doc: update description of -u option and user directive

diff --git a/chrony.texi.in b/chrony.texi.in
index 532d8f1a32b06da3a490dab63e82c2a9c2755d28..59caf74121d5a9c90ead7d79936bd0bbb454635b 100644 (file)
--- a/chrony.texi.in
+++ b/chrony.texi.in
@@ -976,15 +976,13 @@ no RTC or the RTC is broken (e.g. it has no battery).
 @item -u <user>
 This option sets the name of the system user to which @code{chronyd} will
 switch after start in order to drop root privileges.  It overrides the
-@code{user} directive (default @code{@DEFAULT_USER@}).  It may be set to a
-non-root user only when @code{chronyd} is compiled with support for Linux
-capabilities (libcap), on NetBSD with the @code{/dev/clockctl} device or on
-Mac OS X.
-
-In the Mac OS X implementation @code{chronyd} forks into two processes.  The
-child process retains root privileges but can only perform a very limited range
-of privileged system calls on behalf of the parent.  The parent process drops
-root privileges to run as the specified system user.
+@code{user} directive (default @code{@DEFAULT_USER@}).
+
+On Linux, @code{chronyd} needs to be compiled with support for the
+@code{libcap} library.  On Mac OS X, FreeBSD, NetBSD and Solaris @code{chronyd}
+forks into two processes.  The child process retains root privileges, but can
+only perform a very limited range of privileged system calls on behalf of the
+parent.
 @item -F <level>
 This option configures a system call filter when @code{chronyd} is compiled with
 support for the Linux secure computing (seccomp) facility. In level 1 the
@@ -3181,16 +3179,15 @@ Valid measurements with corresponding compensations are logged to the
 @subsection user
 The @code{user} directive sets the name of the system user to which
 @code{chronyd} will switch after start in order to drop root privileges.
-It may be set to a non-root user only when @code{chronyd} is compiled with
-support for Linux capabilities (libcap), on NetBSD with the
-@code{/dev/clockctl} device or on Mac OS X.
 
-In the Mac OS X implementation @code{chronyd} forks into two processes.  The
-child process retains root privileges but can only perform a very limited range
-of privileged system calls on behalf of the parent.  The parent process drops
-root privileges to run as the specified system user.
+On Linux, @code{chronyd} needs to be compiled with support for the
+@code{libcap} library.  On Mac OS X, FreeBSD, NetBSD and Solaris @code{chronyd}
+forks into two processes.  The child process retains root privileges, but can
+only perform a very limited range of privileged system calls on behalf of the
+parent.
 
-The default value is @code{@DEFAULT_USER@}.
+The default value is @code{@DEFAULT_USER@}.  The configure script has a
+@code{--with-user} option, which sets the default value.
 @c }}}
 @c }}}
 @c {{{ S:Running chronyc

diff --git a/chronyd.8.in b/chronyd.8.in
index 0a10d01799e759d55749bd7edd2d6f89b8c42fd7..bd27ba01339d3d41f7748231584e4ebe5d54166e 100644 (file)
--- a/chronyd.8.in
+++ b/chronyd.8.in
@@ -101,14 +101,12 @@ RTC or the RTC is broken (e.g. it has no battery).
 \fB\-u\fR \fIuser\fR
 This option sets the name of the system user to which \fBchronyd\fR will switch
 after start in order to drop root privileges.  It overrides the \fBuser\fR
-directive (default \fB@DEFAULT_USER@\fR).  It may be set to a non-root user
-only when \fBchronyd\fR is compiled with support for Linux capabilities
-(libcap), on NetBSD with the \fB/dev/clockctl\fR device or on Mac OS X.
-
-In the Mac OS X implementation \fBchronyd\fR forks into two processes.  The
-child process retains root privileges but can only perform a very limited range
-of privileged system calls on behalf of the parent.  The parent process drops
-root privileges to run as the specified system user.
+directive from the configuration file (default \fB@DEFAULT_USER@\fR).
+
+On Linux, \fBchronyd\fR needs to be compiled with support for the \fBlibcap\fR
+library.  On Mac OS X, FreeBSD, NetBSD and Solaris \fBchronyd\fR forks into two
+processes.  The child process retains root privileges, but can only perform a
+very limited range of privileged system calls on behalf of the parent.
 .TP
 \fB\-F\fR \fIlevel\fR
 This option configures a system call filter when \fBchronyd\fR is compiled with

diff --git a/doc/faq.adoc b/doc/faq.adoc
index 1eadd09accbe21f3595a5e98b10157b6b8994a87..5869a65a8c158f7c79b9ab17b509a8e27ec1183e 100644 (file)
--- a/doc/faq.adoc
+++ b/doc/faq.adoc
@@ -128,11 +128,13 @@ under the root or chrony user (which can access +chronyd+ through a Unix domain
 socket since version 2.2), you can disable the internet command sockets
 completely by adding +cmdport 0+ to the configuration file.
 
-On Linux, if +chronyd+ is compiled with support for Linux capabilities
-(available in the libcap library), or on NetBSD with the +/dev/clockctl+
-device, you can specify an unprivileged user with the +-u+ option or +user+
-directive in the 'chrony.conf' file to drop root privileges after start.  The
-configure option +--with-user+ can be used to drop the privileges by default.
+You can specify an unprivileged user with the +-u+ option, or the +user+
+directive in the 'chrony.conf' file, to which +chronyd+ will switch after start
+in order to drop root privileges.  The configure script has a +--with-user+
+option, which sets the default user.  On Linux, +chronyd+ needs to be compiled
+with support for the +libcap+ library.  On other systems, +chronyd+ forks into
+two processes.  The child process retains root privileges, but can only perform
+a very limited range of privileged system calls on behalf of the parent.
 
 Also, if +chronyd+ is compiled with support for the Linux secure computing
 (seccomp) facility, you can enable a system call filter with the +-F+ option.