Installation of ntp
There should be a dedicated user and group to take control of the
ntpd daemon after it
is started. Issue the following commands as the root
user:
groupadd -g 87 ntp &&
useradd -c "Network Time Protocol" -d /var/lib/ntp -u 87 \
-g ntp -s /bin/false ntp
The update-leap
command needs to be fixed in order to run properly:
sed -e 's/"(\\S+)"/"?([^\\s"]+)"?/' \
-i scripts/update-leap/update-leap.in
Now fix an issue introduced with glibc-2.34:
sed -e 's/#ifndef __sun/#if !defined(__sun) \&\& !defined(__GLIBC__)/' \
-i libntp/work_thread.c
Install ntp by running the
following commands:
./configure --prefix=/usr \
--bindir=/usr/sbin \
--sysconfdir=/etc \
--enable-linuxcaps \
--with-lineeditlibs=readline \
--docdir=/usr/share/doc/ntp-4.2.8p17 &&
make
To test the results, issue: make
check.
Now, as the root
user:
make install &&
install -v -o ntp -g ntp -d /var/lib/ntp
Command Explanations
CFLAGS="-O2 -g -fPIC"
: This environment
variable is necessary to generate Position Independent Code needed
for use in the package libraries.
--bindir=/usr/sbin
: This
parameter places the administrative programs in /usr/sbin
.
--enable-linuxcaps
: ntpd is
run as user ntp, so use Linux capabilities for non-root clock
control.
--with-lineeditlibs=readline
: This
switch enables Readline support
for ntpdc and
ntpq programs. If
omitted, libedit will be used if
installed, otherwise no readline capabilities will be compiled.
Configuring ntp
Config Files
/etc/ntp.conf
Configuration Information
The following configuration file first defines various ntp
servers with open access from different continents. Second, it
creates a drift file where ntpd stores the frequency
offset and a pid file to store the ntpd process ID. Third, it
defines the location for the leap-second definition file
/etc/ntp.leapseconds
, that the
update-leap script
checks and updates, when necessary. This script can be run as a
cron job and the ntp developers
recommend a frequency of about three weeks for the updates. Since
the documentation included with the package is sparse, visit the
ntp website at https://www.ntp.org/ and https://www.ntppool.org/ for more
information.
cat > /etc/ntp.conf << "EOF"
# Asia
server 0.asia.pool.ntp.org
# Australia
server 0.oceania.pool.ntp.org
# Europe
server 0.europe.pool.ntp.org
# North America
server 0.north-america.pool.ntp.org
# South America
server 2.south-america.pool.ntp.org
driftfile /var/lib/ntp/ntp.drift
pidfile /run/ntpd.pid
leapfile /var/lib/ntp/ntp.leapseconds
EOF
You may wish to add a “Security session”. For explanations,
see
https://www.eecis.udel.edu/~mills/ntp/html/accopt.html#restrict.
cat >> /etc/ntp.conf << "EOF"
# Security session
restrict default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
EOF
Synchronizing the Time
There are two options. Option one is to run ntpd continuously and allow it
to synchronize the time in a gradual manner. The other option is
to run ntpd
periodically (using cron) and update the time each time
ntpd is scheduled.
If you choose Option one, then install the ntpd.service
unit
included in the blfs-systemd-units-20230816 package.
make install-ntpd
If you prefer to run ntpd periodically, add the
following command to root
's
crontab
:
ntpd -q