|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| MAC_NTPD(4) | FreeBSD Kernel Interfaces Manual | MAC_NTPD(4) |
NAME
mac_ntpd —
SYNOPSIS
To compile the ntpd policy into your kernel, place the following lines in your kernel configuration file:options MAC
options MAC_NTPDAlternately, to load the ntpd policy module at boot time, place the following line in your kernel configuration file:
options MACand in loader.conf(5):
mac_ntpd_load="YES"
DESCRIPTION
Themac_ntpd policy grants any process running as user
‘ntpd’ (uid 123) the privileges needed to manipulate system
time, and to (re-)bind to the privileged NTP port.
When
ntpd(8)
is started with ‘-u
<user>[:group]’ on the command line, it
performs all initializations requiring root privileges, then drops root
privileges by switching to the given user id. From that point on, the only
privileges it requires are the ability to manipulate system time, and the
ability to re-bind a UDP socket to the NTP port (port 123) after a network
interface change.
With the mac_ntpd policy active, it may
also be possible to start ntpd as a non-root user, because the default ntpd
options don't require any additional root privileges beyond those granted by
the policy.
Privileges Granted
The exact set of kernel privileges granted to any process running with the configured uid is:Runtime Configuration
The following sysctl(8) MIBs are available for fine-tuning this MAC policy. All sysctl(8) variables can also be set as loader(8) tunables in loader.conf(5).- security.mac.ntpd.enabled
- Enable the
mac_ntpdpolicy. (Default: 1). - security.mac.ntpd.uid
- The numeric uid of the ntpd user. (Default: 123).
SEE ALSO
mac(4), ntpd(8)HISTORY
MAC first appeared in FreeBSD 5.0 andmac_ntpd first appeared in FreeBSD
12.0.
| July 20, 2018 | FreeBSD 13.1-RELEASE |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.