You are not logged in.

Pages: 1

#1 2011-02-08 13:47:58

gaudencio
Member
Registered: 2009-03-30
Posts: 33

network sync of time with date -s

hi all, I never know quite where to put these oddball/miscellaneous questions, so mods feel free to move it if necessary

my question then
I've had a bit of trouble getting openntp to sync to a local server, and I'm wary of opening up ports unnecessarily as it doubles as a private webserver (and my security skills aren't so hot), so I decided to simply sync the time to local computers (which have ssh access to the server) using:
sudo date -s "`ssh servername date`"

this works fine, but what I want to know is whether it's safe to put in a cronjob? I skimmed through the manpages of adjtime, and it seems pretty crucial that the hwclock is not adjusted by large amounts when compiling.

Is this a serious risk? It's not a big deal for me to just do it manually with a bash alias, but it would be nice if it was in cron.

thanks

\\\edit - sorry, forgot to mention that the local pcs don't have net access - before anyone suggests just using ntp on all of them.

Last edited by gaudencio (2011-02-08 13:49:17)

Offline

#2 2011-02-08 14:16:15

Stebalien
Member
Registered: 2010-04-27
Posts: 1,237
Website

Re: network sync of time with date -s

If the hardware clock staying constant is a problem, don't update it. Arch does this automatically on shutdown.

Steven [ web : git ]
GPG:  327B 20CE 21EA 68CF A7748675 7C92 3221 5899 410C
Do not email: honeypot@stebalien.com

Offline

#3 2011-02-08 16:13:21

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,774

Re: network sync of time with date -s

gaudencio wrote:

,,, I decided to simply sync the time to local computers (which have ssh access to the server) using:
sudo date -s "`ssh servername date`"

this works fine, but what I want to know is whether it's safe to put in a cronjob?...

Cute, I like it.

Questions:
Do you trust servername?
Is there any response that servername can return to you that could hurt you?
Is the timebase for servername stable enough for you?
The command might have a second or two of latency.  Can you tolerate time deltas on the order of a couple seconds (are you evaluating time tagged log entrys between systems that require sub-second resolution)?
What happens if a user of privilege changes the time on servername?
What happens at programmed time changes (Daylight Savings)  Consider using the date -u option.  That also solves the problem for machines that may be set for a different time zone.

In general, yes I think a cronjob might be safe in your case.  I would not run it more than once or twice a day -- certainly not hourly.  I would include some sanity checks (look for unreasonable deltas).  You might consider logging the deltas in case you need to analyze this some time.

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#4 2011-02-08 20:41:42

gaudencio
Member
Registered: 2009-03-30
Posts: 33

Re: network sync of time with date -s

@ewaller - I think I should have said "doesn't break something I don't understand while compiling" instead of "safe". From a network security standpoint, yes, I trust it, in that it's a home server that's sitting in front of me. If someone cracks into it, I've got bigger problems than them messing around with the clocks on my network, and a few thousandth of a milliseconds latency isn't a particular problem for my daily activities.....I like the -u option though, I'll add that, thanks.

Anyway, the real question was that after reading the adjtime man pages it seems like a bad idea to adjust the time while something's compiling, so I was asking if this is a real risk or not? If it so happens that I'm compiling a package from aur and the cronjob happens to reset the time simultaneously, will chaos ensue, or is it unlikely I'd even notice?

@Stebalien, I'm not sure why, but even when I set the clock on one of my local pcs, within a week or so it has messed itself up again. I haven't looked into how arch updates the clock on shutdown, but that might even be part of the problem. Not sure, but syncing the clocks every now and then is no big deal, would just be a little nicer to automate it

Thanks

Offline

#5 2011-02-08 20:44:14

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,183

Re: network sync of time with date -s

gaudencio, Have a look at Time Skew in this wiki article :

https://wiki.archlinux.org/index.php/Time#Time_Skew

It would help you rectify the time problem you have.

Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#6 2011-02-08 22:19:36

gaudencio
Member
Registered: 2009-03-30
Posts: 33

Re: network sync of time with date -s

@inxsible - that makes perfect sense as to why this pc has always had weird times. Thanks. I'm still wondering whether the sync itself would be a danger in a cron job though

Offline

Pages: 1

Board footer

Powered by FluxBB