Score:0

Ubuntu

ntpd says it can't open /var/log/ntpd.log even though the file is owned by ntp:ntp, what gives?

Alexis Wilke

11/21/22, 8:53 PM

I have three Ubuntu servers, one of which is able to save its log in the /var/log/ntp.log file, the other two are not.

The configuration looks like this in all of them (clearly uncommented):

logfile /var/log/ntp.log

Here is how the file looks:

$ ls -l /var/log/ntp.log
-rw-r--r-- 1 ntp ntp 0 Jul 21 13:13 /var/log/ntp.log

Yet, I get this error on two machines:

Jul 21 13:19:01 ubuntu ntpd[18128]: Cannot open logfile /var/log/ntp.log: Permission denied

What else can I do than creating the file and making sure it's owned by ntp in terms of permissions?

touch /var/log/ntp.log
chown ntp:ntp /var/log/ntp.log

I'm suspecting it has something to do with apparmor (i.e. the computer without apparmor is the one that works as expected), but I don't see any reason why it would fail.

The /etc/apparmor.d/usr.sbin.ntpd file says:

[...snip...] /var/log/ntp w, /var/log/ntp.log w, /var/log/ntpd w, [...snip...]

I can see a DENIED error from apparmor, but it doesn't seem to be related:

Jul 21 13:33:50 ubuntu kernel: [369654.558541] audit: type=1400 audit(1626899630.124:990): apparmor="DENIED" operation="ope n" profile="/usr/sbin/ntpd" name="/snap/bin/" pid=19628 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

As we can see, it tried to open /snap/bin, not /var/log/ntp.log. Just in case I tried to change the ntp.log permissions to rw instead of just w and it made no difference.

Also I want to clearly state that I'm not use a snap package:

$ dpkg -l ntp
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                            Version              Architecture         Description
+++-===============================-====================-====================-===================================================================
ii  ntp                             1:4.2.8p10+dfsg-5ubu amd64                Network Time Protocol daemon and utility programs

Various Posts I've found which, so far, have not help:

https://serverfault.com/questions/1055736/ntpd-permission-denied-writing-to-var-log-ntpstats-statsdir-directory
https://unix.stackexchange.com/questions/116591/why-am-i-getting-apparmor-error-messages-in-the-syslog-about-ntp-and-ldap
https://help.ubuntu.com/community/AppArmor

$ bash pathlld /var/log/ntp.log 
drwxr-xr-x 25 root root 4096 Jun 24 06:42 /
/dev/sdb3 on / type ext4 (rw,relatime,data=ordered)
drwxr-xr-x 21 root root 4096 May 12  2020 /var
/dev/mapper/users-var on /var type ext4 (rw,relatime,data=ordered)
drwxrwxr-x 26 root syslog 4096 Jul 21 13:29 /var/log
-rw-r--r-- 1 ntp ntp 0 Jul 21 13:13 /var/log/ntp.log

165

0 + 4

server

permissions

ntp

18.04

waltinator

11/21/22, 10:26 PM

Explore your permission/ownership problems with `https://github.com/waltinator/pathlld`. A `bash` script to answer "Why can't I Read/Write that file?".

Alexis Wilke

11/21/22, 10:39 PM

Cool, but that didn't help...

waltinator

11/22/22, 2:04 AM

Please [Edit] your question and show us, properly formatted, `sudo ./pathlld /var/log/ntpd.log`, and explain how it "didn't help".

Alexis Wilke

11/23/22, 4:37 PM

@waltinator "didn't help" -> it's still not sending the log data to the `ntp.log` file. (notice that you can't have the 'd' in `ntp.log` since that's forbidden by apparmor; that said, it had the 'd' at first and it wasn't working either.)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: ntpd says it can't open /var/log/ntpd.log even though the file is owned by ntp:ntp, what gives?

TH: ntpd บอกว่าไม่สามารถเปิด /var/log/ntpd.log แม้ว่าไฟล์จะเป็นเจ้าของโดย ntp:ntp อะไรให้

RO: ntpd spune că nu poate deschide /var/log/ntpd.log chiar dacă fișierul este deținut de ntp:ntp, ce oferă?

RU: ntpd говорит, что не может открыть /var/log/ntpd.log, хотя файл принадлежит ntp:ntp, что дает?

VI: ntpd nói rằng nó không thể mở /var/log/ntpd.log mặc dù tệp thuộc sở hữu của ntp:ntp, điều gì mang lại?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.