#791572 openntpd: ntpctl fails due to insufficient ntpd.sock permissions

Package:
openntpd
Source:
openntpd
Description:
OpenBSD NTP daemon
Submitter:
Vincent Lefevre
Date:
2026-04-27 01:03:01 UTC
Severity:
wishlist
Tags:
#791572#5
Date:
2015-07-06 10:49:59 UTC
From:
To:
The ntpd.sock file is created with only user and group rw permissions
(for root:root), so that for the end user, ntpctl fails:

$ ntpctl -s all
ntpctl: connect: /var/lib/openntpd/run/ntpd.sock: Permission denied

There's no good reason to become root just for that (with ntp, there's
no need to be root to get similar information via ntpdc).
#791572#14
Date:
2018-07-24 15:48:58 UTC
From:
To:
tags -1 +confirmed +upstream
thanks

Hi Vincent!

I'm double-checking this with upstream, since the implementation of
openntpd goes far on resctricting quite a lot some security concerns on
this socket file.
Moreover, the code seems to have been approaching this socket as a
control socket, which implies that there could be some controlling
capabilities around ntpd daemon (to be set in place in the future, not
right now).

Bare with me a little bit more.


Cheers,

Dererk

ps: sorry about the delay
#791572#19
Date:
2026-04-20 07:50:54 UTC
From:
To:
Can this still be reproduced with 6.8p1-1 in Debian/unstable?

Martin-Éric
#791572#24
Date:
2026-04-21 23:38:30 UTC
From:
To:
zira:~> ll /var/lib/openntpd/run/ntpd.sock
srw-rw---- 1 root root 0 2016-11-05 11:13:44 /var/lib/openntpd/run/ntpd.sock=
zira:~> ntpctl -s all
ntpctl: connect: /var/lib/openntpd/run/ntpd.sock: Permission denied

So I've purged the package and reinstalled it, but got

Setting up openntpd (1:6.8p1-1) ...
/usr/lib/sysusers.d/openntpd.conf:1: Unknown modifier 'u!'.
dpkg: error processing package openntpd (--configure):
 old openntpd package postinst maintainer script subprocess failed with exit status 1
Processing triggers for man-db (2.13.1-1) ...
Errors were encountered while processing:
 openntpd
Error: Sub-process /usr/bin/dpkg returned an error code (1)

Concerning this error, I reported

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134578

Now,

zira:~> ll /var/lib/openntpd/run/ntpd.sock
ls: cannot access '/var/lib/openntpd/run/ntpd.sock': No such file or directory
zira:~> ntpctl -s all
ntpctl: connect: /var/lib/openntpd/run/ntpd.sock: No such file or directory

but this may be due to the above error.
#791572#29
Date:
2026-04-22 00:00:01 UTC
From:
To:
I could try on a more recent machine:

disset:~> ll /var/lib/openntpd/run/ntpd.sock
srw-rw---- 1 root root 0 2026-04-22 01:59:04 /var/lib/openntpd/run/ntpd.sock=
disset:~> ntpctl -s all
ntpctl: connect: /var/lib/openntpd/run/ntpd.sock: Permission denied
#791572#36
Date:
2026-04-24 18:21:22 UTC
From:
To:
Thanks. Could you file a bug report upstream
(https://github.com/openntpd-portable/openntpd-portable/issues)? He
recently resumed development, so hopefully he will respond to it.

Martin-Éric
#791572#45
Date:
2026-04-27 01:02:05 UTC
From:
To:
Control: forwarded -1 https://github.com/openntpd-portable/openntpd-portable/issues/83

OK, done.