summaryrefslogtreecommitdiffstats
path: root/doc/chronyd.man.in
blob: 35d6819df1d19fecffb5eaf8420362e7c6e9e6c4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
'\" t
.\"     Title: chronyd
.\"    Author: [see the "AUTHOR(S)" section]
.\" Generator: Asciidoctor 2.0.20
.\"      Date: 2024-08-29
.\"    Manual: System Administration
.\"    Source: chrony @CHRONY_VERSION@
.\"  Language: English
.\"
.TH "CHRONYD" "8" "2024-08-29" "chrony @CHRONY_VERSION@" "System Administration"
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.ss \n[.ss] 0
.nh
.ad l
.de URL
\fI\\$2\fP <\\$1>\\$3
..
.als MTO URL
.if \n[.g] \{\
.  mso www.tmac
.  am URL
.    ad l
.  .
.  am MTO
.    ad l
.  .
.  LINKSTYLE blue R < >
.\}
.SH "NAME"
chronyd \- chrony daemon
.SH "SYNOPSIS"
.sp
\fBchronyd\fP [\fIOPTION\fP]... [\fIDIRECTIVE\fP]...
.SH "DESCRIPTION"
.sp
\fBchronyd\fP is a daemon for synchronisation of the system clock. It can
synchronise the clock with NTP servers, reference clocks (e.g. a GPS receiver),
and manual input using wristwatch and keyboard via \fBchronyc\fP. It can also
operate as an NTPv4 (RFC 5905) server and peer to provide a time service to
other computers in the network.
.sp
If no configuration directives are specified on the command line, \fBchronyd\fP
will read them from a configuration file. The compiled\-in default location of
the file is \fI@SYSCONFDIR@/chrony.conf\fP.
.sp
Informational messages, warnings, and errors will be logged to syslog.
.SH "OPTIONS"
.sp
\fB\-4\fP
.RS 4
With this option hostnames will be resolved only to IPv4 addresses and only
IPv4 sockets will be created.
.RE
.sp
\fB\-6\fP
.RS 4
With this option hostnames will be resolved only to IPv6 addresses and only
IPv6 sockets will be created.
.RE
.sp
\fB\-f\fP \fIfile\fP
.RS 4
This option can be used to specify an alternate location for the configuration
file. The compiled\-in default value is \fI@SYSCONFDIR@/chrony.conf\fP.
.RE
.sp
\fB\-n\fP
.RS 4
When run in this mode, the program will not detach itself from the terminal.
.RE
.sp
\fB\-d\fP
.RS 4
When run in this mode, the program will not detach itself from the terminal,
and all messages will be written to the terminal instead of syslog. If
\fBchronyd\fP was compiled with enabled support for debugging, this option can be
used twice to enable debug messages.
.RE
.sp
\fB\-l\fP \fIfile\fP
.RS 4
This option enables writing of log messages to a file instead of syslog or the
terminal.
.RE
.sp
\fB\-L\fP \fIlevel\fP
.RS 4
This option specifies the minimum severity level of messages to be written to
the log file, syslog, or terminal. The following levels can be specified: \-1
(debug, if compiled with enabled support for debugging), 0 (informational), 1
(warning), 2 (non\-fatal error), and 3 (fatal error). The default value is 0.
.RE
.sp
\fB\-p\fP
.RS 4
When run in this mode, \fBchronyd\fP will print the configuration and exit. It will
not detach from the terminal. This option can be used to verify the syntax of
the configuration and get the whole configuration, even if it is split into
multiple files and read by the \fBinclude\fP or \fBconfdir\fP directive.
.RE
.sp
\fB\-q\fP
.RS 4
When run in this mode, \fBchronyd\fP will set the system clock once and exit. It
will not detach from the terminal.
.RE
.sp
\fB\-Q\fP
.RS 4
This option is similar to the \fB\-q\fP option, except it only prints the offset
without making any corrections of the clock and disables server ports to allow
\fBchronyd\fP to be started without root privileges, assuming the configuration
does not have any directives which would require them (e.g. \fBrefclock\fP,
\fBhwtimestamp\fP, \fBrtcfile\fP, etc).
.RE
.sp
\fB\-r\fP
.RS 4
This option will try to reload and then delete files containing sample
histories for each of the servers and reference clocks being used. The
files are expected to be in the directory specified by the
\fBdumpdir\fP
directive in the configuration file. This option is useful if you want to stop
and restart \fBchronyd\fP briefly for any reason, e.g. to install a new version.
However, it should be used only on systems where the kernel can maintain clock
compensation whilst not under \fBchronyd\fP\*(Aqs control (i.e. Linux, FreeBSD, NetBSD,
illumos, and macOS 10.13 or later).
.RE
.sp
\fB\-R\fP
.RS 4
When this option is used, the \fBinitstepslew\fP
directive and the \fBmakestep\fP directive used with
a positive limit will be ignored. This option is useful when restarting
\fBchronyd\fP and can be used in conjunction with the \fB\-r\fP option.
.RE
.sp
\fB\-s\fP
.RS 4
This option will set the system clock from the computer\(cqs real\-time clock (RTC)
or to the last modification time of the file specified by the
\fBdriftfile\fP directive. Real\-time clocks are
supported only on Linux.
.sp
If used in conjunction with the \fB\-r\fP flag, \fBchronyd\fP will attempt to preserve
the old samples after setting the system clock from the RTC. This can be used
to allow \fBchronyd\fP to perform long term averaging of the gain or loss rate
across system reboots, and is useful for systems with intermittent access to
network that are shut down when not in use. For this to work well, it relies
on \fBchronyd\fP having been able to determine accurate statistics for the
difference between the RTC and system clock last time the computer was on.
.sp
If the last modification time of the drift file is later than both the current
time and the RTC time, the system time will be set to it to restore the time
when \fBchronyd\fP was previously stopped. This is useful on computers that have no
RTC or the RTC is broken (e.g. it has no battery).
.RE
.sp
\fB\-t\fP \fItimeout\fP
.RS 4
This option sets a timeout (in seconds) after which \fBchronyd\fP will exit. If the
clock is not synchronised, it will exit with a non\-zero status. This is useful
with the \fB\-q\fP or \fB\-Q\fP option to shorten the maximum time waiting for
measurements, or with the \fB\-r\fP option to limit the time when \fBchronyd\fP is
running, but still allow it to adjust the frequency of the system clock.
.RE
.sp
\fB\-u\fP \fIuser\fP
.RS 4
This option sets the name of the system user to which \fBchronyd\fP will switch
after start in order to drop root privileges. It overrides the
\fBuser\fP directive. The compiled\-in default value is
\fI@DEFAULT_USER@\fP.
.sp
On Linux, \fBchronyd\fP needs to be compiled with support for the \fBlibcap\fP library.
On macOS, FreeBSD, NetBSD, and illumos \fBchronyd\fP forks into two processes.
The child process retains root privileges, but can only perform a very limited
range of privileged system calls on behalf of the parent.
.RE
.sp
\fB\-U\fP
.RS 4
This option disables a check for root privileges to allow \fBchronyd\fP to be
started under a non\-root user, assuming the process will have all capabilities
(e.g. provided by the service manager) and access to all files, directories,
and devices, needed to operate correctly in the specified configuration. Note
that different capabilities might be needed with different configurations and
different Linux kernel versions. Starting \fBchronyd\fP under a non\-root user is
not recommended when the configuration is not known, or at least limited to
specific directives.
.RE
.sp
\fB\-F\fP \fIlevel\fP
.RS 4
This option configures system call filters loaded by \fBchronyd\fP processes if it
was compiled with support for the Linux secure computing (seccomp) facility.
Three levels are defined: 0, 1, 2. The filters are disabled at level 0. At
levels 1 and 2, \fBchronyd\fP will be killed if it makes a system call which is
blocked by the filters. The level can be specified as a negative number to
trigger the SIGSYS signal instead of SIGKILL, which can be useful for
debugging. The default value is 0.
.sp
At level 1, the filters allow only selected system calls that are normally
expected to be made by \fBchronyd\fP. Other system calls are blocked. This level is
recommended only if it is known to work on the version of the system where
\fBchrony\fP is installed. The filters need to allow also system calls made by
libraries that \fBchronyd\fP is using (e.g. libc), but different versions or
implementations of the libraries might make different system calls. If the
filters are missing a system call, \fBchronyd\fP could be killed even in normal
operation.
.sp
At level 2, the filters block only a small number of specific system calls
(e.g. fork and exec). This approach should avoid false positives, but the
protection of the system against a compromised \fBchronyd\fP process is much more
limited.
.sp
The filters cannot be enabled with the \fBmailonchange\fP directive.
.RE
.sp
\fB\-P\fP \fIpriority\fP
.RS 4
On Linux, FreeBSD, NetBSD, and illumos this option will select the SCHED_FIFO
real\-time scheduler at the specified priority (which must be between 0 and
100). On macOS, this option must have either a value of 0 to disable the thread
time constraint policy or 1 for the policy to be enabled. Other systems do not
support this option. The default value is 0.
.RE
.sp
\fB\-m\fP
.RS 4
This option will lock \fBchronyd\fP into RAM so that it will never be paged out.
This mode is only supported on Linux, FreeBSD, NetBSD, and illumos.
.RE
.sp
\fB\-x\fP
.RS 4
This option disables the control of the system clock. \fBchronyd\fP will not try to
make any adjustments of the clock. It will assume the clock is free running and
still track its offset and frequency relative to the estimated true time. This
option allows \fBchronyd\fP to be started without the capability to adjust or set
the system clock (e.g. in some containers) to operate as an NTP server.
.RE
.sp
\fB\-v\fP, \fB\-\-version\fP
.RS 4
With this option \fBchronyd\fP will print version number to the terminal and exit.
.RE
.sp
\fB\-h\fP, \fB\-\-help\fP
.RS 4
With this option \fBchronyd\fP will print a help message to the terminal and exit.
.RE
.SH "ENVIRONMENT VARIABLES"
.sp
\fBLISTEN_FDS\fP
.RS 4
On Linux systems, the systemd service manager may pass file descriptors for
pre\-initialised sockets to \fBchronyd\fP. The service manager allocates and binds
the file descriptors, and passes a copy to each spawned instance of the
service. This allows for zero\-downtime service restarts as the sockets buffer
client requests until the service is able to handle them. The service manager
sets the LISTEN_FDS environment variable to the number of passed file
descriptors.
.RE
.SH "FILES"
.sp
\fI@SYSCONFDIR@/chrony.conf\fP
.SH "SEE ALSO"
.sp
\fBchronyc(1)\fP, \fBchrony.conf(5)\fP
.SH "BUGS"
.sp
For instructions on how to report bugs, please visit
.URL "https://chrony\-project.org/" "" "."
.SH "AUTHORS"
.sp
chrony was written by Richard Curnow, Miroslav Lichvar, and others.