NAME

clockctl — Clock subsystem user control

SYNOPSIS

pseudo-device clockctl

DESCRIPTION

The clockctl interface brings clock control to non-root users. Any user with write access to /dev/clockctl will be able to perform operations such as settimeofday(2), clock_settime(2), adjtime(2), or ntp_adjtime(2), which are normally restricted to the super-user. Using the clockctl pseudo-device, it is possible to run daemons such as ntpd(8) as non-privileged users, thus reducing the security exposure if a compromise is found in such a daemon.

The clockctl pseudo-device driver provides an ioctl(2) call for each privileged clock-related system call. The system call stubs in C library will use the ioctl(2) on /dev/clockctl if the special file is present and accessible, or will revert to the plain super-user-restricted system call if the special file is not accessible.

The following ioctl(2) calls are defined in <sys/clockctl.h>:

CLOCKCTL_SETTIMEOFDAY

This will run the settimeofday(2) system call. Argument should be a pointer to a struct clockctl_settimeofday:

struct clockctl_settimeofday {
	const struct timeval *tv;
	const void *tzp;
};

CLOCKCTL_CLOCK_SETTIME

This will run the clock_settime(2) system call. Argument should be a pointer to a struct clockctl_clock_settime:

struct clockctl_clock_settime {
	clockid_t clock_id;
	struct timespec *tp;
};

CLOCKCTL_ADJTIME

This will run the adjtime(2) system call. Argument should be a pointer to a struct clockctl_adjtime:

struct clockctl_adjtime {
	const struct timeval *delta;
	struct timeval *olddelta;
};

CLOCKCTL_NTP_ADJTIME

This will run the ntp_adjtime(2) system call. Argument should be a pointer to a struct clockctl_ntp_adjtime:

struct clockctl_ntp_adjtime {
	struct timex *tp;
};

SEE ALSO

adjtime(2), clock_settime(2), ioctl(2), settimeofday(2)

HISTORY

clockctl appeared in NetBSD 1.6.