daemon - turns other processes into daemons
usage: daemon [options] [--] [cmd arg...]
options:
-h, --help - Print a help message then exit
-V, --version - Print a version message then exit
-v, --verbose[=level] - Set the verbosity level
-d, --debug[=level] - Set the debugging level
-C, --config=path - Specify the system configuration file
-N, --noconfig - Bypass the system configuration file
-n, --name=name - Guarantee a single named instance
-X, --command="cmd" - Specify the client command as an option
-P, --pidfiles=/dir - Override standard pidfile location
-F, --pidfile=/path - Override standard pidfile name and location
-u, --user=user[:[group]] - Run the client as user[:group]
-R, --chroot=path - Run the client with path as root
-D, --chdir=path - Run the client in directory path
-m, --umask=umask - Run the client with the given umask
-e, --env="var=val" - Set a client environment variable
-i, --inherit - Inherit environment variables
-U, --unsafe - Allow execution of unsafe executable
-S, --safe - Disallow execution of unsafe executable
-c, --core - Allow core file generation
--nocore - Disallow core file generation (default)
-r, --respawn - Respawn the client when it terminates
-a, --acceptable=# - Minimum acceptable client duration (seconds)
-A, --attempts=# - Respawn # times on error before delay
-L, --delay=# - Delay between respawn attempt bursts (seconds)
-M, --limit=# - Maximum number of respawn attempt bursts
--idiot - Idiot mode (trust root with the above)
-f, --foreground - Run the client in the foreground
-p, --pty[=noecho] - Allocate a pseudo terminal for the client
-B, --bind - Stop when the user's last logind session ends
-l, --errlog=spec - Send daemon's error output to syslog or file
-b, --dbglog=spec - Send daemon's debug output to syslog or file
-o, --output=spec - Send client's output to syslog or file
-O, --stdout=spec - Send client's stdout to syslog or file
-E, --stderr=spec - Send client's stderr to syslog or file
--ignore-eof - After SIGCHLD ignore any client output
--read-eof - After SIGCHLD read any client output (default)
--running - Check if a named daemon is running
--restart - Restart a named daemon client
--stop - Terminate a named daemon process
--signal=signame - Send a signal to a named daemon
--list - Print a list of named daemons
daemon(1) turns other processes into daemons. There are many tasks that need to be performed to correctly set up a daemon process. This can be tedious. daemon performs these tasks for other processes.
The preparatory tasks that daemon performs for other processes are:
First, revoke any setuid or setgid privileges that daemon may have been installed with (by system administrators who laugh in the face of danger).
Process command line options.
Change the root directory if the --chroot
option was supplied.
Change the process uid and gid if the --user
option was supplied. Only root can use this option. Note that the uid of daemon itself is changed, rather than just changing the uid of the client process.
Read the system configuration file(s) (/etc/daemon.conf
and /etc/daemon.conf.d/*
by default, or specified by the --config
option), unless the --noconfig
option was supplied. Then read the user's personal configuration file(s) (~/.daemonrc
and ~/.daemonrc.d/*
), if any. Generic options that apply to all daemons are processed first, then options that are specific to the daemon with the given name. Note: The root directory and the user must be set before access to the configuration file(s) can be attempted, so neither the --chroot
nor --user
options may appear in the configuration file.
On BSD systems (except macOS), the system configuration file(s) are /usr/local/etc/daemon.conf
and /usr/local/etc/daemon.conf.d/*
by default.
On macOS, when installed via macports, the system configuration file(s) are /opt/local/etc/daemon.conf
and /opt/local/etc/daemon.conf.d/*
.
Disable core file generation to prevent leaking potentially sensitive information in daemons that are run by root (unless the --core
option was supplied).
Become a daemon process:
If daemon was not invoked by init(8) (i.e. parent process id 1) or inetd(8) (i.e. stdin
is a socket):
Ignore SIGHUP
signals in case the current process session leader terminates while attached to a controlling terminal, causing us to receive a SIGHUP
signal before we start our own process session below.
This can happen when daemon was invoked interactively via the shell builtin exec
. When this initial process terminates below, the terminal emulator that invoked the shell also terminates, so daemon need to protect itself from that.
Background the process to lose process group leadership.
Start a new process session.
Background the process again to lose process session leadership. Under SVR4, this prevents the process from ever gaining a controlling terminal. This is only necessary under SVR4, but is always done for simplicity. Note that ignoring SIGHUP
signals earlier means that when the newly created process session leader terminates, then even if it has a controlling terminal open, the newly backgrounded process won't receive the corresponding SIGHUP
signal that is sent to all processes in the process session's foreground process group, because it inherited signal dispositions from the initial process.
Change the current directory to the root directory so as not to hamper umounts.
Clear the umask to enable explicit file creation modes.
Close all open file descriptors. If daemon was invoked by inetd(8), stdin
, stdout
and stderr
are left open, because they are open to a socket.
Open stdin
, stdout
and stderr
to /dev/null
, in case something requires them to be open. Of course, this is not done if daemon was invoked by inetd(8).
If the --name
option was supplied, create and lock a file containing the process id of the daemon process. The presence of this locked file prevents two instances of a daemon with the same name from running at the same time. The default location of the pidfile is /var/run
for root (/etc
on Solaris, /opt/local/var/run
on macOS when installed via macports), and /tmp
for normal users. If the --pidfiles
option was supplied, its argument specifies the directory in which the pidfile will be placed. If the --pidfile
option was supplied, its argument specifies the name of the pidfile and the directory in which it will be placed.
If the --umask
option was supplied, set the umask to its argument, which must be a valid three-digit octal mode. Otherwise, set the umask to 022
, to prevent clients from accidentally creating group- or world-writable files.
Set the current directory if the --chdir
option was supplied.
Spawn the client command and wait for it to terminate. The client command can be specified as command line arguments, or as the argument of the --command
option. If both the --command
option and command line arguments are present, the client command is the result of appending the command line arguments to the argument of the --command
option.
If the --output
, --stdout
and/or --stderr
options were supplied, the client's standard output and/or standard error are captured by daemon, and are sent to the respective syslog destinations.
When the client terminates, daemon respawns it if the --respawn
option was supplied. If the client ran for less than 300
seconds (or the value of the --acceptable
option), then daemon sees this as a failure. It will attempt to restart the client up to five times (or the value of the --attempts
option), before waiting for 300
seconds (or the value of the --delay
option). This gives the system administrator the chance to correct whatever is preventing the client from running successfully without overloading system resources. If the --limit
option was supplied, daemon terminates after the specified number of respawn attempt bursts. The default is zero, which means never give up, never surrender.
When the client terminates, and the --respawn
option wasn't supplied, daemon terminates as well.
If daemon receives a SIGTERM
signal (e.g. from a separate invocation of daemon with the --stop
option), it propagates the signal to the client and then terminates.
If daemon receives a SIGUSR1
signal (from a separate invocation of daemon with the --restart
option), it sends a SIGTERM
signal to the client. If it was started with the --respawn
option, the client process will be restarted after it is terminated by the SIGTERM
signal.
If the --foreground
option was supplied, the client process is run as a foreground process, and is not turned into a daemon at all. If daemon is connected to a terminal, then the client process will also be connected to it. If daemon is not connected to a terminal, but the client needs to be connected to a terminal, use the --pty
option.
-h
, --help
Display a help message and exit.
-V
, --version
Display a version message and exit.
-v
[level], --verbose
[=level]Set the message verbosity level to level (or 1 if level is not supplied). This only effects the --running
and --list
options.
-d
[level], --debug
[=level]Set the debug message level to level (or 1 if level is not supplied). Level 1 traces high-level function calls. Level 2 traces lower-level function calls and shows configuration information. Level 3 adds environment variables. Level 9 adds every return value from select(2). Debug messages are sent to the destination specified by the --dbglog
option (by default, the syslog(3) facility, daemon.debug
).
-C
path, --config=
pathSpecify the system configuration file to use. By default, /etc/daemon.conf
is the system configuration file, if it exists and is not group- or world-writable, and does not exist in a group- or world-writable directory. The configuration file lets you predefine options that apply to all clients, and to specifically named clients.
As well as the system configuration file, additional configuration files will be read from the directory whose path matches the system configuration file with ".d"
appended to it (e.g. /etc/daemon.conf.d
). Any file in that directory whose name starts with a dot character ("."
) is ignored. The same checks as described above apply to these files as well.
On BSD systems (except macOS), the system configuration file(s) are /usr/local/etc/daemon.conf
and /usr/local/etc/daemon.conf.d/*
by default.
On macOS, when installed via macports, the system configuration file(s) are /opt/local/etc/daemon.conf
and /opt/local/etc/daemon.conf.d/*
.
-N
, --noconfig
Bypass the system configuration files, /etc/daemon.conf
and /etc/daemon.conf.d/*
. Only the user's ~/.daemonrc
and ~/.daemonrc.d/*
configuration files will be read (if they exist).
-n
name, --name=
nameCreate and lock a pidfile (name.pid
), ensuring that only one daemon with the given name is active at the same time. The standard location of the pidfile is /var/run
for root (/etc
on Solaris, /opt/local/var/run
on macOS when installed via macports), and /tmp
for normal users. This location can be overridden with the --pidfiles option.
The name may only consist of the following characters:
-._abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
While a named daemon's client process is running, there will also be a separate pidfile to record the process id of the client process. Its filename will be the same as the daemon pidfile's, except that the filename extension will be .clientpid
rather than .pid
. The only reason that there should be a .pid
file, with no .clientpid
file, is during the delay between respawn attempts bursts.
-X
"cmd", --command=
"cmd"Specify the client command as an option. If a command is specified along with its name in the configuration file, then a daemon can be invoked merely by mentioning its name:
daemon --name ftumch
Note: If the client command is specified with the --command
option, either in the configuration file, or on the command line, then any additional command line arguments on the daemon command line are appended to the client command that is specified with the --command
option.
-P
/dir, --pidfiles=
/dirOverride the standard pidfile location. The standard pidfile location is /var/run
for root (/etc
on Solaris, /opt/local/var/run
on macOS when installed via macports), and /tmp
for normal users.
This option only affects the --name
and --list
options. Use this option if these standard locations are unacceptable, but make sure that you don't forget where you put your pidfiles. This option is best used in configuration files, or in shell scripts, rather than on an interactive command line.
The pidfile location will be created automatically only if it is within the user's home directory.
-F
/path, --pidfile=
/pathOverride the standard pidfile name and location. The standard pidfile location is described immediately above. The standard pidfile name is the argument of the --name
option followed by .pid
. Use this option if the standard pidfile name and location are unacceptable, but make sure that you don't forget where you put your pidfile. This option is best used in configuration files, or in shell scripts, rather than on an interactive command line.
The pidfile location will be created automatically only if it is within the user's home directory.
-u
user[:[group]], --user=
user[:[group]]Run the client as a different user (and group). This only works for root. If the argument includes a :group specifier, daemon will assume the specified group and no other. Otherwise, daemon will assume all groups that the specified user is in. For backwards compatibility, "."
may be used instead of ":"
to separate the user and group but since "."
can appear in user and group names, ambiguities can arise such as using --user=
u.g when users u and u.g and group g all exist. With such an ambiguity, daemon will assume the user u and group g. Use --user=
u.g: instead for the other interpretation.
-R
path, --chroot=
pathChange the root directory to path before running the client. On some systems, only root can do this. Note that the path to the client program and to the configuration file (if any) must be relative to the new root path.
-D
path, --chdir=
pathChange the current directory to path before running the client. The default current directory is the root directory (possibly after chroot).
-m
umask, --umask=
umaskChange the umask to umask before running the client. umask must be a valid octal mode. The default umask is 022
.
-e
"var=val", --env=
"var=val"Set an environment variable for the client process. This option can be used any number of times. If it is used, only the supplied environment variables are passed to the client process. Otherwise, the client process inherits the current set of environment variables.
-i
, --inherit
Explicitly inherit environment variables. This is only needed when the --env
option is used. When this option is used, the --env
option adds to the inherited environment, rather than replacing it.
-U
, --unsafe
Allow reading an unsafe configuration file, and allow the execution of an unsafe executable. A configuration file or executable is considered to be unsafe if it is group- or world-writable or is in a directory that is group- or world-writable (following symbolic links). If an executable is a script that is interpreted by another executable, then it is considered to be unsafe if the interpreter is unsafe. If the interpreter is /usr/bin/env
(with an argument that is a command name to be searched for in $PATH
), then that command must be safe. By default, daemon(1) will refuse to read an unsafe configuration file or to execute an unsafe executable when run by root. This option overrides that behaviour and hence should never be used.
-S
, --safe
Disallow reading an unsafe configuration file, and disallow the execution of an unsafe executable. By default, daemon(1) will allow reading an unsafe configuration file, and allow the execution of an unsafe executable, when run by normal users. This option overrides that behaviour.
-c
, --core
Allow the client to create a core file. This should only be used for debugging, as it could lead to security-related information disclosures by daemons run by root.
--nocore
By default, clients are prevented from creating a core file. If the --core
option has been used in a configuration file to apply to all named daemons, then this option can be used to restore the default behaviour for specific named daemons.
-r
, --respawn
Respawn the client when it terminates. Without this option, the termination of a client process causes daemon itself to terminate as well.
-a
#, --acceptable=
#Specify the minimum acceptable duration of a client process, in seconds. This option can only be used with the --respawn
option. If a client process terminates before this threshold is reached, then it is considered to have failed. The default value is 300
seconds. It cannot be set to less than 10
seconds, except by root when used in conjunction with the --idiot
option.
-A
#, --attempts=
#Specify the number of attempts to respawn before delaying. This option can only be used with the --respawn
option. The default value is 5
. It cannot be set to more than 100
attempts, except by root when used in conjunction with the --idiot
option.
-L
#, --delay=
#Specify the delay in seconds between each burst of respawn attempts. This option can only be used with the --respawn
option. The default value is 300
seconds. It cannot be set to less than 10
seconds except by root when used in conjunction with the --idiot
option.
-M
#, --limit=
#Specify a limit to the number of respawn attempt bursts. This option can only be used with the --respawn
option. The default value is 0
, which means no limit.
--idiot
Turn on idiot mode in which daemon will not enforce the minimum or maximum values normally imposed on the --acceptable
, --attempts
and --delay
options. The --idiot
option must appear before any of these options. Only the root user may use this option, because it can turn a slight misconfiguration into a lot of wasted CPU energy and log messages, somewhat akin to a self-inflicted denial of service.
Idiot mode also allows the root user to expand environment variable notation (e.g. $VAR
and ${VAR}
) in command line option arguments, and in configuration files. By default, internal environment variable expansion is only performed for normal users. Note that this doesn't apply to any such expansion performed earlier by the shell that invokes daemon(1). See the EXPANSION
section below for more details.
-f
, --foreground
Run the client in the foreground. The client is not turned into a daemon.
-p
[noecho], --pty
[=noecho]Connect the client to a pseudo terminal. This option can only be used with the --foreground
option. This is the default when the --foreground
option is supplied and daemon's standard input is connected to a terminal. This option is only necessary when the client process must be connected to a controlling terminal, but daemon itself has been run without a controlling terminal (e.g. from cron(8) or a pipeline).
If the noecho
argument is supplied with this option, the client's side of the pseudo terminal will be set to noecho
mode. Use this only if there really is a terminal involved and input is being echoed twice.
-B
, --bind
Automatically terminate the client process (and daemon(1) itself) as soon as the user has no systemd-logind(8) (or elogind(8)) user sessions. In other words, automatically terminate when the user logs out. If the user has no sessions to start with, the client process will be terminated immediately.
This option is only available on Linux systems that have either systemd(1) (e.g. Debian) or elogind(8) (e.g. Slackware). On systems with systemd(1), you could instead use a systemd user service, particularly if your user account is not allowed to have user services that linger.
-l
spec, --errlog=
specSend daemon's standard output and standard error to the syslog destination or file that is specified by spec. If spec is a syslog destination of the form "facility.priority"
, then output is sent to syslog(3). Otherwise, output is appended to the file whose path is given in spec. By default, output is sent to the syslog destination, daemon.err
. See the MESSAGING
section below for more details.
-b
spec, --dbglog=
specSend daemon's debug output to the syslog destination or file that is specified by spec. If spec is a syslog destination of the form "facility.priority"
, then output is sent to syslog(3). Otherwise, output is appended to the file whose path is given in spec. By default, output is sent to the syslog destination daemon.debug
. See the MESSAGING
section below for more details.
-o
spec, --output=
specCapture the client's standard output and standard error, and send it to the syslog destination or file that is specified by spec. If spec is a syslog destination of the form "facility.priority"
, then output is sent to syslog(3). Otherwise, output is appended to the file whose path is given in spec. By default, output is discarded unless the --foreground
option is present, in which case, the client's stdout and stderr are propagated to daemon's stdout and stderr, respectively. See the MESSAGING
section below for more details.
-O
spec, --stdout=
specCapture the client's standard output, and send it to the syslog destination or file that is specified by spec. If spec is a syslog destination of the form "facility.priority"
, then output is sent to syslog(3). Otherwise, stdout is appended to the file whose path is given in spec. By default, stdout is discarded unless the --foreground
option is present, in which case, the client's stdout is propagated to daemon's stdout. See the MESSAGING
section below for more details.
-E
spec, --stderr=
specCapture the client's standard error, and send it to the syslog destination or file that is specified by spec. If spec is a syslog destination of the form "facility.priority"
, then stderr is sent to syslog(3). Otherwise, stderr is appended to the file whose path is given in spec. By default, stderr is discarded unless the --foreground
option is present, in which case, the client's stderr is propagated to daemon's stderr. See the MESSAGING
section below for more details.
--ignore-eof
After receiving a SIGCHLD
signal due to a stopped or restarted client process, don't bother reading the client's output until the end-of-file is reached before reaping the client process's termination status with wait(2). Normally, there will be little or no output after the SIGCHLD
signal, because the client process has just terminated. However, the client process might have its own child processes keeping its output open long after its own termination. When this happens, by default, the client process remains as a zombie process until its child processes terminate and close the output. Waiting for the client's child processes to terminate before considering the client stopped, and before restarting a new invocation, might be desirable. If not, this option can be used to consider the client process as being terminated as soon as the SIGCHLD
signal has been received, and reaping its termination status with wait(2) immediately.
--read-eof
After receiving a SIGCHLD
signal due to a stopped or restarted client process, continue reading the client's output until the end-of-file is reached before reaping the client process's termination status with wait(2). This is the default behaviour. Normally, there will be little or no output after the SIGCHLD
signal, because the client process has just terminated. However, the client process might have its own child processes keeping its output open long after its own termination. When this happens, the client process remains as a zombie process until its child processes terminate and close the output. Waiting for the client's child processes to terminate before considering the client stopped, and before restarting a new invocation, might be desirable. If so, but the --ignore-eof
option has been used in a configuration file to apply to all named daemons, then this option can be used to restore the default behaviour for specific named daemons.
--running
Check whether or not a named daemon is running, then exit(3) with EXIT_SUCCESS
if the named daemon is running or EXIT_FAILURE
if it isn't.
If the --verbose
option is supplied, print a message before exiting. If both the named daemon and its client process are running, the output will look like this, showing both process IDs:
daemon: name is running (pid 7455) (clientpid 7457)
If the named daemon is running but its client process is not (there might be a delay between respawn attempt bursts), the output will look like this, showing only the daemon process's ID:
daemon: name is running (pid 7455) (client is not running)
If the named daemon is not running at all, the output will look like this:
daemon: name is not running
This option can only be used with the --name
option. Note that the --chroot
, --user
, --name
, --pidfiles
and --pidfile
(and possibly --config
) options must be the same as for the target daemon.
--restart
Instruct a named daemon to terminate and restart its client process, by sending it a SIGUSR1
signal. This will cause the named daemon to send its client process a SIGTERM
signal to stop it. If the named daemon had been started with the --restart
option, the named daemon will then restart its client process. Otherwise, this has the same effect as the --stop
option, and the named daemon's client process is not restarted.
This option can only be used with the --name
option. Note that the --chroot
, --user
, --name
, --pidfiles
and --pidfile
(and possibly --config
) options must be the same as for the target daemon.
--stop
Stop a named daemon by sending it a SIGTERM
signal. This will cause the named daemon to send its client process a SIGTERM
option and then exit.
This option can only be used with the --name
option. Note that the --chroot
, --user
, --name
, --pidfiles
and --pidfile
(and possibly --config
) options must be the same as for the target daemon.
--signal=
signameSend the given signal to a named daemon's client process. The signal can be specified either by number or by name (with or without the "sig" prefix). Any signal may be sent. However, the named daemon's client process might be ignoring some signals. For example, SIGHUP
will be ignored by default unless the client process has installed a signal handler for it.
The known list of signals are: hup
, int
, quit
, ill
, trap
, abrt
, iot
, bus
, fpe
, kill
, usr1
, segv
, usr2
, pipe
, alrm
, term
, stkflt
, cld
, chld
, cont
, stop
, tstp
, ttin
, ttou
, urg
, xcpu
, xfsz
, vtalrm
, prof
, winch
, poll
, io
, pwr
, sys
, emt
and info
. Not all of them are available on all platforms.
--list
Print a list of the currently running named daemons whose pidfiles are in the applicable pidfile directory which will either be the default (i.e. /var/run
for root (/etc
on Solaris, /opt/local/var/run
on macOS when installed via macports), and /tmp
for normal users), or it will be specified by the --pidfiles
option. Then exit.
Without the --verbose
option, this will only list the names of daemons whose pidfiles are locked, as this implies that the corresponding daemon must still be running. Note that pidfiles for daemons that were not started by daemon(1) might not be locked. An unlocked pidfile might indicate that daemon(1) has died unexpectedly, or it might just be a pidfile for a daemon that was not started by daemon(1). If this might lead to confusion, you might want to consider using a dedicated pidfiles directory for named daemons started by daemon(1), and leave the default pidfiles directories for other daemons that were started independently of daemon(1).
With the --verbose
option, the items in the list will look like the output of the --running
option with --verbose
, but with more detail.
If there are no pidfiles at all, the output will look like this:
No named daemons are running
If a pidfile is locked, and there is a corresponding client pidfile, that indicates that the named daemon and its client are both running, and the output will look like this, showing both process IDs:
name is running (pid ####) (client pid ####)
If a pidfile is locked, but there is no client pidfile, that indicates that the named daemon is running, but its client is not (e.g. during a delay between respawn attempt bursts when the client is failing to start successfully), and the output will look like one of the following three options:
When we can tell that the pidfile is for a process whose executable name is daemon:
name is running (pid ####) (client is not running)
When we can tell that the pidfile is for a process whose executable name is something other than daemon (i.e. is independent of daemon(1)):
name is running (pid ####) (independent)
When it's not possible to determine the name of the executable associated with the pidfile (i.e. On systems other than Linux without a /proc
file system):
name is running (pid ####) (client is not running or is independent)
If a pidfile is not locked, and the applicable pidfiles directory is the default, that indicates either that the daemon has unexpectedly terminated, or just that the pidfile is for a daemon that was not started by daemon(1), and the output will look like this:
name is not running (or is independent)
If a pidfile is not locked, and the applicable pidfiles directory is not the default, then it is assumed that all pidfiles are for daemons that were started by daemon(1), and the output will look like this:
name is not running
As with all other programs, a --
argument signifies the end of options. Any options that appear on the command line after --
are part of the client command.
Some simple shell-like expansion is performed internally on the arguments of the command line options with a text argument (but not the options with a numeric argument).
Environment variable notation, such as $VAR
or ${VAR}
, is expanded. Then user home directory notation, such as ~
or ~user
, is expanded. File name expansion (i.e. globbing) is NOT performed internally. Neither are any of your login shell's other wonderful expansions. This is very basic.
This might not be of much use on the command line, since daemon is normally invoked via a shell, which will first perform all of its usual expansions. It might even be undesirable to perform expansion internally after the shell has already done so (e.g. if you refer to any directory names that actually contain the '$'
character, or if you use any environment variables whose values contain the '$'
character, which is unlikely).
But it can be useful in configuration files. See the FILES
section below for more details. It can also be useful when daemon is invoked directly by another program without the use of a shell.
By default, environment variable expansion is not performed for the root user, even if the environment variable was defined in the configuration files. The --idiot
option can be used to change this behaviour, and allow the expansion of environment variables for the root user. Home directory notation expansion is performed for all users.
/etc/daemon.conf
, /etc/daemon.conf.d/*
- system-wide default options
/usr/local/etc/daemon.conf
, /usr/local/etc/daemon.conf.d/*
- system-wide default options on BSD systems (except macOS).
/opt/local/etc/daemon.conf
, /opt/local/etc/daemon.conf.d/*
- system-wide default options on macOS when installed via macports.
~/.daemonrc
, ~/.daemonrc.d/*
- user-specific default options
Each line of the configuration file is either an environment variable definition, or a configuration directive.
Environment variable definitions consist of the variable name, followed immediately by '='
and the value of the variable. They look like they do in shell, except that there is no quoting or other shell syntax. Environment variable values can include simple environment variable notation (e.g. $VAR
or ${VAR}
), and user home directory notation (e.g. ~
or ~user
). These will be expanded internally by daemon. See the EXPANSION
section above for more details.
Note that any environment variables that are defined in the configuration file, which are subsequently used explicitly in another environment variable definition or in an option argument, will have these expansions performed multiple times. Avoid environment variables whose values can change again if expansion is performed multiple times.
Example:
PATH=/usr/bin:/usr/sbin:$HOME/bin:~app/bin
PIDFILES=~/.run
Configuration directives consist of a client name (for options that apply to a single client), or '*'
(for generic options that apply to all clients), followed by spaces and/or tabs, followed by a comma-separated list of options. Any option arguments must not contain any commas. The commas that separate options can have spaces and tabs before and after them. Option arguments that are text (but not numbers) can include simple environment variable notation (e.g. $VAR
or ${VAR}
), and user home directory notation (e.g. ~
or ~user
). These will be expanded internally by daemon. See the EXPANSION
section above for more details.
Blank lines and comments ('#'
to end of the line) are ignored. Lines can be continued with a '\'
character at the end of the line.
Example:
* errlog=daemon.err,output=local0.err,core
test1 syslog=local0.debug,debug=9,verbose=9,respawn
test2 syslog=local0.debug,debug=9, \
verbose=9,respawn, \
pidfiles=$PIDFILES
The command line options are processed first, to look for a --config
option. If no --config
option was supplied, the default configuration files, /etc/daemon.conf
and /etc/daemon.conf.d/*
, are used. On BSD systems (except macOS), the default configuration files are /usr/local/etc/daemon.conf
and /usr/local/etc/daemon.conf.d/*
. On macOS when installed via macports, the default configuration files are /opt/local/etc/daemon.conf
and /opt/local/etc/daemon.conf.d/*
. If the user has their own configuration files, ~/.daemonrc
and ~/.daemonrc.d/*
, they are also used.
If the configuration files contain any generic ('*'
) entries, their options are applied in order of appearance. If the --name
option was supplied, and the configuration files contain any entries for the given name, those options are then applied in order of appearance.
Finally, the command line options are applied again. This ensures that any generic options apply to all clients by default. Client-specific options override generic options. User options override system-wide options. Command line options override everything else.
Note that the configuration files are not opened and read until after any --chroot
and/or --user
command line options are processed. This means that the configuration file paths and the client's file path must be relative to the --chroot
argument. It also means that the configuration files and the client executable must be readable/executable by the user specified by the --user
argument. It also means that the --chroot
and --user
options must not appear in the configuration file. Also note that the --name
option must not appear on the right hand side in the configuration file either.
The --errlog
, --dbglog
, --output
, --stdout
and --stderr
options all take an argument that can be either a syslog destination of the form "facility.priority"
or the path to a file. Here are the lists of syslog facilities and priorities:
Facilities:
kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron,
local0, local1, local2, local3, local4, local5, local6, local7.
Priorities:
emerg, alert, crit, err, warning, notice (on some systems), info, debug.
If the path to a file is supplied instead, bear in mind the fact that daemon(1) changes to the root directory by default, and so the file path should be an absolute path (or relative to the --chroot
and/or --chdir
option argument). Otherwise, daemon(1) will attempt to create the file relative to its current directory. You might not have permissions to do that, or want to even if you do.
Clients can only be restarted if they were started with the --respawn
option. Using --restart
on a non-respawning daemon client is equivalent to using --stop
. If you try to restart a named daemon, and it stops instead, then it probably wasn't started with the --respawn
option.
Clients that are run in the foreground with a pseudo terminal don't respond to job control (i.e. suspending with Control-Z doesn't work). This is because the client belongs to an orphaned process group (it starts in its own process session), so the kernel won't send it SIGSTOP
signals. However, if the client is a shell that supports job control, then its subprocesses can be suspended.
In KDE, if you use "exec daemon"
(or just "exec"
without daemon
) in a shell, to run a KDE application, you might find that the KDE application sometimes doesn't run. This problem has only been seen with konsole(1), but it might happen with other KDE applications as well. Capturing the standard error of the KDE application might show something like:
unnamed app(9697): KUniqueApplication: Registering failed!
unnamed app(9697): Communication problem with "konsole" , it probably crashed.
Error message was: "org.freedesktop.DBus.Error.ServiceUnknown" : " "The name
org.kde.konsole was not provided by any .service files"
A workaround seems to be to delay the termination of the initial daemon(1) process by at least 0.4 seconds. To make this happen, set the environment variable DAEMON_INIT_EXIT_DELAY_MSEC
to the number of milliseconds by which to delay. For example: DAEMON_INIT_EXIT_DELAY_MSEC=400
. Or you could just avoid using exec
when starting KDE applications.
On Linux systems that have systemd(1) or elogind(8), you might find that your daemon processes and their client processes are terminated when you logout, even though they are in a different process session, and so should be unaffected. This is because systemd has the ability to terminate all of your processes when you logout. Luckily, this feature is turned off by default in some Linux distributions. However, if it is on, you can turn it off by adding the following line to /etc/systemd/logind.conf
(or /etc/elogind/logind.conf
):
KillUserProcesses=no
libslack(3), daemon(3), coproc(3), pseudo(3), init(8), inetd(8), fork(2), umask(2), setsid(2), chdir(2), chroot(2), setrlimit(2), setgid(2), setuid(2), setgroups(2), initgroups(3), syslog(3), kill(2), wait(2), systemd-logind(8), elogind(8)
20230824 raf <raf@raf.org>