278 lines
No EOL
10 KiB
Groff
278 lines
No EOL
10 KiB
Groff
'\" t
|
|
.\" Title: chronyd
|
|
.\" Author: [see the "AUTHOR(S)" section]
|
|
.\" Generator: Asciidoctor 2.0.20
|
|
.\" Date: 2024-10-08
|
|
.\" Manual: System Administration
|
|
.\" Source: chrony @CHRONY_VERSION@
|
|
.\" Language: English
|
|
.\"
|
|
.TH "CHRONYD" "8" "2024-10-08" "chrony @CHRONY_VERSION@" "System Administration"
|
|
.ie \n(.g .ds Aq \(aq
|
|
.el .ds Aq '
|
|
.ss \n[.ss] 0
|
|
.nh
|
|
.ad l
|
|
.de URL
|
|
\fI\\$2\fP <\\$1>\\$3
|
|
..
|
|
.als MTO URL
|
|
.if \n[.g] \{\
|
|
. mso www.tmac
|
|
. am URL
|
|
. ad l
|
|
. .
|
|
. am MTO
|
|
. ad l
|
|
. .
|
|
. LINKSTYLE blue R < >
|
|
.\}
|
|
.SH "NAME"
|
|
chronyd \- chrony daemon
|
|
.SH "SYNOPSIS"
|
|
.sp
|
|
\fBchronyd\fP [\fIOPTION\fP]... [\fIDIRECTIVE\fP]...
|
|
.SH "DESCRIPTION"
|
|
.sp
|
|
\fBchronyd\fP is a daemon for synchronisation of the system clock. It can
|
|
synchronise the clock with NTP servers, reference clocks (e.g. a GPS receiver),
|
|
and manual input using wristwatch and keyboard via \fBchronyc\fP. It can also
|
|
operate as an NTPv4 (RFC 5905) server and peer to provide a time service to
|
|
other computers in the network.
|
|
.sp
|
|
If no configuration directives are specified on the command line, \fBchronyd\fP
|
|
will read them from a configuration file. The compiled\-in default location of
|
|
the file is \fI@SYSCONFDIR@/chrony.conf\fP.
|
|
.sp
|
|
Informational messages, warnings, and errors will be logged to syslog.
|
|
.SH "OPTIONS"
|
|
.sp
|
|
\fB\-4\fP
|
|
.RS 4
|
|
With this option hostnames will be resolved only to IPv4 addresses and only
|
|
IPv4 sockets will be created.
|
|
.RE
|
|
.sp
|
|
\fB\-6\fP
|
|
.RS 4
|
|
With this option hostnames will be resolved only to IPv6 addresses and only
|
|
IPv6 sockets will be created.
|
|
.RE
|
|
.sp
|
|
\fB\-f\fP \fIfile\fP
|
|
.RS 4
|
|
This option can be used to specify an alternate location for the configuration
|
|
file. The compiled\-in default value is \fI@SYSCONFDIR@/chrony.conf\fP.
|
|
.RE
|
|
.sp
|
|
\fB\-n\fP
|
|
.RS 4
|
|
When run in this mode, the program will not detach itself from the terminal.
|
|
.RE
|
|
.sp
|
|
\fB\-d\fP
|
|
.RS 4
|
|
When run in this mode, the program will not detach itself from the terminal,
|
|
and all messages will be written to the terminal instead of syslog. If
|
|
\fBchronyd\fP was compiled with enabled support for debugging, this option can be
|
|
used twice to enable debug messages.
|
|
.RE
|
|
.sp
|
|
\fB\-l\fP \fIfile\fP
|
|
.RS 4
|
|
This option enables writing of log messages to a file instead of syslog or the
|
|
terminal.
|
|
.RE
|
|
.sp
|
|
\fB\-L\fP \fIlevel\fP
|
|
.RS 4
|
|
This option specifies the minimum severity level of messages to be written to
|
|
the log file, syslog, or terminal. The following levels can be specified: \-1
|
|
(debug, if compiled with enabled support for debugging), 0 (informational), 1
|
|
(warning), 2 (non\-fatal error), and 3 (fatal error). The default value is 0.
|
|
.RE
|
|
.sp
|
|
\fB\-p\fP
|
|
.RS 4
|
|
When run in this mode, \fBchronyd\fP will print the configuration and exit. It will
|
|
not detach from the terminal. This option can be used to verify the syntax of
|
|
the configuration and get the whole configuration, even if it is split into
|
|
multiple files and read by the \fBinclude\fP or \fBconfdir\fP directive.
|
|
.RE
|
|
.sp
|
|
\fB\-q\fP
|
|
.RS 4
|
|
When run in this mode, \fBchronyd\fP will set the system clock once and exit. It
|
|
will not detach from the terminal.
|
|
.RE
|
|
.sp
|
|
\fB\-Q\fP
|
|
.RS 4
|
|
This option is similar to the \fB\-q\fP option, except it only prints the offset
|
|
without making any corrections of the clock and disables server ports to allow
|
|
\fBchronyd\fP to be started without root privileges, assuming the configuration
|
|
does not have any directives which would require them (e.g. \fBrefclock\fP,
|
|
\fBhwtimestamp\fP, \fBrtcfile\fP, etc).
|
|
.RE
|
|
.sp
|
|
\fB\-r\fP
|
|
.RS 4
|
|
This option will try to reload and then delete files containing sample
|
|
histories for each of the servers and reference clocks being used. The
|
|
files are expected to be in the directory specified by the
|
|
\fBdumpdir\fP
|
|
directive in the configuration file. This option is useful if you want to stop
|
|
and restart \fBchronyd\fP briefly for any reason, e.g. to install a new version.
|
|
However, it should be used only on systems where the kernel can maintain clock
|
|
compensation whilst not under \fBchronyd\fP\*(Aqs control (i.e. Linux, FreeBSD, NetBSD,
|
|
illumos, and macOS 10.13 or later).
|
|
.RE
|
|
.sp
|
|
\fB\-R\fP
|
|
.RS 4
|
|
When this option is used, the \fBinitstepslew\fP
|
|
directive and the \fBmakestep\fP directive used with
|
|
a positive limit will be ignored. This option is useful when restarting
|
|
\fBchronyd\fP and can be used in conjunction with the \fB\-r\fP option.
|
|
.RE
|
|
.sp
|
|
\fB\-s\fP
|
|
.RS 4
|
|
This option will set the system clock from the computer\(cqs real\-time clock (RTC)
|
|
or to the last modification time of the file specified by the
|
|
\fBdriftfile\fP directive. Real\-time clocks are
|
|
supported only on Linux.
|
|
.sp
|
|
If used in conjunction with the \fB\-r\fP flag, \fBchronyd\fP will attempt to preserve
|
|
the old samples after setting the system clock from the RTC. This can be used
|
|
to allow \fBchronyd\fP to perform long term averaging of the gain or loss rate
|
|
across system reboots, and is useful for systems with intermittent access to
|
|
network that are shut down when not in use. For this to work well, it relies
|
|
on \fBchronyd\fP having been able to determine accurate statistics for the
|
|
difference between the RTC and system clock last time the computer was on.
|
|
.sp
|
|
If the last modification time of the drift file is later than both the current
|
|
time and the RTC time, the system time will be set to it to restore the time
|
|
when \fBchronyd\fP was previously stopped. This is useful on computers that have no
|
|
RTC or the RTC is broken (e.g. it has no battery).
|
|
.RE
|
|
.sp
|
|
\fB\-t\fP \fItimeout\fP
|
|
.RS 4
|
|
This option sets a timeout (in seconds) after which \fBchronyd\fP will exit. If the
|
|
clock is not synchronised, it will exit with a non\-zero status. This is useful
|
|
with the \fB\-q\fP or \fB\-Q\fP option to shorten the maximum time waiting for
|
|
measurements, or with the \fB\-r\fP option to limit the time when \fBchronyd\fP is
|
|
running, but still allow it to adjust the frequency of the system clock.
|
|
.RE
|
|
.sp
|
|
\fB\-u\fP \fIuser\fP
|
|
.RS 4
|
|
This option sets the name of the system user to which \fBchronyd\fP will switch
|
|
after start in order to drop root privileges. It overrides the
|
|
\fBuser\fP directive. The compiled\-in default value is
|
|
\fI@DEFAULT_USER@\fP.
|
|
.sp
|
|
On Linux, \fBchronyd\fP needs to be compiled with support for the \fBlibcap\fP library.
|
|
On macOS, FreeBSD, NetBSD, and illumos \fBchronyd\fP forks into two processes.
|
|
The child process retains root privileges, but can only perform a very limited
|
|
range of privileged system calls on behalf of the parent.
|
|
.RE
|
|
.sp
|
|
\fB\-U\fP
|
|
.RS 4
|
|
This option disables a check for root privileges to allow \fBchronyd\fP to be
|
|
started under a non\-root user, assuming the process will have all capabilities
|
|
(e.g. provided by the service manager) and access to all files, directories,
|
|
and devices, needed to operate correctly in the specified configuration. Note
|
|
that different capabilities might be needed with different configurations and
|
|
different Linux kernel versions. Starting \fBchronyd\fP under a non\-root user is
|
|
not recommended when the configuration is not known, or at least limited to
|
|
specific directives.
|
|
.RE
|
|
.sp
|
|
\fB\-F\fP \fIlevel\fP
|
|
.RS 4
|
|
This option configures system call filters loaded by \fBchronyd\fP processes if it
|
|
was compiled with support for the Linux secure computing (seccomp) facility.
|
|
Three levels are defined: 0, 1, 2. The filters are disabled at level 0. At
|
|
levels 1 and 2, \fBchronyd\fP will be killed if it makes a system call which is
|
|
blocked by the filters. The level can be specified as a negative number to
|
|
trigger the SIGSYS signal instead of SIGKILL, which can be useful for
|
|
debugging. The default value is 0.
|
|
.sp
|
|
At level 1, the filters allow only selected system calls that are normally
|
|
expected to be made by \fBchronyd\fP. Other system calls are blocked. This level is
|
|
recommended only if it is known to work on the version of the system where
|
|
\fBchrony\fP is installed. The filters need to allow also system calls made by
|
|
libraries that \fBchronyd\fP is using (e.g. libc), but different versions or
|
|
implementations of the libraries might make different system calls. If the
|
|
filters are missing a system call, \fBchronyd\fP could be killed even in normal
|
|
operation.
|
|
.sp
|
|
At level 2, the filters block only a small number of specific system calls
|
|
(e.g. fork and exec). This approach should avoid false positives, but the
|
|
protection of the system against a compromised \fBchronyd\fP process is much more
|
|
limited.
|
|
.sp
|
|
The filters cannot be enabled with the \fBmailonchange\fP directive.
|
|
.RE
|
|
.sp
|
|
\fB\-P\fP \fIpriority\fP
|
|
.RS 4
|
|
On Linux, FreeBSD, NetBSD, and illumos this option will select the SCHED_FIFO
|
|
real\-time scheduler at the specified priority (which must be between 0 and
|
|
100). On macOS, this option must have either a value of 0 to disable the thread
|
|
time constraint policy or 1 for the policy to be enabled. Other systems do not
|
|
support this option. The default value is 0.
|
|
.RE
|
|
.sp
|
|
\fB\-m\fP
|
|
.RS 4
|
|
This option will lock \fBchronyd\fP into RAM so that it will never be paged out.
|
|
This mode is only supported on Linux, FreeBSD, NetBSD, and illumos.
|
|
.RE
|
|
.sp
|
|
\fB\-x\fP
|
|
.RS 4
|
|
This option disables the control of the system clock. \fBchronyd\fP will not try to
|
|
make any adjustments of the clock. It will assume the clock is free running and
|
|
still track its offset and frequency relative to the estimated true time. This
|
|
option allows \fBchronyd\fP to be started without the capability to adjust or set
|
|
the system clock (e.g. in some containers) to operate as an NTP server.
|
|
.RE
|
|
.sp
|
|
\fB\-v\fP, \fB\-\-version\fP
|
|
.RS 4
|
|
With this option \fBchronyd\fP will print version number to the terminal and exit.
|
|
.RE
|
|
.sp
|
|
\fB\-h\fP, \fB\-\-help\fP
|
|
.RS 4
|
|
With this option \fBchronyd\fP will print a help message to the terminal and exit.
|
|
.RE
|
|
.SH "ENVIRONMENT VARIABLES"
|
|
.sp
|
|
\fBLISTEN_FDS\fP
|
|
.RS 4
|
|
On Linux systems, the systemd service manager may pass file descriptors for
|
|
pre\-initialised sockets to \fBchronyd\fP. The service manager allocates and binds
|
|
the file descriptors, and passes a copy to each spawned instance of the
|
|
service. This allows for zero\-downtime service restarts as the sockets buffer
|
|
client requests until the service is able to handle them. The service manager
|
|
sets the LISTEN_FDS environment variable to the number of passed file
|
|
descriptors.
|
|
.RE
|
|
.SH "FILES"
|
|
.sp
|
|
\fI@SYSCONFDIR@/chrony.conf\fP
|
|
.SH "SEE ALSO"
|
|
.sp
|
|
\fBchronyc(1)\fP, \fBchrony.conf(5)\fP
|
|
.SH "BUGS"
|
|
.sp
|
|
For instructions on how to report bugs, please visit
|
|
.URL "https://chrony\-project.org/" "" "."
|
|
.SH "AUTHORS"
|
|
.sp
|
|
chrony was written by Richard Curnow, Miroslav Lichvar, and others. |