talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixos/ntpd: fix permissions error when creating drift file

Browse Source 
This fixes "frequency file /var/lib/ntp/ntp.drift.TEMP: Permission denied".

Creating a directory via StateDirectory makes that directory /var/lib/ntp owned by root:root.
However, when running ntpd we change to user ntp (see ntpFlags), so the process cannot
actually use that directory.

Actually creating a home directory for the user at that location solves that problem.
This commit is contained in:
Stefan Frijters 2024-12-21 11:17:28 +01:00 committed by Austin Seipp
parent 6055456974
commit 31942f20f4
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/networking/ntp/ntpd.nix
View File

@ -142,6 +142,7 @@ in
group = "ntp"; group = "ntp";
description = "NTP daemon user"; description = "NTP daemon user";
home = "/var/lib/ntp"; home = "/var/lib/ntp";
createHome = true;
}; };
users.groups.ntp = { }; users.groups.ntp = { };
@ -155,7 +156,6 @@ in
serviceConfig = { serviceConfig = {
ExecStart = "@${ntp}/bin/ntpd ntpd -g ${builtins.toString ntpFlags}"; ExecStart = "@${ntp}/bin/ntpd ntpd -g ${builtins.toString ntpFlags}";
Type = "forking"; Type = "forking";
StateDirectory = "ntp";
# Hardening options # Hardening options
PrivateDevices = true; PrivateDevices = true;

2
nixos/tests/ntpd.nix
View File

@ -20,6 +20,8 @@ import ./make-test-python.nix (
machine.wait_for_console_text('Listen normally on 10 eth*') machine.wait_for_console_text('Listen normally on 10 eth*')
machine.succeed('systemctl is-active ntpd.service') machine.succeed('systemctl is-active ntpd.service')
machine.succeed('ntpq -p') machine.succeed('ntpq -p')
# ntp user must be able to create drift files
machine.succeed('su -s /bin/sh -c "touch /var/lib/ntp/ntp.drift" ntp')
''; '';
} }
) )