[PLUG] Dumb script question

Bill Thoen bthoen at gisnet.com
Mon Apr 19 22:58:25 UTC 2010


Marvin Kosmal wrote:
> All
>
> I was assuming the OP was not running NTPD and was using ntpdate to
> set system time
>
> <quote>
> ntpdate  can  be run manually as necessary to set the host clock, or it
>        can be run from the host startup script to set the clock at boot  time.
>        This is useful in some cases to set the clock initially before starting
>        the NTP daemon ntpd. It is also possible to run  ntpdate  from  a  cron
>        script.  However,  it  is important to note that ntpdate with contrived
>        cron scripts is no substitute for the NTP daemon, which uses  sophisti-
>        cated  algorithms to maximize accuracy and reliability while minimizing
>        resource use. Finally, since ntpdate does not discipline the host clock
>        frequency as does ntpd, the accuracy using ntpdate is limited.
> </quote>
>
> So I don't see anything wrong with running ntpdate or rdate once a day
> if you want..  Given NTPD would be better...  Probably not a critical
> issue??
>   
It all depends on how much your time gets shifted suddenly when you use 
ntpdate.  I learned the hard way when that happens all Hell breaks loose 
on a server. If your time kicks backwards by as little as 110 seconds 
all of a sudden, Dovecot will panic and kill itself-- it even announced 
in the log that it was "going to kill myself"), so you lose your IMAP 
connections right away. Other software starts whinging too. The RBL spam 
blocker I had running suddenly started "synchronizing" with its friends 
in Berkeley and elsewhere every few minutes (and since I didn't know at 
the time what this "synchronizing" was all about and coincidentally I 
was just then getting hit with a super large volume of spam (53Mb as it 
turned out, over a couple of hours ). Every daemon starting writing log 
entries at once. Then the Amavis daemon (virus checker) gave up its 
ghost and keeled over dead. I was also getting hundreds of error 
messages from Named like: "validating @0x7f82840008c0: 115.in-addr.arpa 
DNSKEY: bad cache hit (115.in-addr.arpa/DS): 1 Time(s)".  XNTPD got 
killed too after complaining about "no servers reachable", and 
"...cannot be used reason: temporary failure in name resolution." (the 
DNS stopped working too.)

I'm not a wizard at the sysadmin stuff so I 'm not sure if it was the 
boatload of spam that washed in over the transom  just as the time 
change incident occurred, or if it was just the sudden time shift alone, 
or both, but it really rocked /my/ boat. But as I RTFM'ed the Dovecot 
docs later ttrying to figure out WTF happened  the  section in 
TimeMovedBackwards on Dvoecot's wiki 
(http://wiki.dovecot.org/TimeMovedBackwards) explains all the horrible 
things that could happen and make Dovecot's best option being just to 
fall upon its sword.

But I did learn one lesson clearly. Don't fool around with 'date' 
--especially the -s option--  when you're logged in as root so you can 
tinker with a script that has to run as root! 

Bill Thoen
GISnet -  www.gisnet.com
1401 Walnut St., Suite C
Boulder, CO 80302
303-786-9961 tel
303-443-4856 fax




More information about the PLUG mailing list