[ntp:questions] ntpd, boot time, and hot plugging

Alain alainm at pobox.com
Wed Feb 9 16:05:37 UTC 2005

Hi Brad,

after your last message (kept bellow) about what to do if there is a big 
problem, I just ackowledged that you are right and went home. But 
sleeping over it I am in doubt. The manual says:

-g   Normally, ntpd exits if the offset exceeds the sanity limit,
      which is 1000 s by default.  If the sanity limit is set to zero,
      no sanity checking is performed and any offset is acceptable.
      This option overrides the limit and allows the time to be set to
      any value without restriction; however, this can happen only
      once.  After that, ntpd will exit if the limit is exceeded.  This
      option can be used with the -q option.

The text is hard to decode for me. Does this mean that with with -g 
whatever the initial machine time, and even it it takes 45 seconds but 
at some time the clock *will* be stepped *without* exiting ntpd (once)?

Putting it in another way: If I configure a workstation with
- ntpd -g
- delete dift file only it it is +-500
- no ntpdate
then the clock will be right even if the clock battery is flat and then 
ntpd will go on keeping the clock in synch?

Even if some messages with the wrong time manage to get to the log 
before the clock is corrected, this can be acceptable for a workstation. 
I will just have to figure out how to issue a warning message.

What happen if I set the sanity limit to 0?


Brad Knowles escreveu:
> At 9:43 PM -0200 2005-02-06, Alain wrote:
>>  This requires that I have another daemon taking care of this one! Just
>>  to see if I have to Start ntpd -g again... If it makes sense for you,
>>  I cannot see it. I undertsand that I am just a newcomer and as such my
>>  opinions have little weight. I am conciouns that here I am just a user
>>  and as such I have the priviledge of asking silly questions :)
>     At some point, the software is going to run into a problem that it 
> can't correct.  It's going to be faced with some sort of input that it 
> doesn't know how to deal with.  In that situation, what do you do?
>     Do you freak out and set the clock back to zero, in the hopes that 
> something will break really, really badly and someone will notice?  What 
> if they don't notice?  Do you do some other horribly destructive things, 
> in hopes that someone will notice?  What if you've done every 
> destructive thing you can think of (including wiping and doing a 
> low-level format of all attached hard drives), and still no one 
> notices?  What happens if the system that fails is part of a nuclear 
> missile guidance or launching system?  Do you really want them doing 
> destructive things on their own, hoping to be able to catch the 
> attention of the operator?
>     Do you log an error in the syslog and exit?  This is the approach 
> taken by most Unix-style daemons, and part of the deal is that you've 
> got to watch them to make sure that this hasn't happened.  There's 
> little difference here between how ntpd works as any other.  If you're 
> not doing this kind of monitoring already for all the other important 
> processes on the system, that's a much bigger problem that you've got to 
> resolve.

More information about the questions mailing list