@ -64,8 +64,8 @@ On most Linux and BSD systems, something like should work:
chmod 0755 /var/empty
chmod 0755 /var/empty
/var/empty here is a chroot directory used by ntpd for privilege separation of
/var/empty here is a chroot directory used by ntpd for privilege separation of
the DNS and NTP processes. This directory should be completely empty, owned by
root, and must not be group or world-writable.
the DNS and NTP processes. This directory should not contain any files, must be
owned by root, and must not be group or world-writable.
NOTE:
NOTE:
If you installed a previous OpenNTPD release and created a /var/empty/ntp
If you installed a previous OpenNTPD release and created a /var/empty/ntp
@ -90,13 +90,17 @@ As of OS X 10.10, something like this should work similarly
dseditgroup -o create _ntp
dseditgroup -o create _ntp
dscl . append /Groups/_ntp GroupMembership _ntp
dscl . append /Groups/_ntp GroupMembership _ntp
There are few options to the configure script in addition to the ones
There are a few options to the configure script in addition to the ones
provided by autoconf itself:
provided by autoconf itself:
--with-privsep-user=[user]
--with-privsep-user=[user]
Specify unprivileged user used for privilege separation. The default
Specify unprivileged user used for privilege separation. The default
is "_ntp". The home directory of this user will be used for privilege
separation.
is "_ntp".
--with-privsep-path=path
ntpd will always use the home directory of the privsep user
to chroot to, but specifying this parameter will change the
post-installation checks and instructions to match the specified path.
--with-cacert=[path]
--with-cacert=[path]
Specify the CA certificate location for HTTPS constraint validation.
Specify the CA certificate location for HTTPS constraint validation.