Ping a Specific Port

Question

molik

Asked: 2021-03-04 00:17:21 +0800 CST2021-03-04 00:17:21 +0800 CST 2021-03-04 00:17:21 +0800 CST

ntpd: permission denied writing to /var/log/ntpstats/ (statsdir directory)

772

I am running a NTP server on an Ubuntu 20.04 LTS. The server work fine and the client poll correctly the server. But i keep getting a permission error when i want to record statistics.

I tried to include the following lines in ntp.conf :

statistics rawstats
statsdir /var/log/ntpstats/
filegen rawstats file raw type day link enable

When looking at systemctl ntp status :

mars 05 09:08:48 RD-NTP ntpd[3534] : can't open /var/log/ntpstats/raw.20210305: Permission denied
mars 05 09:08:50 RD-NTP ntpd[3534] : can't open /var/log/ntpstats/raw.20210305: Permission denied
mars 05 09:08:52 RD-NTP ntpd[3534] : can't open /var/log/ntpstats/raw.20210305: Permission denied
mars 05 09:08:54 RD-NTP ntpd[3534] : can't open /var/log/ntpstats/raw.20210305: Permission denied

But for me, the directory have the correct permissions ls -al :

drwxr-xr-x 2 ntp ntp 4096 april 2 2020 .

Before choosing the default folder, i tried with one i created and adding ntp in the permission using this command : chmod ntp:ntp /home/ubuntu/ntpstats/, it wasnt working so i switched to this one, not working either.

Do you know why ntpd keep getting error even if ntp have the upper hand on the folder ?

2 Answers

Voted

Paul Gear · Answer 1 · 2021-03-04T02:12:52+08:00

It's very likely that what is causing your permissions issue is not permissions bits, but AppArmor. The default AppArmor profile for ntpd on Ubuntu 20.04 (/etc/apparmor.d/usr.sbin.ntpd) contains:

...
/var/log/ntp w,
/var/log/ntp.log w,
/var/log/ntpd w,
/var/log/ntpstats/clockstats* rwl,
/var/log/ntpstats/loopstats*  rwl,
/var/log/ntpstats/peerstats*  rwl,
/var/log/ntpstats/protostats* rwl,
/var/log/ntpstats/rawstats*   rwl,
/var/log/ntpstats/sysstats*   rwl,
...

Note the mismatch in the filename it is expecting compared with the one ntpd is generating. If you change the AppArmor profile line referencing rawstats to be:

/var/log/ntpstats/raw*   rwl,

and reload AppArmor with systemctl reload apparmor, your stats logging will likely work.

Note also that loopstats and peerstats are more likely to be helpful in diagnosing NTP problems than rawstats. (See http://doc.ntp.org/current-stable/monopt.html#types for more on this.) Personally, I think if you're going to bother logging rawstats, you'd be better to just capture every NTP packet on the wire and process it with wireshark or a similar protocol analyser.

Phill W. · Answer 2 · 2021-03-04T01:11:46+08:00

Phill W.

2021-03-04T01:11:46+08:002021-03-04T01:11:46+08:00

What about the file itself? Does that exist already?

Try these:

ls -ld /var/log/ntpstats
ls -ld /var/log/ntpstats/raw.20210305

chmod ntp:ntp /home/ubuntu/ntpstats/

Careful!
chown changes ownerships, not permissions.
chmod changes permissions.

I would suggest that you need a good grasp of these two concepts or you can make a complete mess of your Linux machines.

0

ntpd: permission denied writing to /var/log/ntpstats/ (statsdir directory)

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?