Ntp
net-misc/ntp [[Article description::is a suite of tools utilizing Network Time Protocol. Their purpose is to keep the system clock in time.]]
Installation
USE flags
USE flags for net-misc/ntp Network Time Protocol suite/programs
caps
|
Use Linux capabilities library to control privilege |
debug
|
Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces |
ipv6
|
Add support for IP version 6 |
libressl
|
Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl useflag) |
openntpd
|
Allow ntp to be installed alongside openntpd |
parse-clocks
|
Add support for PARSE clocks |
readline
|
Enable support for libreadline, a GNU line-editing library that almost everyone wants |
samba
|
Provide support for Samba's signing daemon (needed for Active Directory domain controllers) |
selinux
|
!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur |
snmp
|
Add support for the Simple Network Management Protocol if available |
ssl
|
Add support for SSL/TLS connections (Secure Socket Layer / Transport Layer Security) |
threads
|
Add threads support for various packages. Usually pthreads |
vim-syntax
|
Pulls in related vim syntax scripts |
zeroconf
|
Support for DNS Service Discovery (DNS-SD) |
Emerge
Install the suite of NTP programs:
root #emerge --ask net-misc/ntpConfiguration
Ntp-client
The service ntp-client is used for one-time sync, usually during bootup. Its purpose is to help with the ntpd startup, as ntpd initially waits before attempting to correct the clock skew, and may even refuse to do so if the skew is too large.
Starting the ntp-client service will run the sync only once. It is then expected that ntpd is used for maintaining the time until the next reboot.
During boot, ntp-client service will run before ntpd service. It's safe to have both in the same (default) runlevel.
Upstream servers
To adjust ntp-client's command and upstream servers, edit the ntp-client configuration file. The default configuration is populated with:
/etc/conf.d/ntp-client<syntaxhighlight lang="bash">NTPCLIENT_CMD="ntpdate" NTPCLIENT_OPTS="-s -b -u \ 0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org \ 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"</syntaxhighlight>
Usage
To run the ntp-client:
root #rc-service ntp-client startTo have the ntp-client run at boot:
root #rc-update add ntp-client defaultTo run the ntpdate command manually:
root #ntpdate -b -u 0.gentoo.pool.ntp.orgNtpd
Upstream servers
In /etc/ntp.conf the servers that will be used to synchronize the local time for ntpd can be specified. The default configuration is populated with:
/etc/ntp.confserver 0.gentoo.pool.ntp.org server 1.gentoo.pool.ntp.org server 2.gentoo.pool.ntp.org server 3.gentoo.pool.ntp.org
Time zones and location of the server do not matter for NTP; it synchronizes via UTC.
By default the configuration uses the Gentoo NTP servers. A list of available servers can be found on ntp.org. A private server can also be used.
Network not always available?
On systems where a network connection is not always available at boot (laptops, etc.), it might help to add the following lines to server configuration:
/etc/ntp.confserver 127.127.1.0 fudge 127.127.1.0 stratum 10
This sets localhost as a server with low priority, so that the daemon starts properly even without a network connection and switches to using network servers when a connection is established.
Permissions
Permission are used to control who is allowed to synchronize or change permissions.
To enable time syncing, the ntpd server must be reachable by the other ntp services. noserve can be used for blocking.
To prevent other machines from reconfiguring your server, use nomodify.
To prevent your server from being used in Denial of Service attacks, use noquery.
/etc/ntp.conf# Default configuration: # - Allow only time queries, at a limited rate, sending KoD when in excess. restrict default nomodify nopeer noquery limited kod restrict 127.0.0.1
Access to NTP service allowed only from the 192.0.2.0/24 network:
/etc/ntp.conf# To allow machines within the local network to synchronize # their clocks with this server, but ensure they are # not allowed to configure the server or used as peers # to synchronize against restrict 192.0.2.0 mask 255.255.255.0 nomodify nopeer notrap
To deny access to monlist functionality, used for querying traffic stats, but which may also be exploited in a Denial of Service attack:
/etc/ntp.confdisable monitor
Usage
To start the ntpd service:
root #rc-service ntpd startTo have the ntpd service start at boot:
root #rc-update add ntpd defaultTo monitor status of the ntpd service:
root #rc-service ntpd status
See also
- Chrony — a versatile implementation of the Network Time Protocol (NTP).
- OpenNTPD — a lightweight NTP server ported from OpenBSD.
- Network Time Protocol — is used to synchronize the system time with other devices over the network.
- System time — is used in Unix systems to keep track of time.
- Home router — how to turn an old Gentoo machine into a router for connecting a home network to the Internet.