108.1 Maintain System Time

Weight: 3

Goal: Maintain the system time and synchronize the clock via NTP.

This objective overlaps slightly with 107.3 (time zones) but focuses on keeping the clock accurate rather than configuring locale.

1. Two Clocks Again

Every Linux machine has two clocks:

Hardware clock (RTC, “real-time clock”) — kept by the motherboard battery. Read once at boot.
System clock — maintained by the kernel while Linux is running. This is what date shows and what every application uses.

When Linux boots, it reads the hardware clock and uses it to initialize the system clock. From then on, only the system clock is updated, until either you shut down (the system clock is written back to the RTC) or you sync it with NTP.

The hardware clock can be stored as UTC (recommended) or local time (common when dual-booting Windows). Linux internally always uses UTC.

2. `date` — View and Set the System Clock

date                                 # show current local time
date -u                              # show current time in UTC
date +"%Y-%m-%d %H:%M:%S"            # custom format

# Set the system clock (must be root)
date -s "2026-05-11 14:00:00"
date --set="2026-05-11 14:00:00"
date 051114002026                    # MMDDhhmmYYYY format

Common format specifiers for date +FORMAT:

Code	Means
`%Y`	Year (4 digits)
`%m`	Month (01–12)
`%d`	Day of month (01–31)
`%H`	Hour (00–23)
`%M`	Minute (00–59)
`%S`	Second (00–59)
`%A`	Weekday name
`%s`	Seconds since 1 Jan 1970 (Unix epoch)

date only affects the system clock. The hardware clock is not changed unless you also run hwclock --systohc.

3. `hwclock` — Read and Write the Hardware Clock

hwclock --show                       # display the hardware clock
hwclock -r                           # same (read)

hwclock --systohc                    # set HW clock FROM the system clock
hwclock -w                           # same (write)

hwclock --hctosys                    # set system clock FROM the HW clock
hwclock -s                           # same

hwclock --utc                        # treat the HW clock as UTC (recommended)
hwclock --localtime                  # treat the HW clock as local time

Memorize the two important directions:

Flag	Direction
`--systohc` (`-w`)	system → hardware
`--hctosys` (`-s`)	hardware → system

A useful mnemonic: read the flag left to right. systohc = “system to HC”.

4. Why NTP?

Even a good clock drifts by several seconds per day. For logs, authentication (Kerberos, certificates), and any distributed system, clocks across machines must agree closely. This is what NTP (Network Time Protocol) provides.

How NTP works (briefly)

NTP servers are organized in a hierarchy of strata:
- Stratum 0: reference clocks (atomic, GPS) — not network-accessible.
- Stratum 1: servers directly connected to a stratum-0 source.
- Stratum 2: servers that sync from stratum-1 servers.
- … up to stratum 15. Stratum 16 means “unsynchronized”.
A client typically syncs with multiple stratum-2 or stratum-3 servers and picks the best one.
NTP uses UDP port 123.

Public NTP server pools

The NTP Pool Project provides DNS names that resolve to many community servers:

pool.ntp.org (round-robin)
0.pool.ntp.org, 1.pool.ntp.org, … (use several to spread load)
Regional variants: europe.pool.ntp.org, us.pool.ntp.org, etc.

5. The Classic NTP Daemon: `ntpd`

The reference implementation is ntpd from the ntp package. It runs in the background, talks to remote NTP servers, and continuously disciplines (gently adjusts) the system clock.

`/etc/ntp.conf` — main configuration file

A minimal example:

# Drift file: where ntpd stores the clock's measured drift rate
driftfile /var/lib/ntp/ntp.drift

# Servers to sync from
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst

# Restrict who can query/control ntpd
restrict default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1

Important keywords:

Keyword	Purpose
`server`	A time source to query.
`peer`	A peer relationship (rarely used today).
`iburst`	Send a quick burst of packets when starting up so the daemon syncs faster.
`driftfile`	File where ntpd remembers the local clock’s drift rate across reboots.
`restrict`	Access control for who can interact with ntpd.

Controlling and inspecting `ntpd`

systemctl start ntpd
systemctl enable ntpd

ntpq -p                              # show peers and sync status (key command!)
ntpq -pn                             # same, but no DNS resolution
ntpstat                              # one-line summary of sync state

Reading `ntpq -p` output

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*time1.example.com  .GPS.        1 u   23   64  377    1.234    0.123   0.045
+time2.example.com  10.0.0.1     2 u   45   64  377    2.345   -0.234   0.078
-time3.example.com  10.0.0.2     2 u   60   64  377    3.456    0.567   0.123
 time4.example.com  .INIT.      16 u    -   64    0    0.000    0.000   0.000

The single character before each remote tells you ntpd’s choice:

Symbol	Meaning
`*`	Currently selected primary sync source.
`+`	A good candidate, kept as a backup.
`-`	Discarded (out of tolerance).
`x`	False ticker — rejected.
(space)	Discarded / unreachable.

Other columns to know: - st: stratum (lower is better; 16 = unsynced). - when: seconds since last successful response. - poll: current polling interval, in seconds. - reach: 8-bit reachability register in octal (377 = perfect). - offset: estimated time difference from this server (ms).

6. One-Shot Sync: `ntpdate`

ntpdate queries an NTP server once and immediately sets the system clock. It does not run as a daemon — useful at boot or in scripts.

ntpdate pool.ntp.org
ntpdate -q pool.ntp.org           # query only, don't change the clock

Important constraints:

Cannot run while ntpd is already running (port conflict).
Considered deprecated. Modern systems use chrony or systemd-timesyncd instead, but you must still recognize ntpdate for the exam.

7. Chrony — Modern Replacement for `ntpd`

chrony is the default NTP implementation on RHEL/CentOS/Fedora and many modern systems. It works better than ntpd on:

Laptops and desktops (machines that are often offline or suspended).
Virtual machines.
Networks with intermittent connectivity.

Configuration: `/etc/chrony.conf` (or `/etc/chrony/chrony.conf`)

pool 2.pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync

Keyword	Purpose
`server` / `pool`	Time sources. `pool` resolves a DNS name to multiple servers.
`driftfile`	Stores measured clock drift across reboots.
`makestep N M`	Allow stepping (large jump) the clock if it is more than N seconds off, but only during the first M updates.
`rtcsync`	Keeps the hardware clock in sync with the system clock (Linux only).

Two binaries

chronyd — the daemon.
chronyc — the client/admin tool.

Useful `chronyc` commands

chronyc sources                      # list time sources and their state
chronyc sources -v                   # verbose, with column legend
chronyc tracking                     # detailed sync info for the local clock
chronyc makestep                     # force an immediate step now
chronyc -a 'burst 4/4'               # send a burst of requests (auth req'd)

Reading chronyc sources output:

MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* time1.example.com             1   6   377    23   -123us[ -250us] +/-  12ms
^+ time2.example.com             2   6   377    45    +56us[  +56us] +/-  18ms
^? time3.example.com             0  10     0     -     +0ns[   +0ns] +/-    0ns

The first two characters are mode + state:

^ — server.
= — peer.

State characters:

Char	Meaning
`*`	Currently synchronized to this source.
`+`	Acceptable, combined with the selected one.
`-`	Not currently used.
`?`	Unreachable.
`x`	False ticker (clock is way off).
`~`	Time variability too large.

8. `systemd-timesyncd` (Awareness)

Many modern desktop distributions (Debian, Ubuntu) ship a lightweight client called systemd-timesyncd instead of a full NTP daemon.

It is an SNTP client (Simple NTP): only sets the time from a server, does not act as a server itself.
Configured in /etc/systemd/timesyncd.conf.
Status via timedatectl:

timedatectl                          # shows clock, time zone, and NTP status
timedatectl set-ntp true             # enable network time sync
timedatectl set-ntp false            # disable it

You can have only one of chronyd, ntpd, or systemd-timesyncd running at a time — they all want UDP port 123 for syncing.

9. Quick Reference for the Exam

Concept files:

/etc/ntp.conf — configuration for ntpd.
/etc/chrony.conf (or /etc/chrony/chrony.conf) — configuration for chrony.
/etc/systemd/timesyncd.conf — configuration for systemd-timesyncd.
/var/lib/ntp/ntp.drift — drift file used by ntpd.

Commands:

date — show/set the system clock.
hwclock — show/set the hardware clock (--systohc, --hctosys).
ntpd — classic NTP daemon.
ntpdate — one-shot sync (deprecated but on the exam).
ntpq -p — show ntpd peers.
chronyd / chronyc sources / chronyc tracking — chrony.
timedatectl — systemd’s time management tool.

Concepts:

Stratum levels.
NTP uses UDP port 123.
pool.ntp.org for public servers.

10. Likely Exam Questions (Self-Check)

Which protocol and port does NTP use? NTP uses UDP, port 123.
What is the standard NTP daemon configuration file? /etc/ntp.conf.
Which command does a one-time NTP synchronization (set the clock once and exit)? ntpdate.
What does ntpq -p show? The list of NTP servers ntpd is talking to, with stratum, delay, offset, jitter, and which one is currently selected.
In ntpq -p output, what does an asterisk (*) at the start of a line mean? That server is currently the selected sync source.
What does iburst do in /etc/ntp.conf? Sends a quick initial burst of packets so the daemon synchronizes faster at startup.
What is the difference between hwclock --systohc and hwclock --hctosys? --systohc writes the system clock into the hardware clock. --hctosys does the opposite.
Which file does ntpd use to remember the clock’s drift rate across reboots? The drift file (typically /var/lib/ntp/ntp.drift), declared by the driftfile keyword in /etc/ntp.conf.
What does “stratum” mean in NTP? The distance (in hops) from a reference clock. Stratum 0 is the reference; lower numbers are closer to it. Stratum 16 means unsynchronized.
What are the two binaries provided by chrony, and what does each do? chronyd is the daemon. chronyc is the command-line client used to query and control it.
What chrony command shows the local clock’s synchronization details? chronyc tracking.
What chrony command lists the configured time sources and their status? chronyc sources (use -v for the column legend).
What is pool.ntp.org? A DNS pool of community-run NTP servers, used by most Linux systems as a default time source.
Can ntpd and chronyd run on the same machine at the same time? No — they both want UDP port 123.
How do you enable NTP synchronization on a systemd-based system without installing a full NTP daemon? Use systemd-timesyncd: timedatectl set-ntp true.

108.1 Maintain System Time

1. Two Clocks Again

2. date — View and Set the System Clock

3. hwclock — Read and Write the Hardware Clock

4. Why NTP?

How NTP works (briefly)

Public NTP server pools

5. The Classic NTP Daemon: ntpd

/etc/ntp.conf — main configuration file

Controlling and inspecting ntpd

Reading ntpq -p output

6. One-Shot Sync: ntpdate

7. Chrony — Modern Replacement for ntpd

Configuration: /etc/chrony.conf (or /etc/chrony/chrony.conf)