Network Time Foundation:
---+!! Configuration and Authorization Levels for =ntpd= %TOC% __Related Topics:__ NtpVariablesAndNtpq ---++ Background and History ---++ Analysis %MAINWEB%.BrianUtterback suggests we need to classify operations on data types as follows: * public-read-only * private-read-only * safe-write * unsafe-write ---++ Proposals In the context of prior discussions, safe-write would be any ntpq/ntpdc operation that changes the ntpd state, such as =ntpq -c ":config tos minsane 3"= except those segregated as particularly dangerous, risking not just timekeeping but the system on which it runs, including: <verbatim> ntpq -c "saveconfig /path/to/overwrite" ntpq -c ":config logfile /path/to/appendfile" ntpq -c ":config enable stats" ntpq -c ":config filegen ..."</verbatim> -- Users.DaveHart - 16 Sep 2009 Do we need a table of =ntpq= and =ntpdc= directives and state which category they fall under? -- Users.HarlanStenn - 16 Sep 2009 ntp-dev-4.2.5p217 addresses these issues by disabling =saveconfig= by default unless there is a =saveconfigdir= configured in ntp.conf. Further, the following ntp.conf knobs are rejected from remote configuration: <verbatim> logfile enable stats statsdir saveconfigdir </verbatim> =filegen= (except =filegen= ... =enable= and =disable=) -- Users.DaveHart - 20 Sep 2009
This topic: Dev
Topic revision: r5 - 2018-04-28 - 09:57:44 -
Copyright &© 1999-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site?