp though, whether it needed a password set ?????
Did you have capability compiled as a module or in the kernel? Does it work if you modprobe capability before starting xntpd (if it is a module)? I suspect the difference is a suse patch to the kernel on the laptop, and the kernel.org kernel on this box, with the capability code, which I believe handles these privileged processes access to these secure kernel capabilities. YMMV. -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Registered Linux user 231871
Joe Morris (NTM) wrote:
Sid Boyce wrote:
Changing XNTPD_OPTIONS="-u ntp" to XNTPD_OPTIONS="" fixed it.
Which probably changes the user to root instead of ntp.
Hmmmmm......there is a user ntp though, whether it needed a password set ?????
Did you have capability compiled as a module or in the kernel? Does it work if you modprobe capability before starting xntpd (if it is a module)? I suspect the difference is a suse patch to the kernel on the laptop, and the kernel.org kernel on this box, with the capability code, which I believe handles these privileged processes access to these secure kernel capabilities. YMMV.
Thanks a bunch, that was it. The laptop has it compiled in and it is a module and this box has it as a module. I had been reading up on capabilities, grepped the .config for CAPABILITIES, but must have mis-spelled it. Regards Sid. -- Sid Boyce .... Hamradio G3VBV and keen Flyer =====LINUX ONLY USED HERE=====
participants (2)
-
Joe Morris (NTM)
-
Sid Boyce