oracular (8) chronyd.8.gz

Provided by: chrony_4.5-3ubuntu3_amd64 bug

NAME

       chronyd - chrony daemon

SYNOPSIS

       chronyd [OPTION]... [DIRECTIVE]...

DESCRIPTION

       chronyd is a daemon for synchronisation of the system clock. It can synchronise the clock
       with NTP servers, reference clocks (e.g. a GPS receiver), and manual input using
       wristwatch and keyboard via chronyc. It can also operate as an NTPv4 (RFC 5905) server and
       peer to provide a time service to other computers in the network.

       If no configuration directives are specified on the command line, chronyd will read them
       from a configuration file. The compiled-in default location of the file is
       /etc/chrony/chrony.conf.

       Informational messages, warnings, and errors will be logged to syslog.

OPTIONS

       -4
           With this option hostnames will be resolved only to IPv4 addresses and only IPv4
           sockets will be created.

       -6
           With this option hostnames will be resolved only to IPv6 addresses and only IPv6
           sockets will be created.

       -f file
           This option can be used to specify an alternate location for the configuration file.
           The compiled-in default value is /etc/chrony/chrony.conf.

       -n
           When run in this mode, the program will not detach itself from the terminal.

       -d
           When run in this mode, the program will not detach itself from the terminal, and all
           messages will be written to the terminal instead of syslog. If chronyd was compiled
           with enabled support for debugging, this option can be used twice to enable debug
           messages.

       -l file
           This option enables writing of log messages to a file instead of syslog or the
           terminal.

       -L level
           This option specifies the minimum severity level of messages to be written to the log
           file, syslog, or terminal. The following levels can be specified: -1 (debug, if
           compiled with enabled support for debugging), 0 (informational), 1 (warning), 2
           (non-fatal error), and 3 (fatal error). The default value is 0.

       -p
           When run in this mode, chronyd will print the configuration and exit. It will not
           detach from the terminal. This option can be used to verify the syntax of the
           configuration and get the whole configuration, even if it is split into multiple files
           and read by the include or confdir directive.

       -q
           When run in this mode, chronyd will set the system clock once and exit. It will not
           detach from the terminal.

       -Q
           This option is similar to the -q option, except it only prints the offset without
           making any corrections of the clock and disables server ports to allow chronyd to be
           started without root privileges, assuming the configuration does not have any
           directives which would require them (e.g. refclock, hwtimestamp, rtcfile, etc).

       -r
           This option will try to reload and then delete files containing sample histories for
           each of the servers and reference clocks being used. The files are expected to be in
           the directory specified by the dumpdir directive in the configuration file. This
           option is useful if you want to stop and restart chronyd briefly for any reason, e.g.
           to install a new version. However, it should be used only on systems where the kernel
           can maintain clock compensation whilst not under chronyd's control (i.e. Linux,
           FreeBSD, NetBSD, illumos, and macOS 10.13 or later).

       -R
           When this option is used, the initstepslew directive and the makestep directive used
           with a positive limit will be ignored. This option is useful when restarting chronyd
           and can be used in conjunction with the -r option.

       -s
           This option will set the system clock from the computer’s real-time clock (RTC) or to
           the last modification time of the file specified by the driftfile directive. Real-time
           clocks are supported only on Linux.

           If used in conjunction with the -r flag, chronyd will attempt to preserve the old
           samples after setting the system clock from the RTC. This can be used to allow chronyd
           to perform long term averaging of the gain or loss rate across system reboots, and is
           useful for systems with intermittent access to network that are shut down when not in
           use. For this to work well, it relies on chronyd having been able to determine
           accurate statistics for the difference between the RTC and system clock last time the
           computer was on.

           If the last modification time of the drift file is later than both the current time
           and the RTC time, the system time will be set to it to restore the time when chronyd
           was previously stopped. This is useful on computers that have no RTC or the RTC is
           broken (e.g. it has no battery).

       -t timeout
           This option sets a timeout (in seconds) after which chronyd will exit. If the clock is
           not synchronised, it will exit with a non-zero status. This is useful with the -q or
           -Q option to shorten the maximum time waiting for measurements, or with the -r option
           to limit the time when chronyd is running, but still allow it to adjust the frequency
           of the system clock.

       -u user
           This option sets the name of the system user to which chronyd will switch after start
           in order to drop root privileges. It overrides the user directive. The compiled-in
           default value is _chrony.

           On Linux, chronyd needs to be compiled with support for the libcap library. On macOS,
           FreeBSD, NetBSD, and illumos chronyd forks into two processes. The child process
           retains root privileges, but can only perform a very limited range of privileged
           system calls on behalf of the parent.

       -U
           This option disables a check for root privileges to allow chronyd to be started under
           a non-root user, assuming the process will have all capabilities (e.g. provided by the
           service manager) and access to all files, directories, and devices, needed to operate
           correctly in the specified configuration. Note that different capabilities might be
           needed with different configurations and different Linux kernel versions. Starting
           chronyd under a non-root user is not recommended when the configuration is not known,
           or at least limited to specific directives.

       -F level
           This option configures system call filters loaded by chronyd processes if it was
           compiled with support for the Linux secure computing (seccomp) facility. Three levels
           are defined: 0, 1, 2. The filters are disabled at level 0. At levels 1 and 2, chronyd
           will be killed if it makes a system call which is blocked by the filters. The level
           can be specified as a negative number to trigger the SIGSYS signal instead of SIGKILL,
           which can be useful for debugging. The default value is 0.

           At level 1, the filters allow only selected system calls that are normally expected to
           be made by chronyd. Other system calls are blocked. This level is recommended only if
           it is known to work on the version of the system where chrony is installed. The
           filters need to allow also system calls made by libraries that chronyd is using (e.g.
           libc), but different versions or implementations of the libraries might make different
           system calls. If the filters are missing a system call, chronyd could be killed even
           in normal operation.

           At level 2, the filters block only a small number of specific system calls (e.g. fork
           and exec). This approach should avoid false positives, but the protection of the
           system against a compromised chronyd process is much more limited.

           The filters cannot be enabled with the mailonchange directive.

       -P priority
           On Linux, FreeBSD, NetBSD, and illumos this option will select the SCHED_FIFO
           real-time scheduler at the specified priority (which must be between 0 and 100). On
           macOS, this option must have either a value of 0 to disable the thread time constraint
           policy or 1 for the policy to be enabled. Other systems do not support this option.
           The default value is 0.

       -m
           This option will lock chronyd into RAM so that it will never be paged out. This mode
           is only supported on Linux, FreeBSD, NetBSD, and illumos.

       -x
           This option disables the control of the system clock. chronyd will not try to make any
           adjustments of the clock. It will assume the clock is free running and still track its
           offset and frequency relative to the estimated true time. This option allows chronyd
           to be started without the capability to adjust or set the system clock (e.g. in some
           containers) to operate as an NTP server.

       -v, --version
           With this option chronyd will print version number to the terminal and exit.

       -h, --help
           With this option chronyd will print a help message to the terminal and exit.

ENVIRONMENT VARIABLES

       LISTEN_FDS
           On Linux systems, the systemd service manager may pass file descriptors for
           pre-initialised sockets to chronyd. The service manager allocates and binds the file
           descriptors, and passes a copy to each spawned instance of the service. This allows
           for zero-downtime service restarts as the sockets buffer client requests until the
           service is able to handle them. The service manager sets the LISTEN_FDS environment
           variable to the number of passed file descriptors.

FILES

       /etc/chrony/chrony.conf

SEE ALSO

       chronyc(1), chrony.conf(5)

BUGS

       For instructions on how to report bugs, please visit https://chrony-project.org/.

AUTHORS

       chrony was written by Richard Curnow, Miroslav Lichvar, and others.