chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronise the system clock with NTP servers. Chrony is an accurate network time daemon and an alternate implementation of the Network Time Protocol (NTP) compared to ntp.org's NTPd.
Chrony has quite a few advantages over the other NTP implementations, check the chrony ntp comparison page for more details.
FreeBSD 12 supports Chrony v3.5 which allows privilege separation. The installer will create the user chronyd. So the Chrony daemon will running as the the unprivileged user chronyd
We will install Chrony from the FreeBSD package system and configure the daemon to run as the unprivileged user, "chronyd" which is a user available on the default FreeBSD 12 install.
pkg install chrony
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 4 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
chrony: 3.5
gmp: 6.2.0
libedit: 3.1.20191211,1
nettle: 3.5.1_1
Number of packages to be installed: 4
The process will require 8 MiB more space.
2 MiB to be downloaded.
Proceed with this action? [y/N]: y
[1/4] Fetching chrony-3.5.txz: 100% 192 KiB 197.0kB/s 00:01
[2/4] Fetching nettle-3.5.1_1.txz: 100% 1 MiB 22.1kB/s 00:55
[3/4] Fetching gmp-6.2.0.txz: 100% 478 KiB 244.8kB/s 00:02
[4/4] Fetching libedit-3.1.20191211,1.txz: 100% 135 KiB 138.4kB/s 00:01
Checking integrity... done (0 conflicting)
[1/4] Installing gmp-6.2.0...
[1/4] Extracting gmp-6.2.0: 100%
[2/4] Installing nettle-3.5.1_1...
[2/4] Extracting nettle-3.5.1_1: 100%
[3/4] Installing libedit-3.1.20191211,1...
[3/4] Extracting libedit-3.1.20191211,1: 100%
[4/4] Installing chrony-3.5...
===> Creating groups.
Creating group 'chronyd' with gid '849'.
===> Creating users
Creating user 'chronyd' with uid '849'.
[4/4] Extracting chrony-3.5: 100%
In order to start chrony at boot time, we have enable it at rc.conf, as follow
echo "chronyd_enable="YES"" >> /etc/rc.conf
All the chrony configuration are in chrony.conf Add your NTP server to /usr/local/etc/chrony.conf, for example:
pool time.facebook.com iburst
pool time.google.com iburst
pool time.apple.com iburst
Then start chronyd
service start chronyd
chronyc sources -v
210 Number of sources = 14
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* time5.facebook.com 1 6 17 42 -1397us[-1392us] +/- 9630us
^? time3.facebook.com 0 6 0 - +0ns[ +0ns] +/- 0ns
^- time3.google.com 1 6 17 53 -2320us[-2317us] +/- 74ms
^+ time1.google.com 1 6 17 53 -1140us[-1136us] +/- 9764us
^- time2.google.com 1 6 17 51 -2877us[-2877us] +/- 76ms
^- time4.google.com 1 6 17 51 -4485us[-4485us] +/- 76ms
^- usqas2-ntp-001.aaplimg.c> 1 6 17 53 -9314us[-9310us] +/- 90ms
^- usatl4-ntp-001.aaplimg.c> 1 6 17 53 +8287us[+8292us] +/- 100ms
^- brsao4-ntp-002.aaplimg.c> 1 6 17 52 -3484us[-3484us] +/- 39ms
^- usatl4-ntp-002.aaplimg.c> 1 6 17 53 +6578us[+6583us] +/- 101ms
^- 200-89-75-197-LIBRE.uchi> 2 6 17 55 -374us[ -371us] +/- 49ms
^- time.cloudflare.com 3 6 17 55 -6475us[-6471us] +/- 73ms
^- time.cloudflare.com 3 6 17 57 -3616us[-3612us] +/- 73ms
^- 200-89-75-198-LIBRE.uchi> 2 6 17 56 -4816us[-4812us] +/- 66ms
Can you provide info on disabling ntpd as part of this? It's not a good idea to run both...