The ntpd
program is an operating system daemon that synchronizes the
system clock to remote NTP time servers or local reference clocks.
It is a complete implementation of NTP version 4 defined by RFC-5905, but
also retains compatible with version 3 defined by RFC-1305 and versions
1 and 2, defined by RFC-1059 and RFC-1119, respectively.
The program can operate in any of several modes, including client/server,
symmetric and broadcast modes, and with both symmetric-key and public-key
cryptography.
This document applies to version 4.2.8p1 of ntpd
.
The ntpd
program ordinarily requires
a configuration file described at ntp.conf.
This configuration file contains configuration commands described on
the pages listed above.
However a client can discover remote servers and configure them
automatically.
This makes it possible to deploy a fleet of workstations without
specifying configuration details specific to the local environment.
The ntpd
program normally operates continuously while adjusting the
system time and frequency, but in some cases this might not be
practical.
With the -q
option ntpd
operates as in continuous mode, but
exits just after setting the clock for the first time.
Most applications will probably want to specify the iburst
option with the server
command.
With this option an initial volley of messages is exchanged to
groom the data and set the clock in about ten seconds' time.
If nothing is heard after a few minutes' time,
the daemon times out and exits without setting the clock.
The
ntpd
utility is an operating system daemon which sets
and maintains the system time of day in synchronism with Internet
standard time servers.
It is a complete implementation of the
Network Time Protocol (NTP) version 4, as defined by RFC-5905,
but also retains compatibility with
version 3, as defined by RFC-1305, and versions 1
and 2, as defined by RFC-1059 and RFC-1119, respectively.
The
ntpd
utility does most computations in 64-bit floating point
arithmetic and does relatively clumsy 64-bit fixed point operations
only when necessary to preserve the ultimate precision, about 232
picoseconds.
While the ultimate precision is not achievable with
ordinary workstations and networks of today, it may be required
with future gigahertz CPU clocks and gigabit LANs.
Ordinarily,
ntpd
reads the
ntp.conf(5)
configuration file at startup time in order to determine the
synchronization sources and operating modes.
It is also possible to
specify a working, although limited, configuration entirely on the
command line, obviating the need for a configuration file.
This may
be particularly useful when the local host is to be configured as a
broadcast/multicast client, with all peers being determined by
listening to broadcasts at run time.
If NetInfo support is built into
ntpd
then
ntpd
will attempt to read its configuration from the
NetInfo if the default
ntp.conf(5)
file cannot be read and no file is
specified by the
-c
option.
Various internal
ntpd
variables can be displayed and
configuration options altered while the
ntpd
is running
using the
ntpq(1ntpqmdoc)
and
ntpdc(1ntpdcmdoc)
utility programs.
When
ntpd
starts it looks at the value of
umask(2)
,
and if zero
ntpd
will set the
umask(2)
to 022.
This section was generated by AutoGen,
using the agtexi-cmd
template and the option descriptions for the ntpd
program.
This software is released under the NTP license, <http://ntp.org/license>.
This is the automatically generated usage text for ntpd.
The text printed is the same whether selected with the help
option
(--help) or the more-help
option (--more-help). more-help
will print
the usage text by passing it through a pager program.
more-help
is disabled on platforms without a working
fork(2)
function. The PAGER
environment variable is
used to select the program, defaulting to more. Both will exit
with a status code of 0.
ntpd - NTP daemon program - Ver. 4.2.8p1-RC2 Usage: ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \ [ <server1> ... <serverN> ] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 DNS name resolution - prohibits the option 'ipv6' -6 no ipv6 Force IPv6 DNS name resolution - prohibits the option 'ipv4' -a no authreq Require crypto authentication - prohibits the option 'authnoreq' -A no authnoreq Do not require crypto authentication - prohibits the option 'authreq' -b no bcastsync Allow us to sync to broadcast servers -c Str configfile configuration file name -d no debug-level Increase debug verbosity level - may appear multiple times -D Num set-debug-level Set the debug verbosity level - may appear multiple times -f Str driftfile frequency drift file name -g no panicgate Allow the first adjustment to be Big - may appear multiple times -i Str jaildir Jail directory -I Str interface Listen on an interface name or address - may appear multiple times -k Str keyfile path to symmetric keys -l Str logfile path to the log file -L no novirtualips Do not listen to virtual interfaces -n no nofork Do not fork - prohibits the option 'wait-sync' -N no nice Run at high priority -p Str pidfile path to the PID file -P Num priority Process priority -q no quit Set the time and quit - prohibits these options: saveconfigquit wait-sync -r Str propagationdelay Broadcast/propagation delay Str saveconfigquit Save parsed configuration and quit - prohibits these options: quit wait-sync -s Str statsdir Statistics file location -t Str trustedkey Trusted key number - may appear multiple times -u Str user Run as userid (or userid:groupid) -U Num updateinterval interval in seconds between scans for new or dropped interfaces Str var make ARG an ntp variable (RW) - may appear multiple times Str dvar make ARG an ntp variable (RW|DEF) - may appear multiple times -w Num wait-sync Seconds to wait for first clock sync - prohibits these options: nofork quit saveconfigquit -x no slew Slew up to 600 seconds opt version output version information and exit -? no help display extended usage information and exit -! no more-help extended usage information passed thru pager Options are specified by doubled hyphens and their name or by a single hyphen and the flag character. The following option preset mechanisms are supported: - examining environment variables named NTPD_* Please send bug reports to: <http://bugs.ntp.org, bugs@ntp.org>
This is the “force ipv4 dns name resolution” option.
This option has some usage constraints. It:
Force DNS resolution of following host names on the command line to the IPv4 namespace.
This is the “force ipv6 dns name resolution” option.
This option has some usage constraints. It:
Force DNS resolution of following host names on the command line to the IPv6 namespace.
This is the “require crypto authentication” option.
This option has some usage constraints. It:
Require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the default.
This is the “do not require crypto authentication” option.
This option has some usage constraints. It:
Do not require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is almost never a good idea.
This is the “configuration file name” option. This option takes a string argument. The name and path of the configuration file, /etc/ntp.conf by default.
This is the “frequency drift file name” option.
This option takes a string argument.
The name and path of the frequency file,
/etc/ntp.drift
by default.
This is the same operation as the
driftfile
driftfile
configuration specification in the
/etc/ntp.conf
file.
This is the “allow the first adjustment to be big” option.
This option has some usage constraints. It:
Normally,
ntpd
exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that,
ntpd
will exit with a message to the system log. This option can be used with the
-q
and
-x
options.
See the
tinker
configuration file directive for other options.
This is the “jail directory” option. This option takes a string argument.
This option has some usage constraints. It:
HAVE_DROPROOT
during the compilation.
Chroot the server to the directory
jaildir
.
This option also implies that the server attempts to drop root privileges at startup.
You may need to also specify a
-u
option.
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
--enable-clockctl
) or Linux (configure with
--enable-linuxcaps
) or Solaris (configure with --enable-solarisprivs
).
This is the “listen on an interface name or address” option. This option takes a string argument iface.
This option has some usage constraints. It:
Open the network address given, or all the addresses associated with the
given interface name. This option may appear multiple times. This option
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
interface
command, which is more versatile.
This is the “path to symmetric keys” option.
This option takes a string argument.
Specify the name and path of the symmetric key file.
/etc/ntp.keys
is the default.
This is the same operation as the
keys
keyfile
configuration file directive.
This is the “path to the log file” option.
This option takes a string argument.
Specify the name and path of the log file.
The default is the system log file.
This is the same operation as the
logfile
logfile
configuration file directive.
This is the “do not listen to virtual interfaces” option.
Do not listen to virtual interfaces, defined as those with
names containing a colon. This option is deprecated. Please
consider using the configuration file interface
command, which
is more versatile.
This is the “modify multimedia timer (windows only)” option.
This option has some usage constraints. It:
SYS_WINNT
during the compilation.
Set the Windows Multimedia Timer to highest resolution. This ensures the resolution does not change while ntpd is running, avoiding timekeeping glitches associated with changes.
This is the “run at high priority” option.
To the extent permitted by the operating system, run
ntpd
at the highest priority.
This is the “path to the pid file” option.
This option takes a string argument.
Specify the name and path of the file used to record
ntpd
's
process ID.
This is the same operation as the
pidfile
pidfile
configuration file directive.
This is the “process priority” option.
This option takes a number argument.
To the extent permitted by the operating system, run
ntpd
at the specified
sched_setscheduler(SCHED_FIFO)
priority.
This is the “set the time and quit” option.
This option has some usage constraints. It:
ntpd
will not daemonize and will exit after the clock is first
synchronized. This behavior mimics that of the
ntpdate
program, which will soon be replaced with a shell script.
The
-g
and
-x
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
This is the “broadcast/propagation delay” option. This option takes a string argument. Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.
This is the “save parsed configuration and quit” option. This option takes a string argument.
This option has some usage constraints. It:
SAVECONFIG
during the compilation.
Cause ntpd
to parse its startup configuration file and save an
equivalent to the given filename and exit. This option was
designed for automated testing.
This is the “statistics file location” option.
This option takes a string argument.
Specify the directory path for files created by the statistics facility.
This is the same operation as the
statsdir
statsdir
configuration file directive.
This is the “trusted key number” option. This option takes a string argument tkey.
This option has some usage constraints. It:
Add the specified key number to the trusted key list.
This is the “run as userid (or userid:groupid)” option. This option takes a string argument.
This option has some usage constraints. It:
HAVE_DROPROOT
during the compilation.
Specify a user, and optionally a group, to switch to.
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
--enable-clockctl
) or Linux (configure with
--enable-linuxcaps
) or Solaris (configure with --enable-solarisprivs
).
This is the “interval in seconds between scans for new or dropped interfaces” option. This option takes a number argument. Give the time in seconds between two scans for new or dropped interfaces. For systems with routing socket support the scans will be performed shortly after the interface change has been detected by the system. Use 0 to disable scanning. 60 seconds is the minimum time between scans.
This is the “seconds to wait for first clock sync” option. This option takes a number argument.
This option has some usage constraints. It:
HAVE_WORKING_FORK
during the compilation.
If greater than zero, alters ntpd
's behavior when forking to
daemonize. Instead of exiting with status 0 immediately after
the fork, the parent waits up to the specified number of
seconds for the child to first synchronize the clock. The exit
status is zero (success) if the clock was synchronized,
otherwise it is ETIMEDOUT
.
This provides the option for a script starting ntpd
to easily
wait for the first set of the clock before proceeding.
This is the “slew up to 600 seconds” option.
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold.
This option sets the threshold to 600 s, which is well within the accuracy window to set the clock manually.
Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s.
Thus, an adjustment as much as 600 s will take almost 14 days to complete.
This option can be used with the
-g
and
-q
options.
See the
tinker
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
This is the “use cpu cycle counter (windows only)” option.
This option has some usage constraints. It:
SYS_WINNT
during the compilation.
Attempt to substitute the CPU counter for QueryPerformanceCounter
.
The CPU counter and QueryPerformanceCounter
are compared, and if
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
This is the “force cpu cycle counter use (windows only)” option. This option takes a string argument.
This option has some usage constraints. It:
SYS_WINNT
during the compilation.
Force substitution the CPU counter for QueryPerformanceCounter
.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
This is the “register with mdns as a ntp server” option.
This option has some usage constraints. It:
HAVE_DNSREGISTRATION
during the compilation.
Registers as an NTP server with the local mDNS server which allows the server to be discovered via mDNS client lookup.
Any option that is not marked as not presettable may be preset by
loading values from environment variables named NTPD
and NTPD_<OPTION_NAME>
. <OPTION_NAME>
must be one of
the options listed above in upper case and segmented with underscores.
The NTPD
variable will be tokenized and parsed like
the command line. The remaining variables are tested for existence and their
values are treated like option arguments.
The command line options relating to configuration and/or usage help are:
Print the program version to standard out, optionally with licensing information, then exit 0. The optional argument specifies how much licensing detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the first letter of the argument is examined:
One of the following exit values will be returned: