[system-administrators-guide] Updates after review by mlichvar

stephenw stephenw at fedoraproject.org
Thu Jul 31 10:38:55 UTC 2014 

commit d24e8a2539ec0772bedf69d38bd8c2970209630b
Author: Stephen Wadeley <swadeley at redhat.com>
Date:   Thu Jul 31 11:47:43 2014 +0200

    Updates after review by mlichvar

 en-US/Configuring_NTP_Using_ntpd.xml |   21 ++++++++-------------
 1 files changed, 8 insertions(+), 13 deletions(-)
---
diff --git a/en-US/Configuring_NTP_Using_ntpd.xml b/en-US/Configuring_NTP_Using_ntpd.xml
index e14ebdc..1246238 100644
--- a/en-US/Configuring_NTP_Using_ntpd.xml
+++ b/en-US/Configuring_NTP_Using_ntpd.xml
@@ -210,22 +210,20 @@ Virtual machines cannot access a real hardware clock and a virtual clock is not
    <term>The access control entries</term>
     <listitem>
    <para>
-     The following lines setup the default access control restrictions:<screen>
-restrict default kod nomodify notrap nopeer noquery
-restrict -6 default kod nomodify notrap nopeer noquery</screen>
-The <option>kod</option> option means a <quote>Kiss-o'-death</quote> packet is to be sent to reduce unwanted queries. 
+     The following line sets the default access control restriction:
+     <screen>restrict default kod nomodify notrap nopeer noquery</screen>
+The <option>kod</option> option means a <quote>Kiss-o'-death</quote> packet is to be sent to reduce unwanted queries.
 The <option>nomodify</option> options prevents any changes to the configuration.
 The <option>notrap</option> option prevents <systemitem class="protocol">ntpdc</systemitem> control message protocol traps.
 The <option>nopeer</option> option prevents a peer association being formed.
 The <option>noquery</option> option prevents <systemitem class="protocol">ntpq</systemitem> and <systemitem class="protocol">ntpdc</systemitem> queries, but not time queries, from being answered.
-The <option>-6</option> option is required before an <systemitem class="protocol">IPv6</systemitem> address.
    </para>
       <para>
         Addresses within the range <systemitem class="ipaddress">127.0.0.0/8</systemitem> range are sometimes required by various processes or applications. As the "restrict default" line above prevents access to everything not explicitly allowed, access to the standard loopback address for <systemitem class="protocol">IPv4</systemitem> and <systemitem class="protocol">IPv6</systemitem> is permitted by means of the following lines:
         <screen># the administrative functions.
-restrict 127.0.0.1 
-restrict -6 ::1</screen>
-        Addresses can be added underneath if specifically required by another application. The <option>-6</option> option is required before an <systemitem class="protocol">IPv6</systemitem> address.
+restrict 127.0.0.1
+restrict ::1</screen>
+        Addresses can be added underneath if specifically required by another application.
       </para>
       <para>
         Hosts on the local network are not permitted because of the "restrict default" line above. To change this, for example to allow hosts from the <systemitem class="ipaddress">192.0.2.0/24</systemitem> network to query the time and statistics but nothing more, a line in the following format is required:
@@ -276,15 +274,12 @@ server 3.fedora.pool.ntp.org iburst</screen>
   <title>Understanding the ntpd Sysconfig File</title>
   <para>
     The file will be read by the <systemitem class="daemon">ntpd</systemitem> init script on service start. The default contents is as follows:
-    <screen># Drop root to id 'ntp:ntp' by default.
-OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g"</screen>
+    <screen># Command line options for ntpd
+OPTIONS="-g"</screen>
   </para>
   <para>
     The <option>-g</option> option enables <systemitem class="daemon">ntpd</systemitem> to ignore the offset limit of 1000s and attempt to synchronize the time even if the offset is larger than 1000s, but only on system start. Without that option <application>ntpd</application> will exit if the time offset is greater than 1000s. It will also exit after system start if the service is restarted and the offset is greater than 1000s even with the <option>-g</option> option.
   </para>
-  <para>
-    The <option>-p</option> option sets the path to the pid file and <option>-u</option> sets the user and group to which the daemon should drop the root privileges.
-  </para>
 </section>

More information about the docs-commits mailing list