Installation of ntp
There should be a dedicated user and group to take control of the
ntpd daemon after it
is started. Issue the following commands as the root
user:
groupadd -g 87 ntp &&
useradd -c "Network Time Protocol" -d /var/lib/ntp -u 87 \
-g ntp -s /bin/false ntp
Install ntp by running the
following commands:
./configure --prefix=/usr \
--bindir=/usr/sbin \
--sysconfdir=/etc \
--enable-linuxcaps \
--with-lineeditlibs=readline \
--docdir=/usr/share/doc/ntp-4.2.8p17 &&
make
To test the results, issue: make
check.
Now, as the root
user:
make install &&
install -v -o ntp -g ntp -d /var/lib/ntp
Command Explanations
--bindir=/usr/sbin
: This
parameter places the administrative programs in /usr/sbin
.
--enable-linuxcaps
: ntpd is
run as user ntp, so use Linux capabilities for non-root clock
control.
--with-lineeditlibs=readline
: This
switch enables Readline support
for ntpdc and
ntpq programs. If
omitted, libedit will be used if
installed, otherwise no readline capabilities will be compiled.
Configuring ntp
Config Files
/etc/ntp.conf
Configuration Information
The following configuration file first defines various ntp
servers with open access from different continents. Second, it
creates a drift file where ntpd stores the frequency
offset and a pid file to store the ntpd process ID. Since the
documentation included with the package is sparse, visit the ntp
website at https://www.ntp.org/ and https://www.ntppool.org/ for more
information.
cat > /etc/ntp.conf << "EOF"
# Asia
server 0.asia.pool.ntp.org
# Australia
server 0.oceania.pool.ntp.org
# Europe
server 0.europe.pool.ntp.org
# North America
server 0.north-america.pool.ntp.org
# South America
server 2.south-america.pool.ntp.org
driftfile /var/lib/ntp/ntp.drift
pidfile /run/ntpd.pid
EOF
You may wish to add a “Security session”. For explanations, see
https://www.eecis.udel.edu/~mills/ntp/html/accopt.html#restrict.
cat >> /etc/ntp.conf << "EOF"
# Security session
restrict default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
EOF
Synchronizing the Time
There are two options. Option one is to run ntpd continuously and allow it
to synchronize the time in a gradual manner. The other option is
to run ntpd
periodically (using cron) and update the time each time
ntpd is scheduled.
If you choose Option one, then install the ntpd.service
unit
included in the blfs-systemd-units-20240205 package.
make install-ntpd
If you prefer to run ntpd periodically, add the
following command to root
's
crontab
:
ntpd -q
Contents
Installed Programs:
calc_tickadj, ntp-keygen, ntp-wait, ntpd,
ntpdate, ntpdc, ntpq, ntptime, ntptrace, sntp, tickadj, and
update-leap
Installed Libraries:
None
Installed Directories:
/usr/share/ntp, /usr/share/doc/ntp-4.2.8
and /var/lib/ntp
Short Descriptions
calc_tickadj
|
calculates optimal value for tick given ntp drift file
|
ntp-keygen
|
generates cryptographic data files used by the NTPv4
authentication and identification schemes
|
ntp-wait
|
is useful at boot time, to delay the boot sequence until
ntpd has
set the time
|
ntpd
|
is a ntp daemon that runs in the background and keeps the
date and time synchronized based on response from
configured ntp servers. It also functions as a ntp server
|
ntpdate
|
is a client program that sets the date and time based on
the response from an ntp server. This command is
deprecated
|
ntpdc
|
is used to query the ntp daemon about its current state
and to request changes in that state
|
ntpq
|
is a utility program used to monitor ntpd operations and
determine performance
|
ntptime
|
reads and displays time-related kernel variables
|
ntptrace
|
traces a chain of ntp servers back to the primary source
|
sntp
|
is a Simple Network Time Protocol (SNTP) client
|
tickadj
|
reads, and optionally modifies, several
timekeeping-related variables in older kernels that do
not have support for precision timekeeping
|
update-leap
|
is a script to verify and, if necessary, update the
leap-second definition file.
Note
In November 2022, at the 27th General Conference on
Weights and Measures, it was decided to abandon the
leap second. In addition this script hardcodes a URL
for an update file that no longer exists. The last time
a leap second was declared was January 2017. This
script will probably be removed in a future release.
|