230e76b538
Subversion is being difficult here so take a hammer and get it in. MFC after: 2 weeks Security: CVE-2009-3563
497 lines
15 KiB
Plaintext
497 lines
15 KiB
Plaintext
@node ntpd Invocation
|
|
@section Invoking ntpd
|
|
@pindex ntpd
|
|
@cindex NTP daemon program
|
|
@ignore
|
|
#
|
|
# EDIT THIS FILE WITH CAUTION (ntpd-opts.texi)
|
|
#
|
|
# It has been AutoGen-ed Tuesday December 8, 2009 at 08:13:12 AM EST
|
|
# From the definitions ntpd-opts.def
|
|
# and the template file aginfo.tpl
|
|
@end ignore
|
|
This program has no explanation.
|
|
|
|
|
|
|
|
This section was generated by @strong{AutoGen},
|
|
the aginfo template and the option descriptions for the @command{ntpd} program. It documents the ntpd usage text and option meanings.
|
|
|
|
This software is released under a specialized copyright license.
|
|
|
|
@menu
|
|
* ntpd usage:: ntpd usage help (-?)
|
|
* ntpd authnoreq:: authnoreq option (-A)
|
|
* ntpd authreq:: authreq option (-a)
|
|
* ntpd bcastsync:: bcastsync option (-b)
|
|
* ntpd configfile:: configfile option (-c)
|
|
* ntpd debug-level:: debug-level option (-d)
|
|
* ntpd driftfile:: driftfile option (-f)
|
|
* ntpd dvar:: dvar option (-V)
|
|
* ntpd interface:: interface option (-I)
|
|
* ntpd ipv4:: ipv4 option (-4)
|
|
* ntpd ipv6:: ipv6 option (-6)
|
|
* ntpd jaildir:: jaildir option (-i)
|
|
* ntpd keyfile:: keyfile option (-k)
|
|
* ntpd logfile:: logfile option (-l)
|
|
* ntpd modifymmtimer:: modifymmtimer option (-M)
|
|
* ntpd nice:: nice option (-N)
|
|
* ntpd nofork:: nofork option (-n)
|
|
* ntpd novirtualips:: novirtualips option (-L)
|
|
* ntpd panicgate:: panicgate option (-g)
|
|
* ntpd pidfile:: pidfile option (-p)
|
|
* ntpd priority:: priority option (-P)
|
|
* ntpd propagationdelay:: propagationdelay option (-r)
|
|
* ntpd quit:: quit option (-q)
|
|
* ntpd set-debug-level:: set-debug-level option (-D)
|
|
* ntpd slew:: slew option (-x)
|
|
* ntpd statsdir:: statsdir option (-s)
|
|
* ntpd trustedkey:: trustedkey option (-t)
|
|
* ntpd updateinterval:: updateinterval option (-U)
|
|
* ntpd user:: user option (-u)
|
|
* ntpd var:: var option (-v)
|
|
@end menu
|
|
|
|
@node ntpd usage
|
|
@subsection ntpd usage help (-?)
|
|
@cindex ntpd usage
|
|
|
|
This is the automatically generated usage text for ntpd:
|
|
|
|
@exampleindent 0
|
|
@example
|
|
ntpd - NTP daemon program - Ver. 4.2.5p247-RC
|
|
USAGE: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
|
|
Flg Arg Option-Name Description
|
|
-4 no ipv4 Force IPv4 DNS name resolution
|
|
- prohibits these options:
|
|
ipv6
|
|
-6 no ipv6 Force IPv6 DNS name resolution
|
|
- prohibits these options:
|
|
ipv4
|
|
-a no authreq Require crypto authentication
|
|
- prohibits these options:
|
|
authnoreq
|
|
-A no authnoreq Do not require crypto authentication
|
|
- prohibits these options:
|
|
authreq
|
|
-b no bcastsync Allow us to sync to broadcast servers
|
|
-c Str configfile configuration file name
|
|
-d no debug-level Increase output debug message level
|
|
- may appear multiple times
|
|
-D Str set-debug-level Set the output debug message level
|
|
- may appear multiple times
|
|
-f Str driftfile frequency drift file name
|
|
-g no panicgate Allow the first adjustment to be Big
|
|
- may appear multiple times
|
|
-i --- jaildir built without --enable-clockctl or --enable-linuxcaps
|
|
-I Str interface Listen on an interface name or address
|
|
- may appear multiple times
|
|
-k Str keyfile path to symmetric keys
|
|
-l Str logfile path to the log file
|
|
-L no novirtualips Do not listen to virtual interfaces
|
|
-n no nofork Do not fork
|
|
-N no nice Run at high priority
|
|
-p Str pidfile path to the PID file
|
|
-P Num priority Process priority
|
|
-q no quit Set the time and quit
|
|
-r Str propagationdelay Broadcast/propagation delay
|
|
Str saveconfigquit Save parsed configuration and quit
|
|
-s Str statsdir Statistics file location
|
|
-t Str trustedkey Trusted key number
|
|
- may appear multiple times
|
|
-u --- user built without --enable-clockctl or --enable-linuxcaps
|
|
-U Num updateinterval interval in seconds between scans for new or dropped interfaces
|
|
Str var make ARG an ntp variable (RW)
|
|
- may appear multiple times
|
|
Str dvar make ARG an ntp variable (RW|DEF)
|
|
- may appear multiple times
|
|
-x no slew Slew up to 600 seconds
|
|
opt version Output version information and exit
|
|
-? no help Display extended usage information and exit
|
|
-! no more-help Extended usage information passed thru pager
|
|
|
|
Options are specified by doubled hyphens and their name
|
|
or by a single hyphen and the flag character.
|
|
|
|
The following option preset mechanisms are supported:
|
|
- examining environment variables named NTPD_*
|
|
|
|
|
|
|
|
please send bug reports to: http://bugs.ntp.org, bugs@@ntp.org
|
|
@end example
|
|
@exampleindent 4
|
|
|
|
@node ntpd ipv4
|
|
@subsection ipv4 option (-4)
|
|
@cindex ntpd-ipv4
|
|
|
|
This is the ``force ipv4 dns name resolution'' option.
|
|
|
|
This option has some usage constraints. It:
|
|
@itemize @bullet
|
|
@item
|
|
is a member of the ipv4 class of options.
|
|
@end itemize
|
|
|
|
Force DNS resolution of following host names on the command line
|
|
to the IPv4 namespace.
|
|
|
|
@node ntpd ipv6
|
|
@subsection ipv6 option (-6)
|
|
@cindex ntpd-ipv6
|
|
|
|
This is the ``force ipv6 dns name resolution'' option.
|
|
|
|
This option has some usage constraints. It:
|
|
@itemize @bullet
|
|
@item
|
|
is a member of the ipv4 class of options.
|
|
@end itemize
|
|
|
|
Force DNS resolution of following host names on the command line
|
|
to the IPv6 namespace.
|
|
|
|
@node ntpd authreq
|
|
@subsection authreq option (-a)
|
|
@cindex ntpd-authreq
|
|
|
|
This is the ``require crypto authentication'' option.
|
|
|
|
This option has some usage constraints. It:
|
|
@itemize @bullet
|
|
@item
|
|
must not appear in combination with any of the following options:
|
|
authnoreq.
|
|
@end itemize
|
|
|
|
Require cryptographic authentication for broadcast client,
|
|
multicast client and symmetric passive associations.
|
|
This is the default.
|
|
|
|
@node ntpd authnoreq
|
|
@subsection authnoreq option (-A)
|
|
@cindex ntpd-authnoreq
|
|
|
|
This is the ``do not require crypto authentication'' option.
|
|
|
|
This option has some usage constraints. It:
|
|
@itemize @bullet
|
|
@item
|
|
must not appear in combination with any of the following options:
|
|
authreq.
|
|
@end itemize
|
|
|
|
Do not require cryptographic authentication for broadcast client,
|
|
multicast client and symmetric passive associations.
|
|
This is almost never a good idea.
|
|
|
|
@node ntpd bcastsync
|
|
@subsection bcastsync option (-b)
|
|
@cindex ntpd-bcastsync
|
|
|
|
This is the ``allow us to sync to broadcast servers'' option.
|
|
|
|
|
|
@node ntpd configfile
|
|
@subsection configfile option (-c)
|
|
@cindex ntpd-configfile
|
|
|
|
This is the ``configuration file name'' option.
|
|
The name and path of the configuration file,
|
|
/etc/ntp.conf
|
|
by default.
|
|
|
|
@node ntpd debug-level
|
|
@subsection debug-level option (-d)
|
|
@cindex ntpd-debug-level
|
|
|
|
This is the ``increase output debug message level'' option.
|
|
|
|
This option has some usage constraints. It:
|
|
@itemize @bullet
|
|
@item
|
|
may appear an unlimited number of times.
|
|
@item
|
|
must be compiled in by defining @code{DEBUG} during the compilation.
|
|
@end itemize
|
|
|
|
Increase the debugging message output level.
|
|
|
|
@node ntpd set-debug-level
|
|
@subsection set-debug-level option (-D)
|
|
@cindex ntpd-set-debug-level
|
|
|
|
This is the ``set the output debug message level'' option.
|
|
|
|
This option has some usage constraints. It:
|
|
@itemize @bullet
|
|
@item
|
|
may appear an unlimited number of times.
|
|
@item
|
|
must be compiled in by defining @code{DEBUG} during the compilation.
|
|
@end itemize
|
|
|
|
Set the output debugging level. Can be supplied multiple times,
|
|
but each overrides the previous value(s).
|
|
|
|
@node ntpd driftfile
|
|
@subsection driftfile option (-f)
|
|
@cindex ntpd-driftfile
|
|
|
|
This is the ``frequency drift file name'' option.
|
|
The name and path of the frequency file,
|
|
/etc/ntp.drift
|
|
by default.
|
|
This is the same operation as the
|
|
driftfile driftfile
|
|
configuration specification in the
|
|
/etc/ntp.conf
|
|
file.
|
|
|
|
@node ntpd panicgate
|
|
@subsection panicgate option (-g)
|
|
@cindex ntpd-panicgate
|
|
|
|
This is the ``allow the first adjustment to be big'' option.
|
|
Normally,
|
|
ntpd
|
|
exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that,
|
|
ntpd
|
|
will exit with a message to the system log. This option can be used with the
|
|
-q
|
|
and
|
|
-x
|
|
options.
|
|
See the
|
|
tinker
|
|
configuration file directive for other options.
|
|
|
|
@node ntpd jaildir
|
|
@subsection jaildir option (-i)
|
|
@cindex ntpd-jaildir
|
|
|
|
This is the ``jail directory'' option.
|
|
Chroot the server to the directory
|
|
jaildir
|
|
.
|
|
This option also implies that the server attempts to drop root privileges at startup (otherwise, chroot gives very little additional security), and it is only available if the OS supports to run the server without full root privileges.
|
|
You may need to also specify a
|
|
-u
|
|
option.
|
|
|
|
@node ntpd interface
|
|
@subsection interface option (-I)
|
|
@cindex ntpd-interface
|
|
|
|
This is the ``listen on interface'' option.
|
|
|
|
This option has some usage constraints. It:
|
|
@itemize @bullet
|
|
@item
|
|
may appear an unlimited number of times.
|
|
@end itemize
|
|
|
|
|
|
|
|
@node ntpd keyfile
|
|
@subsection keyfile option (-k)
|
|
@cindex ntpd-keyfile
|
|
|
|
This is the ``path to symmetric keys'' option.
|
|
Specify the name and path of the symmetric key file.
|
|
/etc/ntp.keys
|
|
is the default.
|
|
This is the same operation as the
|
|
keys keyfile
|
|
configuration file directive.
|
|
|
|
@node ntpd logfile
|
|
@subsection logfile option (-l)
|
|
@cindex ntpd-logfile
|
|
|
|
This is the ``path to the log file'' option.
|
|
Specify the name and path of the log file.
|
|
The default is the system log file.
|
|
This is the same operation as the
|
|
logfile logfile
|
|
configuration file directive.
|
|
|
|
@node ntpd novirtualips
|
|
@subsection novirtualips option (-L)
|
|
@cindex ntpd-novirtualips
|
|
|
|
This is the ``do not listen to virtual ips'' option.
|
|
Do not listen to virtual IPs. The default is to listen.
|
|
|
|
@node ntpd modifymmtimer
|
|
@subsection modifymmtimer option (-M)
|
|
@cindex ntpd-modifymmtimer
|
|
|
|
This is the ``modify multimedia timer (windows only)'' option.
|
|
|
|
This option has some usage constraints. It:
|
|
@itemize @bullet
|
|
@item
|
|
must be compiled in by defining @code{SYS_WINNT} during the compilation.
|
|
@end itemize
|
|
|
|
Set the Windows Multimedia Timer to highest resolution.
|
|
|
|
@node ntpd nofork
|
|
@subsection nofork option (-n)
|
|
@cindex ntpd-nofork
|
|
|
|
This is the ``do not fork'' option.
|
|
|
|
|
|
@node ntpd nice
|
|
@subsection nice option (-N)
|
|
@cindex ntpd-nice
|
|
|
|
This is the ``run at high priority'' option.
|
|
To the extent permitted by the operating system, run
|
|
ntpd
|
|
at the highest priority.
|
|
|
|
@node ntpd pidfile
|
|
@subsection pidfile option (-p)
|
|
@cindex ntpd-pidfile
|
|
|
|
This is the ``path to the pid file'' option.
|
|
Specify the name and path of the file used to record
|
|
ntpd's
|
|
process ID.
|
|
This is the same operation as the
|
|
pidfile pidfile
|
|
configuration file directive.
|
|
|
|
@node ntpd priority
|
|
@subsection priority option (-P)
|
|
@cindex ntpd-priority
|
|
|
|
This is the ``process priority'' option.
|
|
To the extent permitted by the operating system, run
|
|
ntpd
|
|
at the specified
|
|
sched_setscheduler(SCHED_FIFO)
|
|
priority.
|
|
|
|
@node ntpd quit
|
|
@subsection quit option (-q)
|
|
@cindex ntpd-quit
|
|
|
|
This is the ``set the time and quit'' option.
|
|
ntpd
|
|
will exit just after the first time the clock is set. This behavior mimics that of the
|
|
ntpdate
|
|
program, which is to be retired.
|
|
The
|
|
-g
|
|
and
|
|
-x
|
|
options can be used with this option.
|
|
Note: The kernel time discipline is disabled with this option.
|
|
|
|
@node ntpd propagationdelay
|
|
@subsection propagationdelay option (-r)
|
|
@cindex ntpd-propagationdelay
|
|
|
|
This is the ``broadcast/propagation delay'' option.
|
|
Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.
|
|
|
|
@node ntpd updateinterval
|
|
@subsection updateinterval option (-U)
|
|
@cindex ntpd-updateinterval
|
|
|
|
This is the ``interval in seconds between scans for new or dropped interfaces'' option.
|
|
Give the time in seconds between two scans for new or dropped interfaces.
|
|
For systems with routing socket support the scans will be performed shortly after the interface change
|
|
has been detected by the system.
|
|
Use 0 to disable scanning.
|
|
|
|
@node ntpd statsdir
|
|
@subsection statsdir option (-s)
|
|
@cindex ntpd-statsdir
|
|
|
|
This is the ``statistics file location'' option.
|
|
Specify the directory path for files created by the statistics facility.
|
|
This is the same operation as the
|
|
statsdir statsdir
|
|
configuration file directive.
|
|
|
|
@node ntpd trustedkey
|
|
@subsection trustedkey option (-t)
|
|
@cindex ntpd-trustedkey
|
|
|
|
This is the ``trusted key number'' option.
|
|
|
|
This option has some usage constraints. It:
|
|
@itemize @bullet
|
|
@item
|
|
may appear an unlimited number of times.
|
|
@end itemize
|
|
|
|
Add a key number to the trusted key list.
|
|
|
|
@node ntpd user
|
|
@subsection user option (-u)
|
|
@cindex ntpd-user
|
|
|
|
This is the ``run as userid (or userid:groupid)'' option.
|
|
Specify a user, and optionally a group, to switch to.
|
|
This option is only available if the OS supports to run the server without full root privileges.
|
|
Currently, this option is supported under NetBSD (configure with
|
|
--enable-clockctl
|
|
) and Linux (configure with
|
|
--enable-linuxcaps
|
|
).
|
|
|
|
@node ntpd var
|
|
@subsection var option (-v)
|
|
@cindex ntpd-var
|
|
|
|
This is the ``make arg an ntp variable (rw)'' option.
|
|
|
|
This option has some usage constraints. It:
|
|
@itemize @bullet
|
|
@item
|
|
may appear an unlimited number of times.
|
|
@end itemize
|
|
|
|
|
|
|
|
@node ntpd dvar
|
|
@subsection dvar option (-V)
|
|
@cindex ntpd-dvar
|
|
|
|
This is the ``make arg an ntp variable (rw|def)'' option.
|
|
|
|
This option has some usage constraints. It:
|
|
@itemize @bullet
|
|
@item
|
|
may appear an unlimited number of times.
|
|
@end itemize
|
|
|
|
|
|
|
|
@node ntpd slew
|
|
@subsection slew option (-x)
|
|
@cindex ntpd-slew
|
|
|
|
This is the ``slew up to 600 seconds'' option.
|
|
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold.
|
|
This option sets the threshold to 600 s, which is well within the accuracy window to set the clock manually.
|
|
Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s.
|
|
Thus, an adjustment as much as 600 s will take almost 14 days to complete.
|
|
This option can be used with the
|
|
-g
|
|
and
|
|
-q
|
|
options.
|
|
See the
|
|
tinker
|
|
configuration file directive for other options.
|
|
Note: The kernel time discipline is disabled with this option.
|