GNU bug report logs - #24366
ntpd cannot write to its drift file.

Previous Next

Package: guix;

Reported by: John Darrington <john <at> darrington.wattle.id.au>

Date: Sun, 4 Sep 2016 17:47:01 UTC

Severity: normal

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 24366 in the body.
You can then email your comments to 24366 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#24366; Package guix. (Sun, 04 Sep 2016 17:47:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to John Darrington <john <at> darrington.wattle.id.au>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Sun, 04 Sep 2016 17:47:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: John Darrington <john <at> darrington.wattle.id.au>
To: bug-guix <at> gnu.org
Subject: ntpd cannot write to its drift file.
Date: Sun, 4 Sep 2016 19:45:47 +0200

[Message part 1 (text/plain, inline)]
Running the ntpd service I see lots of messages in /var/log/messages like:

Sep  4 13:02:21 localhost ntpd[302]: frequency file /var/run/ntp.drift.TEMP: Permission denied

J'


-- 
Avoid eavesdropping.  Send strong encryted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#24366; Package guix. (Sun, 04 Sep 2016 20:23:02 GMT) Full text and rfc822 format available.

Message #8 received at 24366 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: John Darrington <john <at> darrington.wattle.id.au>
Cc: 24366 <at> debbugs.gnu.org
Subject: Re: bug#24366: ntpd cannot write to its drift file.
Date: Sun, 4 Sep 2016 16:22:09 -0400

[Message part 1 (text/plain, inline)]
On Sun, Sep 04, 2016 at 07:45:47PM +0200, John Darrington wrote:
> Running the ntpd service I see lots of messages in /var/log/messages like:
> 
> Sep  4 13:02:21 localhost ntpd[302]: frequency file /var/run/ntp.drift.TEMP: Permission denied

Can the user that runs ntpd write to that directory?

Is there a build time configuration that we should tweak?

[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#24366; Package guix. (Sun, 04 Sep 2016 20:25:01 GMT) Full text and rfc822 format available.

Message #11 received at 24366 <at> debbugs.gnu.org (full text, mbox):

From: John Darrington <john <at> darrington.wattle.id.au>
To: Leo Famulari <leo <at> famulari.name>
Cc: 24366 <at> debbugs.gnu.org, John Darrington <john <at> darrington.wattle.id.au>
Subject: Re: bug#24366: ntpd cannot write to its drift file.
Date: Sun, 4 Sep 2016 22:24:54 +0200

[Message part 1 (text/plain, inline)]
On Sun, Sep 04, 2016 at 04:22:09PM -0400, Leo Famulari wrote:
     On Sun, Sep 04, 2016 at 07:45:47PM +0200, John Darrington wrote:
     > Running the ntpd service I see lots of messages in /var/log/messages like:
     > 
     > Sep  4 13:02:21 localhost ntpd[302]: frequency file /var/run/ntp.drift.TEMP: Permission denied
     
     Can the user that runs ntpd write to that directory?

No.  ntpd runs as its own user.  /var/run is owned by root.
     
     Is there a build time configuration that we should tweak?

Not that I'm aware of.

J'


-- 
Avoid eavesdropping.  Send strong encryted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#24366; Package guix. (Sun, 04 Sep 2016 20:44:01 GMT) Full text and rfc822 format available.

Message #14 received at 24366 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: John Darrington <john <at> darrington.wattle.id.au>
Cc: 24366 <at> debbugs.gnu.org
Subject: Re: bug#24366: ntpd cannot write to its drift file.
Date: Sun, 4 Sep 2016 16:43:53 -0400

[Message part 1 (text/plain, inline)]
On Sun, Sep 04, 2016 at 10:24:54PM +0200, John Darrington wrote:
> On Sun, Sep 04, 2016 at 04:22:09PM -0400, Leo Famulari wrote:
>      On Sun, Sep 04, 2016 at 07:45:47PM +0200, John Darrington wrote:
>      > Running the ntpd service I see lots of messages in /var/log/messages like:
>      > 
>      > Sep  4 13:02:21 localhost ntpd[302]: frequency file /var/run/ntp.drift.TEMP: Permission denied
>      
>      Can the user that runs ntpd write to that directory?
> 
> No.  ntpd runs as its own user.  /var/run is owned by root.
>      
>      Is there a build time configuration that we should tweak?
> 
> Not that I'm aware of.

Hm, how do other distros avoid this problem?

[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#24366; Package guix. (Sun, 04 Sep 2016 21:13:01 GMT) Full text and rfc822 format available.

Message #17 received at 24366 <at> debbugs.gnu.org (full text, mbox):

From: John Darrington <john <at> darrington.wattle.id.au>
To: Leo Famulari <leo <at> famulari.name>
Cc: 24366 <at> debbugs.gnu.org, John Darrington <john <at> darrington.wattle.id.au>
Subject: Re: bug#24366: ntpd cannot write to its drift file.
Date: Sun, 4 Sep 2016 23:12:15 +0200

[Message part 1 (text/plain, inline)]
On Sun, Sep 04, 2016 at 04:43:53PM -0400, Leo Famulari wrote:
     On Sun, Sep 04, 2016 at 10:24:54PM +0200, John Darrington wrote:
     > On Sun, Sep 04, 2016 at 04:22:09PM -0400, Leo Famulari wrote:
     >      On Sun, Sep 04, 2016 at 07:45:47PM +0200, John Darrington wrote:
     >      > Running the ntpd service I see lots of messages in /var/log/messages like:
     >      > 
     >      > Sep  4 13:02:21 localhost ntpd[302]: frequency file /var/run/ntp.drift.TEMP: Permission denied
     >      
     >      Can the user that runs ntpd write to that directory?
     > 
     > No.  ntpd runs as its own user.  /var/run is owned by root.
     >      
     >      Is there a build time configuration that we should tweak?
     > 
     > Not that I'm aware of.
     
     Hm, how do other distros avoid this problem?

Well the obvious way would be to use a directory which is owned by the ntpd user.

J'



-- 
Avoid eavesdropping.  Send strong encryted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#24366; Package guix. (Tue, 06 Sep 2016 19:07:01 GMT) Full text and rfc822 format available.

Message #20 received at 24366 <at> debbugs.gnu.org (full text, mbox):

From: John Darrington <jmd <at> gnu.org>
To: 24366 <at> debbugs.gnu.org
Cc: John Darrington <jmd <at> gnu.org>
Subject: [PATCH] gnu: Use a directory owned by ntpd user for drift file.
Date: Tue,  6 Sep 2016 21:05:21 +0200

I think this fixes the problem.  What do you think?


* gnu/services/networking.scm (ntp-shepherd-service): Create new
directory at startup.
---
 gnu/services/networking.scm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 71f49a0..714dc80 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -271,8 +271,11 @@ Protocol (DHCP) client, on all the non-loopback network interfaces."
     (($ <ntp-configuration> ntp servers)
      (let ()
        ;; TODO: Add authentication support.
+       (define %user
+         (getpw "ntpd"))
+
        (define config
-         (string-append "driftfile /var/run/ntp.drift\n"
+         (string-append "driftfile /var/run/ntpd/ntp.drift\n"
                         (string-join (map (cut string-append "server " <>)
                                           servers)
                                      "\n")
@@ -294,6 +297,8 @@ restrict -6 ::1\n"))
               (documentation "Run the Network Time Protocol (NTP) daemon.")
               (requirement '(user-processes networking))
               (start #~(make-forkexec-constructor
+                        (mkdir-p "/var/run/ntpd")
+                        (chown "/var/run/nptd"  (passwd:uid %user) (passwd:gid %user))
                         (list (string-append #$ntp "/bin/ntpd") "-n"
                               "-c" #$ntpd.conf "-u" "ntpd")))
               (stop #~(make-kill-destructor))))))))
-- 
2.1.4
Reply sent to ludo <at> gnu.org (Ludovic Courtès):
You have taken responsibility. (Fri, 09 Sep 2016 14:28:02 GMT) Full text and rfc822 format available.
Notification sent to John Darrington <john <at> darrington.wattle.id.au>:
bug acknowledged by developer. (Fri, 09 Sep 2016 14:28:02 GMT) Full text and rfc822 format available.

Message #25 received at 24366-done <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: John Darrington <jmd <at> gnu.org>
Cc: 24366-done <at> debbugs.gnu.org
Subject: Re: bug#24366: [PATCH] gnu: Use a directory owned by ntpd user for
 drift file.
Date: Fri, 09 Sep 2016 16:26:50 +0200

Fixed in 1c6c0ad067b558fcbebd87e8cb51d342d808163e.

Ludo’.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 08 Oct 2016 11:24:03 GMT) Full text and rfc822 format available.
This bug report was last modified 7 years and 194 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.