diff options
Diffstat (limited to 'doc/chronyd.man.in')
-rw-r--r-- | doc/chronyd.man.in | 278 |
1 files changed, 278 insertions, 0 deletions
diff --git a/doc/chronyd.man.in b/doc/chronyd.man.in new file mode 100644 index 0000000..96e87a0 --- /dev/null +++ b/doc/chronyd.man.in @@ -0,0 +1,278 @@ +'\" t +.\" Title: chronyd +.\" Author: [see the "AUTHOR(S)" section] +.\" Generator: Asciidoctor 2.0.20 +.\" Date: 2023-12-05 +.\" Manual: System Administration +.\" Source: chrony @CHRONY_VERSION@ +.\" Language: English +.\" +.TH "CHRONYD" "8" "2023-12-05" "chrony @CHRONY_VERSION@" "System Administration" +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.ss \n[.ss] 0 +.nh +.ad l +.de URL +\fI\\$2\fP <\\$1>\\$3 +.. +.als MTO URL +.if \n[.g] \{\ +. mso www.tmac +. am URL +. ad l +. . +. am MTO +. ad l +. . +. LINKSTYLE blue R < > +.\} +.SH "NAME" +chronyd \- chrony daemon +.SH "SYNOPSIS" +.sp +\fBchronyd\fP [\fIOPTION\fP]... [\fIDIRECTIVE\fP]... +.SH "DESCRIPTION" +.sp +\fBchronyd\fP is a daemon for synchronisation of the system clock. It can +synchronise the clock with NTP servers, reference clocks (e.g. a GPS receiver), +and manual input using wristwatch and keyboard via \fBchronyc\fP. It can also +operate as an NTPv4 (RFC 5905) server and peer to provide a time service to +other computers in the network. +.sp +If no configuration directives are specified on the command line, \fBchronyd\fP +will read them from a configuration file. The compiled\-in default location of +the file is \fI@SYSCONFDIR@/chrony.conf\fP. +.sp +Informational messages, warnings, and errors will be logged to syslog. +.SH "OPTIONS" +.sp +\fB\-4\fP +.RS 4 +With this option hostnames will be resolved only to IPv4 addresses and only +IPv4 sockets will be created. +.RE +.sp +\fB\-6\fP +.RS 4 +With this option hostnames will be resolved only to IPv6 addresses and only +IPv6 sockets will be created. +.RE +.sp +\fB\-f\fP \fIfile\fP +.RS 4 +This option can be used to specify an alternate location for the configuration +file. The compiled\-in default value is \fI@SYSCONFDIR@/chrony.conf\fP. +.RE +.sp +\fB\-n\fP +.RS 4 +When run in this mode, the program will not detach itself from the terminal. +.RE +.sp +\fB\-d\fP +.RS 4 +When run in this mode, the program will not detach itself from the terminal, +and all messages will be written to the terminal instead of syslog. If +\fBchronyd\fP was compiled with enabled support for debugging, this option can be +used twice to enable debug messages. +.RE +.sp +\fB\-l\fP \fIfile\fP +.RS 4 +This option enables writing of log messages to a file instead of syslog or the +terminal. +.RE +.sp +\fB\-L\fP \fIlevel\fP +.RS 4 +This option specifies the minimum severity level of messages to be written to +the log file, syslog, or terminal. The following levels can be specified: \-1 +(debug, if compiled with enabled support for debugging), 0 (informational), 1 +(warning), 2 (non\-fatal error), and 3 (fatal error). The default value is 0. +.RE +.sp +\fB\-p\fP +.RS 4 +When run in this mode, \fBchronyd\fP will print the configuration and exit. It will +not detach from the terminal. This option can be used to verify the syntax of +the configuration and get the whole configuration, even if it is split into +multiple files and read by the \fBinclude\fP or \fBconfdir\fP directive. +.RE +.sp +\fB\-q\fP +.RS 4 +When run in this mode, \fBchronyd\fP will set the system clock once and exit. It +will not detach from the terminal. +.RE +.sp +\fB\-Q\fP +.RS 4 +This option is similar to the \fB\-q\fP option, except it only prints the offset +without making any corrections of the clock and disables server ports to allow +\fBchronyd\fP to be started without root privileges, assuming the configuration +does not have any directives which would require them (e.g. \fBrefclock\fP, +\fBhwtimestamp\fP, \fBrtcfile\fP, etc). +.RE +.sp +\fB\-r\fP +.RS 4 +This option will try to reload and then delete files containing sample +histories for each of the servers and reference clocks being used. The +files are expected to be in the directory specified by the +\fBdumpdir\fP +directive in the configuration file. This option is useful if you want to stop +and restart \fBchronyd\fP briefly for any reason, e.g. to install a new version. +However, it should be used only on systems where the kernel can maintain clock +compensation whilst not under \fBchronyd\fP\*(Aqs control (i.e. Linux, FreeBSD, NetBSD, +illumos, and macOS 10.13 or later). +.RE +.sp +\fB\-R\fP +.RS 4 +When this option is used, the \fBinitstepslew\fP +directive and the \fBmakestep\fP directive used with +a positive limit will be ignored. This option is useful when restarting +\fBchronyd\fP and can be used in conjunction with the \fB\-r\fP option. +.RE +.sp +\fB\-s\fP +.RS 4 +This option will set the system clock from the computer\(cqs real\-time clock (RTC) +or to the last modification time of the file specified by the +\fBdriftfile\fP directive. Real\-time clocks are +supported only on Linux. +.sp +If used in conjunction with the \fB\-r\fP flag, \fBchronyd\fP will attempt to preserve +the old samples after setting the system clock from the RTC. This can be used +to allow \fBchronyd\fP to perform long term averaging of the gain or loss rate +across system reboots, and is useful for systems with intermittent access to +network that are shut down when not in use. For this to work well, it relies +on \fBchronyd\fP having been able to determine accurate statistics for the +difference between the RTC and system clock last time the computer was on. +.sp +If the last modification time of the drift file is later than both the current +time and the RTC time, the system time will be set to it to restore the time +when \fBchronyd\fP was previously stopped. This is useful on computers that have no +RTC or the RTC is broken (e.g. it has no battery). +.RE +.sp +\fB\-t\fP \fItimeout\fP +.RS 4 +This option sets a timeout (in seconds) after which \fBchronyd\fP will exit. If the +clock is not synchronised, it will exit with a non\-zero status. This is useful +with the \fB\-q\fP or \fB\-Q\fP option to shorten the maximum time waiting for +measurements, or with the \fB\-r\fP option to limit the time when \fBchronyd\fP is +running, but still allow it to adjust the frequency of the system clock. +.RE +.sp +\fB\-u\fP \fIuser\fP +.RS 4 +This option sets the name of the system user to which \fBchronyd\fP will switch +after start in order to drop root privileges. It overrides the +\fBuser\fP directive. The compiled\-in default value is +\fI@DEFAULT_USER@\fP. +.sp +On Linux, \fBchronyd\fP needs to be compiled with support for the \fBlibcap\fP library. +On macOS, FreeBSD, NetBSD, and illumos \fBchronyd\fP forks into two processes. +The child process retains root privileges, but can only perform a very limited +range of privileged system calls on behalf of the parent. +.RE +.sp +\fB\-U\fP +.RS 4 +This option disables a check for root privileges to allow \fBchronyd\fP to be +started under a non\-root user, assuming the process will have all capabilities +(e.g. provided by the service manager) and access to all files, directories, +and devices, needed to operate correctly in the specified configuration. Note +that different capabilities might be needed with different configurations and +different Linux kernel versions. Starting \fBchronyd\fP under a non\-root user is +not recommended when the configuration is not known, or at least limited to +specific directives. +.RE +.sp +\fB\-F\fP \fIlevel\fP +.RS 4 +This option configures system call filters loaded by \fBchronyd\fP processes if it +was compiled with support for the Linux secure computing (seccomp) facility. +Three levels are defined: 0, 1, 2. The filters are disabled at level 0. At +levels 1 and 2, \fBchronyd\fP will be killed if it makes a system call which is +blocked by the filters. The level can be specified as a negative number to +trigger the SIGSYS signal instead of SIGKILL, which can be useful for +debugging. The default value is 0. +.sp +At level 1, the filters allow only selected system calls that are normally +expected to be made by \fBchronyd\fP. Other system calls are blocked. This level is +recommended only if it is known to work on the version of the system where +\fBchrony\fP is installed. The filters need to allow also system calls made by +libraries that \fBchronyd\fP is using (e.g. libc), but different versions or +implementations of the libraries might make different system calls. If the +filters are missing a system call, \fBchronyd\fP could be killed even in normal +operation. +.sp +At level 2, the filters block only a small number of specific system calls +(e.g. fork and exec). This approach should avoid false positives, but the +protection of the system against a compromised \fBchronyd\fP process is much more +limited. +.sp +The filters cannot be enabled with the \fBmailonchange\fP directive. +.RE +.sp +\fB\-P\fP \fIpriority\fP +.RS 4 +On Linux, FreeBSD, NetBSD, and illumos this option will select the SCHED_FIFO +real\-time scheduler at the specified priority (which must be between 0 and +100). On macOS, this option must have either a value of 0 to disable the thread +time constraint policy or 1 for the policy to be enabled. Other systems do not +support this option. The default value is 0. +.RE +.sp +\fB\-m\fP +.RS 4 +This option will lock \fBchronyd\fP into RAM so that it will never be paged out. +This mode is only supported on Linux, FreeBSD, NetBSD, and illumos. +.RE +.sp +\fB\-x\fP +.RS 4 +This option disables the control of the system clock. \fBchronyd\fP will not try to +make any adjustments of the clock. It will assume the clock is free running and +still track its offset and frequency relative to the estimated true time. This +option allows \fBchronyd\fP to be started without the capability to adjust or set +the system clock (e.g. in some containers) to operate as an NTP server. +.RE +.sp +\fB\-v\fP, \fB\-\-version\fP +.RS 4 +With this option \fBchronyd\fP will print version number to the terminal and exit. +.RE +.sp +\fB\-h\fP, \fB\-\-help\fP +.RS 4 +With this option \fBchronyd\fP will print a help message to the terminal and exit. +.RE +.SH "ENVIRONMENT VARIABLES" +.sp +\fBLISTEN_FDS\fP +.RS 4 +On Linux systems, the systemd service manager may pass file descriptors for +pre\-initialised sockets to \fBchronyd\fP. The service manager allocates and binds +the file descriptors, and passes a copy to each spawned instance of the +service. This allows for zero\-downtime service restarts as the sockets buffer +client requests until the service is able to handle them. The service manager +sets the LISTEN_FDS environment variable to the number of passed file +descriptors. +.RE +.SH "FILES" +.sp +\fI@SYSCONFDIR@/chrony.conf\fP +.SH "SEE ALSO" +.sp +\fBchronyc(1)\fP, \fBchrony.conf(5)\fP +.SH "BUGS" +.sp +For instructions on how to report bugs, please visit +.URL "https://chrony\-project.org/" "" "." +.SH "AUTHORS" +.sp +chrony was written by Richard Curnow, Miroslav Lichvar, and others.
\ No newline at end of file |