head	1.1;
access;
symbols
	RELENG_8_4:1.1.0.22
	RELENG_9_1_0_RELEASE:1.1
	RELENG_9_1:1.1.0.20
	RELENG_9_1_BP:1.1
	RELENG_8_3_0_RELEASE:1.1
	RELENG_8_3:1.1.0.18
	RELENG_8_3_BP:1.1
	RELENG_9_0_0_RELEASE:1.1
	RELENG_9_0:1.1.0.16
	RELENG_9_0_BP:1.1
	RELENG_9:1.1.0.14
	RELENG_9_BP:1.1
	RELENG_7_4_0_RELEASE:1.1.2.1
	RELENG_8_2_0_RELEASE:1.1
	RELENG_7_4:1.1.2.1.0.8
	RELENG_7_4_BP:1.1.2.1
	RELENG_8_2:1.1.0.12
	RELENG_8_2_BP:1.1
	RELENG_8_1_0_RELEASE:1.1
	RELENG_8_1:1.1.0.10
	RELENG_8_1_BP:1.1
	RELENG_7_3_0_RELEASE:1.1.2.1
	RELENG_7_3:1.1.2.1.0.6
	RELENG_7_3_BP:1.1.2.1
	RELENG_8_0_0_RELEASE:1.1
	RELENG_8_0:1.1.0.8
	RELENG_8_0_BP:1.1
	RELENG_8:1.1.0.6
	RELENG_8_BP:1.1
	RELENG_7_2_0_RELEASE:1.1.2.1
	RELENG_7_2:1.1.2.1.0.4
	RELENG_7_2_BP:1.1.2.1
	RELENG_7_1_0_RELEASE:1.1.2.1
	RELENG_6_4_0_RELEASE:1.1.4.1
	RELENG_7_1:1.1.2.1.0.2
	RELENG_7_1_BP:1.1.2.1
	RELENG_6_4:1.1.4.1.0.2
	RELENG_6_4_BP:1.1.4.1
	RELENG_6:1.1.0.4
	RELENG_7:1.1.0.2;
locks; strict;
comment	@# @;


1.1
date	2008.08.22.15.58.00;	author roberto;	state Exp;
branches
	1.1.2.1
	1.1.4.1
	1.1.22.1;
next	;

1.1.2.1
date	2008.09.03.08.49.07;	author roberto;	state Exp;
branches;
next	;

1.1.4.1
date	2008.09.04.12.49.54;	author roberto;	state Exp;
branches;
next	;

1.1.22.1
date	2008.08.22.15.58.00;	author svnexp;	state dead;
branches;
next	1.1.22.2;

1.1.22.2
date	2013.03.28.13.01.45;	author svnexp;	state Exp;
branches;
next	;


desc
@@


1.1
log
@SVN rev 182007 on 2008-08-22 15:58:00Z by roberto

Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head.  Next commit
will update usr.sbin/ntp to match this.

MFC after:	2 weeks
@
text
@Starting with NetBSD-1.6, it is possible to delegate the system clock 
control to a non root user. This enable running ntpd in a chroot 
jail under a non privilegied UID/GID, using ntpd -i and -u flags.

The delegation is done through the clockctl(4) pseudodevice driver. 
This driver makes privilegied system calls such as ntp_adjtime(2)
available through ioctl(2) on the /dev/clockctl device. If a user
is able to write to /dev/clockctl, then (s)he can control the system 
clock.

In order to use this feature, make sure that:

1) Your kernel is compiled with the following option:
pseudo-device	clockctl
This is true for GENERIC kernels on most ports. Please check 
http://wwW.netbsd.org/Documentation/kernel/
if you need information about building a kernel.

2) You have a ntpd user on your system. Here is the /etc/master.passwd
entry for ntpd user on NetBSD-1.6:
ntpd:*:15:15::0:0:& pseudo-user:/var/chroot/ntpd:/sbin/nologin
And here is the /etc/group entry for group 15:
ntpd:*:15:

3) /dev/clockctl exists and is writtable by user ntpd. Default 
NetBSD-1.6 setting is:
crw-rw----  1 root  ntpd  61, 0 Apr 1  2002 /dev/clockctl
Major device number and date is likely to be different on your system.
If you need to create the device, issue the following command:
cd /dev && ./MAKEDEV clockctl

Here is an example of how to run ntpd chrooted in /var/chroot/ntpd, 
running with ntpd UID and ntpd GID:
ntpd -i /var/chroot/ntpd -u ntpd:ntpd
Note that -i and -u options are enabled at configure time if your 
system supports system clock control by an unprivilegied user. If this
is not the case, then the -i and -u options will not be available.
@


1.1.22.1
log
@file netbsd was added on branch RELENG_8_4 on 2013-03-28 13:01:45 +0000
@
text
@d1 37
@


1.1.22.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 37
Starting with NetBSD-1.6, it is possible to delegate the system clock 
control to a non root user. This enable running ntpd in a chroot 
jail under a non privilegied UID/GID, using ntpd -i and -u flags.

The delegation is done through the clockctl(4) pseudodevice driver. 
This driver makes privilegied system calls such as ntp_adjtime(2)
available through ioctl(2) on the /dev/clockctl device. If a user
is able to write to /dev/clockctl, then (s)he can control the system 
clock.

In order to use this feature, make sure that:

1) Your kernel is compiled with the following option:
pseudo-device	clockctl
This is true for GENERIC kernels on most ports. Please check 
http://wwW.netbsd.org/Documentation/kernel/
if you need information about building a kernel.

2) You have a ntpd user on your system. Here is the /etc/master.passwd
entry for ntpd user on NetBSD-1.6:
ntpd:*:15:15::0:0:& pseudo-user:/var/chroot/ntpd:/sbin/nologin
And here is the /etc/group entry for group 15:
ntpd:*:15:

3) /dev/clockctl exists and is writtable by user ntpd. Default 
NetBSD-1.6 setting is:
crw-rw----  1 root  ntpd  61, 0 Apr 1  2002 /dev/clockctl
Major device number and date is likely to be different on your system.
If you need to create the device, issue the following command:
cd /dev && ./MAKEDEV clockctl

Here is an example of how to run ntpd chrooted in /var/chroot/ntpd, 
running with ntpd UID and ntpd GID:
ntpd -i /var/chroot/ntpd -u ntpd:ntpd
Note that -i and -u options are enabled at configure time if your 
system supports system clock control by an unprivilegied user. If this
is not the case, then the -i and -u options will not be available.
@


1.1.4.1
log
@SVN rev 182752 on 2008-09-04 12:49:54Z by roberto

MFH ntpd 4.2.4p5.

Main difference with the stable/7 merge is that 6.x does not support -lrt and
the corresponding *timer functions.

Approved by:	re (kensmith)
@
text
@@


1.1.2.1
log
@SVN rev 182716 on 2008-09-03 08:49:07Z by roberto

MFH ntpd 4.2.4p5.

Approved by:	re (kensmith)
@
text
@@

