Date: Sat, 24 Oct 1998 16:06:30 -0400 From: "Allen Smith" <easmith@beatrice.rutgers.edu> To: David Greenman <dg@root.com>, Studded <Studded@gorean.org> Cc: Randy Bush <randy@psg.com>, Marc Gutschner <Marc.Gutschner@triplan.com>, freebsd-stable@FreeBSD.ORG Subject: Re: Is 'xntpd' broken in -stable? Message-ID: <9810241606.ZM2203@beatrice.rutgers.edu> In-Reply-To: David Greenman <dg@root.com> "Re: Is 'xntpd' broken in -stable?" (Oct 9, 5:32pm) References: <199810091927.MAA14061@implode.root.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 9, 5:32pm, David Greenman (possibly) wrote: > >> > issue an 'ntpdate whatever.your.primary.time.host.is' then you should be > >> > able to start xntpd. > >> > >> Oct 9 10:56:57 rip ntpdate: Can't set time of day: Operation not permitted > > > > Hmmm.. that looks like you weren't root at the time. Make sure that > >you're root, that there is no ntp/xntpd server running, and type: > > > >ntpdate ucsd.ucsd.edu > > > > That should get it. If it doesn't, something is dreadfully wrong. > > I think Randy's question is: Does xntpd work when securelevel == > 2? The answer is "sort of". With securelevel > 1 you can only > speed up or slow down the clock via adjtime(); the system will > not let you set the time backwards (e.g. with settimeofday). This > is a security feature which prevents people from changing the > time of day, touching a file, and then setting it back (and thus > allow you to reset the inode change time into the past). This > restriction was adopted from NetBSD in rev 1.23 of > sys/kern/kern_time.c. I've checked with Dave Mills on this issue, and there's an option (-x, which is unfortunately not in the help files) in ntpd (as opposed to xntpd, which is about as obsolete/nonsupported as FreeBSD-1.x) to block attempting to set the clock back via a jump (as opposed to adjtime or ntp_adjtime). As long as the kernel and hardware clock are working properly, jumps far enough back to need an actual reset shouldn't be happening except at reboot (which is when ntpdate should be used, probably prior to setting securelevel to 2). -Allen -- Allen Smith easmith@beatrice.rutgers.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9810241606.ZM2203>