|
NAMEchronyd - chrony daemonSYNOPSISchronyd [OPTION]... [DIRECTIVE]...DESCRIPTIONchronyd is a daemon for synchronisation of the system clock. It can synchronise the clock with NTP servers, reference clocks (e.g. a GPS receiver), and manual input using wristwatch and keyboard via chronyc. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.If no configuration directives are specified on the command line, chronyd will read them from a configuration file. The compiled-in default location of the file is /usr/local/etc/chrony.conf. Informational messages, warnings, and errors will be logged to syslog. OPTIONS-4With this option hostnames will be resolved only to IPv4
addresses and only IPv4 sockets will be created.
-6 With this option hostnames will be resolved only to IPv6
addresses and only IPv6 sockets will be created.
-f file This option can be used to specify an alternate location
for the configuration file. The compiled-in default value is
/usr/local/etc/chrony.conf.
-n When run in this mode, the program will not detach itself
from the terminal.
-d When run in this mode, the program will not detach itself
from the terminal, and all messages will be written to the terminal instead of
syslog. If chronyd was compiled with enabled support for debugging,
this option can be used twice to enable debug messages.
-l file This option enables writing of log messages to a file
instead of syslog or the terminal.
-L level This option specifies the minimum severity level of
messages to be written to the log file, syslog, or terminal. The following
levels can be specified: 0 (informational), 1 (warning), 2 (non-fatal error),
and 3 (fatal error). The default value is 0.
-p When run in this mode, chronyd will print the
configuration and exit. It will not detach from the terminal. This option can
be used to verify the syntax of the configuration and get the whole
configuration, even if it is split into multiple files and read by the
include or confdir directive.
-q When run in this mode, chronyd will set the system
clock once and exit. It will not detach from the terminal.
-Q This option is similar to the -q option, except it
only prints the offset without making any corrections of the clock and it
allows chronyd to be started without root privileges.
-r This option will try to reload and then delete files
containing sample histories for each of the servers and reference clocks being
used. The files are expected to be in the directory specified by the
dumpdir directive in the configuration file. This option is useful if
you want to stop and restart chronyd briefly for any reason, e.g. to
install a new version. However, it should be used only on systems where the
kernel can maintain clock compensation whilst not under chronyd's
control (i.e. Linux, FreeBSD, NetBSD, illumos, and macOS 10.13 or
later).
-R When this option is used, the initstepslew
directive and the makestep directive used with a positive limit will be
ignored. This option is useful when restarting chronyd and can be used
in conjunction with the -r option.
-s This option will set the system clock from the
computer’s real-time clock (RTC) or to the last modification time of
the file specified by the driftfile directive. Real-time clocks are
supported only on Linux.
If used in conjunction with the -r flag, chronyd will attempt to preserve the old samples after setting the system clock from the RTC. This can be used to allow chronyd to perform long term averaging of the gain or loss rate across system reboots, and is useful for systems with intermittent access to network that are shut down when not in use. For this to work well, it relies on chronyd having been able to determine accurate statistics for the difference between the RTC and system clock last time the computer was on. If the last modification time of the drift file is later than both the current time and the RTC time, the system time will be set to it to restore the time when chronyd was previously stopped. This is useful on computers that have no RTC or the RTC is broken (e.g. it has no battery). -t timeout This option sets a timeout (in seconds) after which
chronyd will exit. If the clock is not synchronised, it will exit with
a non-zero status. This is useful with the -q or -Q option to
shorten the maximum time waiting for measurements, or with the -r
option to limit the time when chronyd is running, but still allow it to
adjust the frequency of the system clock.
-u user This option sets the name of the system user to which
chronyd will switch after start in order to drop root privileges. It
overrides the user directive. The compiled-in default value is
chronyd.
On Linux, chronyd needs to be compiled with support for the libcap library. On macOS, FreeBSD, NetBSD, and illumos chronyd forks into two processes. The child process retains root privileges, but can only perform a very limited range of privileged system calls on behalf of the parent. -U This option disables a check for root privileges to allow
chronyd to be started under a non-root user, assuming the process will
have all capabilities (e.g. provided by the service manager) and access to all
files, directories, and devices, needed to operate correctly in the specified
configuration. Note that different capabilities might be needed with different
configurations and different Linux kernel versions. Starting chronyd
under a non-root user is not recommended when the configuration is not known,
or at least limited to specific directives.
-F level This option configures system call filters loaded by
chronyd processes if it was compiled with support for the Linux secure
computing (seccomp) facility. Three levels are defined: 0, 1, 2. The filters
are disabled at level 0. At levels 1 and 2, chronyd will be killed if
it makes a system call which is blocked by the filters. The level can be
specified as a negative number to trigger the SIGSYS signal instead of
SIGKILL, which can be useful for debugging. The default value is 0.
At level 1, the filters allow only selected system calls that are normally expected to be made by chronyd. Other system calls are blocked. This level is recommended only if it is known to work on the version of the system where chrony is installed. The filters need to allow also system calls made by libraries that chronyd is using (e.g. libc), but different versions or implementations of the libraries might make different system calls. If the filters are missing a system call, chronyd could be killed even in normal operation. At level 2, the filters block only a small number of specific system calls (e.g. fork and exec). This approach should avoid false positives, but the protection of the system against a compromised chronyd process is much more limited. The filters cannot be enabled with the mailonchange directive. -P priority On Linux, FreeBSD, NetBSD, and illumos this option will
select the SCHED_FIFO real-time scheduler at the specified priority (which
must be between 0 and 100). On macOS, this option must have either a value of
0 to disable the thread time constraint policy or 1 for the policy to be
enabled. Other systems do not support this option. The default value is
0.
-m This option will lock chronyd into RAM so that it
will never be paged out. This mode is only supported on Linux, FreeBSD,
NetBSD, and illumos.
-x This option disables the control of the system clock.
chronyd will not try to make any adjustments of the clock. It will
assume the clock is free running and still track its offset and frequency
relative to the estimated true time. This option allows chronyd to be
started without the capability to adjust or set the system clock (e.g. in some
containers) to operate as an NTP server.
-v, --version With this option chronyd will print version number
to the terminal and exit.
-h, --help With this option chronyd will print a help message
to the terminal and exit.
FILES/usr/local/etc/chrony.confSEE ALSOchronyc(1), chrony.conf(5)BUGSFor instructions on how to report bugs, please visit <https://chrony.tuxfamily.org/>.AUTHORSchrony was written by Richard Curnow, Miroslav Lichvar, and others.
Visit the GSP FreeBSD Man Page Interface. |