In the past the ntpdate offset was always near -1 second (per the System log for NTP). During this time the NTP Configuration Synchronization was set to every 12 hours.
I found after I upgraded from Core 120 to Core 122 my NTP offset increased from a few seconds to about 12 seconds. Not a big deal but I was curious.
I wondered why the offset changed and started to dig around. Yes, I have too much time on my hands! And no "time" pun was intended!
I noticed the NTP drift, located at /etc/ntp/drift, was always set to 0.000. And the modification time of the /etc/ntp/drift file was changing.
In my /etc/ntp.conf file:
Code: Select all
[root@ipfire ~]# cat /etc/ntp.conf
disable monitor
restrict default nomodify noquery
server 127.127.1.0 prefer
fudge 127.127.1.0 stratum 10
driftfile /etc/ntp/drift
Code: Select all
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
Code: Select all
[root@ipfire etc]# cat /etc/ntp.conf
disable monitor
restrict default nomodify noquery
server 0.us.pool.ntp.org prefer
server 1.us.pool.ntp.org
server 127.127.1.0
fudge 127.127.1.0 stratum 10
driftfile /etc/ntp/drift
Code: Select all
/etc/rc.d/init.d/ntp restart
During my hunt I also found there is an ntp user and an ntp group.
Code: Select all
[root@ipfire etc]# getent passwd | grep -ie ntp -e root
root:x:0:0:root:/root:/bin/bash
ntp:x:38:38::/etc/ntp:/bin/false
Code: Select all
[root@ipfire etc]# ps -ef | grep -v grep | grep -i ntp
root 29497 1 0 14:46 ? 00:00:00 /usr/bin/ntpd -Ap /var/run/ntpd.pid
After all that my questions are:
- Within /etc/ntp.conf, was server 127.127.1.0 prefer done for security? I am reluctant to change lines if this creates a security issue.
- Should ntpd be run as ntp and not under as root? And if not, should user ntp and group ntp be removed?