NAME

daemon - turns other processes into daemons

SYNOPSIS

 usage: daemon [options] cmd arg...
 options:

   -h, --help                     - Print a help message then exit
   -V, --version                  - Print a version message then exit
   -v, --verbose[=level]          - Set the verbosity level
   -d, --debug[=level]            - Set the debug level

   -n, --name=name                - Name the client exclusively
   -u, --user=user[.group]        - Run the client as user[.group]
   -R, --chroot=path              - Run the client with path as root
   -D, --chdir=path               - Run the client in directory path
   -m, --umask=umask              - Run the client with the given umask
   -r, --respawn                  - Respawn the client when it terminates
   -f, --force                    - Respawn the client even when it crashes
   -c, --core                     - Allow core file generation
   -s, --syslog=facility.priority - Send client's stdout/stderr to syslog
   -o, --outlog=facility.priority - Send client's stdout to syslog
   -e, --errlog=facility.priority - Send client's stderr to syslog
   -l, --log=facility.priority    - Send daemon's output to syslog
   -C, --config=path              - Specify the configuration file

DESCRIPTION

daemon(1) turns other processes into daemons. There are many tasks that need to be performed to correctly set up a daemon process. This can be tedious. daemon performs these tasks for other processes.

The preparatory tasks that daemon performs for other processes are:

• First revoke any setuid or setgid privileges that daemon may have been installed with (by system administrators who laugh in the face of danger).

• Process command line options.

• Change the root directory if the --chroot option was supplied.

• Change the process uid and gid if the --user option was supplied. Only root can use this option. Note that the uid of daemon itself is changed, rather than just changing the uid of the client process.

• Read the configuration file (/etc/daemon.conf by default, or specified by the --config option). Note: The root directory and the user must be set before access to the configuration file can be attempted so neither --chroot nor --user options may appear in the configuration file.

• Disable core file generation to prevent leaking sensitive information in daemons run by root (unless the --core option was supplied).

• Become a daemon process:

  • If daemon was not invoked by init(8) or inetd(8):

    • Background the process to lose process group leadership.

    • Start a new process session.

    • Under SVR4, background the process again to lose process session leadership. This prevents the process from ever gaining a controlling terminal. This only happens when SVR4 is defined and NO_EXTRA_SVR4_FORK is not defined when libslack(3) is compiled. Before doing this, ignore SIGHUP because when the session leader terminates, all processes in the foreground process group are sent a SIGHUP signal (apparently). Note that this code may not execute (e.g. when started by init(8) or inetd(8) or when either SVR4 was not defined or NO_EXTRA_SVR4_FORK was defined when libslack(3) was compiled). This means that the client can't make any assumptions about the SIGHUP handler.

  • Change directory to the root directory so as not to hamper umounts.

  • Clear the umask to enable explicit file creation modes.

  • Close all open file descriptors. If daemon was invoked by inetd(8), stdin, stdout and stderr are left open since they are open to a socket.

  • Open stdin, stdout and stderr to /dev/null in case something requires them to be open. Of course, this is not done if daemon was invoked by inetd(8).

  • If the --name option was supplied, create and lock a file containing the process id of the daemon process. The presence of this locked file prevents two instances of a daemon with the same name from running at the same time. The default location of the pidfile is /var/run on Linux and /etc on Solaris for root or /tmp for ordinary users.

• If the --umask option was supplied, set the umask to its argument. Otherwise, set the umask to 022 to prevent clients from accidentally creating group or world writable files.

• Set the current directory if the --chdir option was supplied.

• Spawn the client command specified on the command line and wait for it to terminate.

• If the --syslog, --outlog and/or --errlog options were supplied, the client's standard output and/or standard error are captured by daemon and sent to the respective syslog destinations.

• When the client terminates, daemon respawns it if the --respawn option was supplied and the client terminated successfully after at least 600 seconds. If the --force option was also supplied, the client will be respawned even if it crashed or was killed by a signal after at least 600 seconds. Otherwise daemon terminates.

• If daemon receives a SIGTERM signal, it propagates the signal to the client and then terminates.

OPTIONS

-h, --help

Display a help message and exit.

-V, --version

Display a version message and exit.

-v[level], --verbose[=level]

Set the message verbosity level to level (or 1 if level is not supplied). daemon does not have any verbose messages so this has no effect.

-d[level], --debug[=level]

Set the debug message level to level (or 1 if level is not supplied). Set to level 1 for a trace of all functions called. Set to level 2 for more detail. Debug messages are sent to the syslog(3) facility, daemon.debug.

-n=name, --name=name

Create and lock a pid file (/var/run/name.pid), ensuring that only one daemon with the given name is active at the same time.

-u=user[.group], --user=user[.group]

Run the client as a different user (and group). This only works for root. If the argument includes a .group specifier, daemon will assume the specified group and no other. Otherwise, daemon will assume all groups that the specified user is in.

-R=path, --chroot=path

Change the root directory to path before running the client. On some systems, only root can do this. Note that the path to the client program and to the configuration file (if any) must be relative to the new root path.

-D=path, --chdir=path

Change the directory to path before running the client.

-m=umask, --umask=umask

Change the umask to umask before running the client. umask must be a valid octal mode. The default umask is 022.

-r, --respawn

Respawn the client when it terminates successfully after at least 600 seconds.

-f, --force

Respawn the client even if it crashed or was killed by a signal after at least 600 seconds. Note that this option has no effect unless the --respawn option is also supplied.

-c, --core

Allow the client to create a core file. This should only be used for debugging as it could lead to security holes in daemons run by root.

-s=facility.priority --syslog=facility.priority

Capture the client's standard output and error and send it to the syslog destination specified by facility.priority.

-o=facility.priority --outlog=facility.priority

Capture the client's standard output and send it to the syslog destination specified by facility.priority.

-e=facility.priority --errlog=facility.priority

Capture the client's standard error and send it to the syslog destination specified by facility.priority.

-l=facility.priority --log=facility.priority

Send daemon's standard output and error to the syslog destination specified by facility.priority. By default, they are sent to daemon.err.

-C=path, --config=path

Specify the configuration file to use. By default, /etc/daemon.conf is the configuration file if it exists and is not group or world writable and does not exist in a group or world writable directory. The configuration file lets you predefine options that apply to all clients and to specifically named clients.

FILES

/etc/daemon.conf - define default options

Each line of the configuration file consists of a client name or '*', followed by whitespace, followed by a comma separated list of options. Blank lines and comments ('#' to end of the line) are ignored. Lines may be continued with a '\' character at the end of the line.

For example:

    *       log=daemon.err,syslog=local0.err,respawn
    test1   syslog=local0.debug,debug=9,verbose=9,core
    test2   syslog=local0.debug,debug=9,verbose=9,core

The command line options are processed first to look for a --config option. If no --config option was supplied, the default file, /etc/daemon.conf, is used. If the configuration file contains any generic ('*') entries, their options are applied in order of appearance. If the --name option was supplied and the configuration file contains any entries with the given name, their options are then applied in order of appearance. Finally, the command line options are applied again. This ensures that any generic options apply to all clients by default. Client specific options override generic options. Command line options override both.

Note that the configuration file is not opened and read until after any --chroot and/or --user command line options are processed. This means that the configuration file path and the client's file path must be relative to the --chroot argument. It also means that the configuration file and the client executable must be readable/executable by the user specified by the --user argument. It also means that neither the --chroot nor the --user options will have any effect if the appear in the configuration file. The command line options are parsed mainly to find --chroot, --user and --config. The --chroot and --user then take effect if they are present. Then the configuration file is parsed looking for extra options. Generic options are processed. Then named options are processed. Finally, the command line options are processed again to make sure that they override any generic or named options.

BUGS

If you specify (in the configuration file) that all clients allow core file generation, there is no way to countermand that for any client (without using an alternative configuration file). So don't do that. The same applies to respawning.

It is possible for the client process to obtain a controlling terminal under BSD (and even under SVR4 if SVR4 was not defined or NO_EXTRA_SVR4_FORK was defined when libslack(3) is compiled). If anything calls open(2) on a terminal device without the O_NOCTTY flag, the process doing so will obtain a controlling terminal and then be susceptible to unintended termination by a SIGHUP.

MAILING LISTS

The following mailing lists exist for daemon related discussion:

 daemon-announce@libslack.org - Announcements
 daemon-users@libslack.org    - User forum
 daemon-dev@libslack.org      - Development forum

To subscribe to any of these mailing lists, send a mail message to listname-request@libslack.org with subscribe as the message body. e.g.

 $ echo subscribe | mail daemon-announce-request@libslack.org
 $ echo subscribe | mail daemon-users-request@libslack.org
 $ echo subscribe | mail daemon-dev-request@libslack.org

Or you can send a mail message to majordomo@libslack.org with subscribe listname in the message body. This way, you can subscribe to multiple lists at the same time. e.g.

 $ mail majordomo@libslack.org
 subscribe daemon-announce
 subscribe daemon-users
 subscribe daemon-dev
 .

A digest version of each mailing list is also available. Subscribe to digests as above but append -digest to the listname.

SEE ALSO

libslack(3), daemon(3), init(8), inetd(8), fork(2), umask(2), setsid(2), chdir(2), chroot(2), setrlimit(2), setgid(2), setuid(2), setgroups(2), initgroups(3), syslog(3), kill(2)

AUTHOR

20011109 raf <raf@raf.org>