 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 2000-04-28 at 14:14 -0400, David Kramer wrote: > On Fri, 28 Apr 2000, Mike Bilow wrote: > > > You may need the "-u" switch when invoking the "ntpdate" program. > > > > -- Mike > > > Thanks. That did it. The -u flag was not mentioned in the ntpdate --help > output, and no man pages were installed with it, but I just found the html > documentatsion, which I will study closer. > > Would there be a way to set up ipchains to allow it through without the -u > flag? I guess it's not that important if it's working; I jsut have thins > thing about implementing clean fixes, and understanding them. No man pages come with the NTP tools. Some distributions add these, but they are not official. Debian, for example, has a formal policy that all executables must have a man page, so Debian provides a man page that refers you to the HTML documentation which is put in /usr/share/doc/ntp. I am not sure if the problem was ipchains or something else. The main reason you want the "-u" switch is because only root is allowed access to the ports below 1024. What the "-u" switch actually does is tell "ntpdate" to originate its connection from some high-numbered regular user port instead of the default NTP server port, 123. So any run of "ntpdate" without root privilege should need the "-u" switch. On the other hand, only root can set the clock. So, if "ntpdate" completes successfully and tries to set the clock, this should error out if it is not being run as root. You would at least get an error message. It is certainly possible that you managed to block your own outbound ports using an ipchains rule. I can't think of any obvious way to do this, off the top of my head, but it is easy to get yourself into situations with ipchains where things occur unexpectedly. -- Mike - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
