|
1. Prerequisites
|
|
----------------
|
|
|
|
You will need an entropy (randomness) source. If your OS has arc4random or
|
|
getentropy then that is ideal. Otherwise, you can use the builtin arc4random
|
|
implementation or the one built into LibreSSL.
|
|
|
|
2. Building / Installation
|
|
--------------------------
|
|
|
|
To install OpenNTPD with default options:
|
|
|
|
./configure
|
|
make
|
|
make install
|
|
|
|
This will install the OpenNTPD binary in /usr/local/sbin, configuration
|
|
files in /usr/local/etc. To specify a different installation prefix,
|
|
use the --prefix option to configure:
|
|
|
|
./configure --prefix=/opt
|
|
make
|
|
make install
|
|
|
|
Will install OpenNTPD in /opt/{etc,sbin}. You can also override
|
|
specific paths, for example:
|
|
|
|
./configure --prefix=/opt --sysconfdir=/etc/ntp
|
|
make
|
|
make install
|
|
|
|
This will install the binaries in /opt/sbin, but will place the
|
|
configuration files in /etc/ntp.
|
|
|
|
OpenNTPD always uses Privilege Separation (ie the majority of the
|
|
processing is done as a chroot'ed, unprivileged user).
|
|
|
|
This requires that a user, group and directory to be created for it.
|
|
The user should not be permitted to log in, and its home directory
|
|
should be owned by root and be mode 755.
|
|
|
|
If you do "make install", the Makefile will create the directory with
|
|
the correct permissions and will prompt you for the rest if required.
|
|
If, however, you need to perform all of these tasks yourself (eg if you
|
|
are moving the built binaries to another system) then you will need to
|
|
do something like the following (although the exact commands required
|
|
for creating the user and group are system dependant):
|
|
|
|
# groupadd _ntp
|
|
# useradd -g _ntp -s /sbin/nologin -d /var/empty/ntp -c 'OpenNTP daemon' _ntp
|
|
# mkdir -p /var/empty/ntp
|
|
# chown 0 /var/empty/ntp
|
|
# chgrp 0 /var/empty/ntp
|
|
# chmod 0755 /var/empty/ntp
|
|
|
|
There are a few options to the configure script in addition to the ones
|
|
provided by autoconf itself:
|
|
|
|
--with-privsep-user=[user]
|
|
Specify unprivileged user used for privilege separation. The default
|
|
is "_ntp".
|
|
|
|
--with-privsep-path=path
|
|
Normally ntpd will always use the home directory of the privsep user
|
|
to chroot to, however use of this option will cause ntpd to always
|
|
use the specified directory.
|
|
|
|
If you need to pass special options to the compiler or linker, you
|
|
can specify these as environment variables before running ./configure.
|
|
For example:
|
|
|
|
CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure
|
|
|
|
|
|
3. Configuration
|
|
----------------
|
|
|
|
The runtime configuration files are installed by in ${prefix}/etc or
|
|
whatever you specified as your --sysconfdir (/usr/local/etc by default).
|
|
|
|
If no configuration file exists, the default one is used. The default
|
|
configuration file uses a selection of publicly accessible "pool" servers
|
|
(see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers).
|
|
|
|
|
|
4. Problems?
|
|
------------
|
|
|
|
If you experience problems compiling, installing or running OpenNTPD,
|
|
please report the problem to the address in the README file.
|