File: INSTALL

package info (click to toggle)
openntpd 1:6.0p1-2
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 2,212 kB
  • ctags: 1,294
  • sloc: sh: 11,521; ansic: 10,305; yacc: 663; makefile: 303
file content (131 lines) | stat: -rw-r--r-- 4,535 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
1. Prerequisites
----------------

You will need an entropy (randomness) source.  If your OS has arc4random or
getentropy then that is ideal. Otherwise, you can use the builtin arc4random
implementation or the one built into LibreSSL.

2. Building / Installation
--------------------------

If you have checked this source using Git, follow these initial steps to
prepare the source tree for building:

 1. ensure you have the following packages installed:
      automake, autoconf, git, libtool
 2. run './autogen.sh' to prepare the source tree for building
    or run './dist.sh' to prepare a tarball.

To install OpenNTPD with default options:

./configure
make
make install

This will install the OpenNTPD binary in /usr/local/sbin, configuration
files in /usr/local/etc. To specify a different installation prefix,
use the --prefix option to configure:

./configure --prefix=/opt
make
make install

Will install OpenNTPD in /opt/{etc,sbin}. You can also override
specific paths, for example:

./configure --prefix=/opt --sysconfdir=/etc/ntp
make
make install

This will install the binaries in /opt/sbin, but will place the
configuration files in /etc/ntp.

OpenNTPD always uses Privilege Separation (ie the majority of the
processing is done as a chroot'ed, unprivileged user).

This requires that a user, group and directory to be created for it.
The user should not be permitted to log in, and its home directory
should be owned by root and be mode 755.

If you do "make install", the Makefile will create the directory with
the correct permissions and will prompt you for the rest if required.
If, however, you need to perform all of these tasks yourself (eg if you
are moving the built binaries to another system) then you will need to
do something like the following (although the exact commands required
for creating the user and group are system dependant):

On most Linux and BSD systems, something like should work:

 groupadd _ntp
 useradd -g _ntp -s /sbin/nologin -d /var/empty -c 'OpenNTP daemon' _ntp
 mkdir -p /var/empty
 chown 0 /var/empty
 chgrp 0 /var/empty
 chmod 0755 /var/empty

/var/empty here is a chroot directory used by ntpd for privilege separation of
the DNS and NTP processes. This directory should not contain any files, must be
owned by root, and must not be group or world-writable.

NOTE:
If you installed a previous OpenNTPD release and created a /var/empty/ntp
directory, please delete the /var/empty/ntp directory and adjust the _ntp
user's home directory to point to /var/empty instead.

This is important because, if you have any other daemons that also use
/var/empty as a home directory, they will all have an empty privilege
separation directory.

As of OS X 10.10, something like this should work similarly
(thanks to jasper@ for suggesting)

 dscl . create /Users/_ntp
 dscl . create /Users/_ntp UserShell /sbin/nologin
# Prevent user from showing up on the login screen
 dscl . delete /Users/_ntp AuthenticationAuthority
# Arbitrarily chosen UID that was free
 dscl . create /Users/_ntp UniqueID 400
 dscl . create /Users/_ntp PrimaryGroupID 400
 dscl . create /Users/_ntp RealName "OpenNTPD user"
 dseditgroup -o create _ntp
 dscl . append /Groups/_ntp GroupMembership _ntp

There are a few options to the configure script in addition to the ones
provided by autoconf itself:

--with-privsep-user=[user]
	Specify unprivileged user used for privilege separation.  The default
	is "_ntp".

--with-privsep-path=path
	ntpd will always use the home directory of the privsep user
	to chroot to, but specifying this parameter will change the
	post-installation checks and instructions to match the specified path.

--with-cacert=[path]
	Specify the CA certificate location for HTTPS constraint validation.
	Defaults to /etc/ssl/certs/ca-certificates.crt

If you need to pass special options to the compiler or linker, you
can specify these as environment variables before running ./configure.
For example:

CFLAGS="-O2 " LDFLAGS="-s" ./configure


3. Configuration
----------------

The runtime configuration files are installed by in ${prefix}/etc or
whatever you specified as your --sysconfdir (/usr/local/etc by default).

If no configuration file exists, the default one is used.  The default
configuration file uses a selection of publicly accessible "pool" servers
(see http://support.ntp.org/bin/view/Servers/NTPPoolServers)


4. Problems?
------------

If you experience problems compiling, installing or running OpenNTPD,
please report the problem to the address in the README file.