* Don't run ntpd as root.

svn path=/nixos/trunk/; revision=7463

configuration/upstart.nix

@@ -84,7 +84,7 @@ import ../upstart-jobs/gather.nix {
   # NTP daemon.
   ++ optional ["services" "ntp" "enable"]
     (import ../upstart-jobs/ntpd.nix {
-      inherit (pkgs) ntp glibc pwdutils writeText;
+      inherit (pkgs) ntp kernel module_init_tools glibc pwdutils writeText;
       servers = config.get ["services" "ntp" "servers"];
     })
 

upstart-jobs/ntpd.nix

@@ -1,4 +1,4 @@
-{ntp, glibc, pwdutils, writeText, servers}:
+{ntp, kernel, module_init_tools, glibc, pwdutils, writeText, servers}:
 
 let
 
@@ -12,6 +12,8 @@ let
     ${toString (map (server: "server " + server + "\n") servers)}
   ";
 
+  ntpFlags = "-c ${config} -u ${ntpUser}:nogroup";
+
 in
 
 {
@@ -34,13 +36,15 @@ start script
     mkdir -m 0755 -p ${stateDir}
     chown ${ntpUser} ${stateDir}
 
-    date
+    # Needed to run ntpd as an unprivileged user.
-    ${ntp}/bin/ntpd -c ${config} -q -g
+    export MODULE_DIR=${kernel}/lib/modules/
-    date
+    ${module_init_tools}/sbin/modprobe capability
+
+    ${ntp}/bin/ntpd -q -g ${ntpFlags}
     
 end script
 
-respawn ${ntp}/bin/ntpd -n -c ${config}
+respawn ${ntp}/bin/ntpd -n ${ntpFlags}
   ";
   
 }