daemon
SYNOPSIS
usage: daemon [options] [--] [cmd arg...]
options:
-h, --help - Print a help message then exit
-V, --version - Print a version message then exit
-v, --verbose[=level] - Set the verbosity level
-d, --debug[=level] - Set the debugging level
-C, --config=path - Specify the system configuration file
-N, --noconfig - Bypass the system configuration file
-n, --name=name - Guarantee a single named instance
-X, --command=cmd - Specify the client command as an option
-P, --pidfiles=/dir - Override standard pidfile location
-F, --pidfile=/path - Override standard pidfile name and location
-u, --user=user[.group] - Run the client as user[.group]
-R, --chroot=path - Run the client with path as root
-D, --chdir=path - Run the client in directory path
-m, --umask=umask - Run the client with the given umask
-e, --env="var=val" - Set a client environment variable
-i, --inherit - Inherit environment variables
-U, --unsafe - Allow execution of unsafe executable
-S, --safe - Deny execution of unsafe executable
-c, --core - Allow core file generation
-r, --respawn - Respawn the client when it terminates
-a, --acceptable=# - Minimum acceptable client duration
-A, --attempts=# - Respawn # times on error before delay
-L, --delay=# - Delay between spawn attempt bursts (seconds)
-M, --limit=# - Maximum number of spawn attempt bursts
-f, --foreground - Run the client in the foreground
-p, --pty[=noecho] - Allocate a pseudo terminal for the client
-l, --errlog=spec - Send daemon's error output to syslog or file
-b, --dbglog=spec - Send daemon's debug output to syslog or file
-o, --output=spec - Send client's output to syslog or file
-O, --stdout=spec - Send client's stdout to syslog or file
-E, --stderr=spec - Send client's stderr to syslog or file
--running - Check if a named daemon is running
--restart - Restart a named daemon client
--stop - Terminate a named daemon process
DESCRIPTION
daemon(1) turns other processes into daemons. There are many tasks that
need to be performed to correctly set up a daemon process. This can be
tedious. daemon performs these tasks for other processes.
The preparatory tasks that daemon performs for other processes are:
o First revoke any setuid or setgid privileges that daemon may have
o Read the system configuration file (/etc/daemon.conf by default, or
specified by the --config option) unless the --noconfig option was
supplied. Then read the user's configuration file (~/.daemonrc), if
any. Generic options are processed first, then options specific to
the daemon with the given name. Note: The root directory and the
user must be set before access to the configuration file can be
attempted so neither --chroot nor --user options may appear in the
configuration file.
o Disable core file generation to prevent leaking sensitive informa-
tion in daemons run by root (unless the --core option was sup-
plied).
o Become a daemon process:
o If daemon was not invoked by init(8) or inetd(8):
o Background the process to lose process group leadership.
o Start a new process session.
o Under SVR4, background the process again to lose process
session leadership. This prevents the process from ever
gaining a controlling terminal. This only happens when SVR4
is defined and NO_EXTRA_SVR4_FORK is not defined when lib-
slack(3) is compiled. Before doing this, ignore SIGHUP
because when the session leader terminates, all processes
in the foreground process group are sent a SIGHUP signal
(apparently). Note that this code may not execute (e.g.
when started by init(8) or inetd(8) or when either SVR4 was
not defined or NO_EXTRA_SVR4_FORK was defined when lib-
slack(3) was compiled). This means that the client can't
make any assumptions about the SIGHUP handler.
o Change directory to the root directory so as not to hamper
umounts.
o Clear the umask to enable explicit file creation modes.
o Close all open file descriptors. If daemon was invoked by
inetd(8), stdin, stdout and stderr are left open since they are
open to a socket.
o Open stdin, stdout and stderr to /dev/null in case something
requires them to be open. Of course, this is not done if daemon
was invoked by inetd(8).
o If the --name option was supplied, create and lock a file con-
taining the process id of the daemon process. The presence of
this locked file prevents two instances of a daemon with the
same name from running at the same time. The standard location
of the pidfile is /var/run on Linux and /etc on Solaris for
root or /tmp for ordinary users. If the --pidfiles option was
supplied, its argument specifies the directory in which the
ment of the --command option. If both the --command option and com-
mand line arguments are present, the client command is the result
of appending the command line arguments to the argument of the
--command option.
o If the --syslog, --outlog and/or --errlog options were supplied,
the client's standard output and/or standard error are captured by
daemon and sent to the respective syslog destinations.
o When the client terminates, daemon respawns it if the --respawn
option was supplied. If the client ran for less than 300 seconds
(or the value of the --acceptable option), then daemon sees this as
an error. It will attempt to restart the client up to five times
(or the value of the --attempts option) before waiting for 300 sec-
onds (or the value of the --delay option). This gives the adminis-
trator the chance to correct whatever is preventing the client from
running without overloading system resources. If the --limit option
was supplied, daemon terminates after the specified number of spawn
attempt bursts. The default is zero which means never give up,
never surrender.
When the client terminates and the --respawn option wasn't sup-
plied, daemon terminates.
o If daemon receives a SIGTERM signal, it propagates the signal to
the client and then terminates.
o If daemon receives a SIGUSR1 signal (from another invocation of
daemon supplied with the --restart option), it sends a SIGTERM sig-
nal to the client. If started with the --respawn option, the client
process will be restarted after it is killed by the SIGTERM signal.
o If the --foreground option was supplied, the client process is run
as a foreground process and is not turned into a daemon. If daemon
is connected to a terminal, so will the client process. If daemon
is not connected to a terminal but the client needs to be connected
to a terminal, use the --pty option.
OPTIONS
-h, --help
Display a help message and exit.
-V, --version
Display a version message and exit.
-v[=level], --verbose[=level]
Set the message verbosity level to level (or 1 if level is not sup-
plied). daemon does not have any verbose messages so this has no
effect unless the --running option is supplied.
-d[=level], --debug[=level]
Set the debug message level to level (or 1 if level is not sup-
plied). Set to level 1 for a trace of all functions called. Set to
level 2 for more detail. Debug messages are sent to the syslog(3)
-n=name, --name=name
Create and lock a pid file (/var/run/name.pid), ensuring that only
one daemon with the given name is active at the same time.
-X=cmd, --command=cmd
Specify the client command as an option. If a command is specified
along with its name in the configuration file, then daemons can be
started merely by mentioning their name:
daemon --name ftumpch
Note: Specifying the client command in the configuration file means
that no shell features are available (i.e. no meta characters).
-P=/dir, --pidfiles=/dir
Override the standard pidfile location. The standard pidfile loca-
tion is system and user dependent: root's pidfiles live in /var/run
on Linux and in /etc on Solaris. Normal users' pidfiles live in
</tmp>. This option can only be used with the --name option. Use
this option if these locations are unacceptable but make sure you
don't forget where you put your pidfiles. This option should only
be used in configuration files or in shell scripts, not on the com-
mand line.
-F=/path, --pidfile=/path
Override the standard pidfile name and location. The standard pid-
file location is described immediately above. The standard pidfile
name is the argument of the --name option followed by .pid. Use
this option if the standard pidfile name and location are unaccept-
able but make sure you don't forget where you put your pidfile.
This option should only be used in configuration files or in shell
scripts, not on the command line.
-u=user[.group], --user=user[.group]
Run the client as a different user (and group). This only works for
root. If the argument includes a .group specifier, daemon will
assume the specified group and no other. Otherwise, daemon will
assume all groups that the specified user is in.
-R=path, --chroot=path
Change the root directory to path before running the client. On
some systems, only root can do this. Note that the path to the
client program and to the configuration file (if any) must be rela-
tive to the new root path.
-D=path, --chdir=path
Change the directory to path before running the client.
-m=umask, --umask=umask
Change the umask to umask before running the client. umask must be
a valid octal mode. The default umask is 022.
-e=var=val, --env=var=val
unsafe executable. A configuration file or executable is unsafe if
it is group or world writable or is in a directory that is group or
world writable (following symbolic links). If an executable is a
script interpreted by another executable, then it is considered
unsafe if the interpeter is unsafe. If the interpreter is
/usr/bin/env (with an argument that is a command name to be
searched for in $PATH), then that command must be safe. By default,
daemon(1) will refuse to read an unsafe configuration file or to
execute an unsafe executable when run by root. This option over-
rides that behaviour and hence should never be used.
-S, --safe
Deny reading an unsafe configuration file and execution of an
unsafe executable. By default, daemon(1) will allow reading an
unsafe configuration file and execution of an unsafe executable
when run by ordinary users. This option overrides that behaviour.
-c, --core
Allow the client to create a core file. This should only be used
for debugging as it could lead to security holes in daemons run by
root.
-r, --respawn
Respawn the client when it terminates.
-a=#, --acceptable=#
Specify the minimum acceptable duration in seconds of a client
process. The default value is 300 seconds. It cannot be set to less
than 10 seconds without recompiling daemon. This option can only be
used with the --respawn option.
less than this, it is considered to have failed.
-A=#, --attempts=#
Number of attempts to spawn before delaying. The default value is
5. This option can only be used with the --respawn option.
-L=#, --delay=#
Delay in seconds between each burst of spawn attempts. The default
value is 300 seconds. It cannot be set to less than 10 seconds
without recompiling daemon. This option can only be used with the
--respawn option.
-M=#, ---limit=#
Limit the number of spawn attempt bursts. The default value is zero
which means no limit. This option can only be used with the
--respawn option.
-f, --foreground
Run the client in the foreground. The client is not turned into a
daemon.
-p[=noecho], --pty[=noecho]
Connect the client to a pseudo terminal. This option can only be
-l=spec, --errlog=spec
Send daemon's standard output and error to the syslog destination
or file specified by spec. If spec is of the form "facility.prior-
ity", then output is sent to syslog(3). Otherwise, output is
appended to the file whose path is given in spec. By default, out-
put is sent to daemon.err.
-b=spec, --dbglog=spec
Send daemon's debug output to the syslog destination or file speci-
fied by spec. If spec is of the form "facility.priority", then out-
put is sent to syslog(3). Otherwise, output is appended to the file
whose path is given in spec. By default, output is sent to dae-
mon.debug.
-o=spec, --output=spec
Capture the client's standard output and error and send it to the
syslog destination or file specified by spec. If spec is of the
form "facility.priority", then output is sent to syslog(3). Other-
wise, output is appended to the file whose path is given in spec.
By default, output is discarded unless the --foreground option is
present. In this case, the client's stdout and stderr are propa-
gated to daemon's stdout and stderr respectively.
-O=spec, --stdout=spec
Capture the client's standard output and send it to the syslog des-
tination or file specified by spec. If spec is of the form "facil-
ity.priority", then output is sent to syslog(3). Otherwise, stdout
is appended to the file whose path is given in spec. By default,
stdout is discarded unless the --foreground option is present, in
which case, the client's stdout is propagated to daemon's stdout.
-E=spec, --stderr=spec
Capture the client's standard error and send it to the syslog des-
tination specified by spec. If spec is of the form "facility.prior-
ity", then stderr is sent to syslog(3). Otherwise, stderr is
appended to the file whose path is given in spec. By default,
stderr is discarded unless the --foreground option is present, in
this case, the client's stderr is propagated to daemon's stderr.
--running
Check whether or not a named daemon is running, then exit(3) with
EXIT_SUCCESS if the named daemon is running or EXIT_FAILURE if it
isn't. If the --verbose option is supplied, print a message before
exiting. This option can only be used with the --name option. Note
that the --chroot, --user, --name, --pidfiles and --pidfile (and
possibly --config) options must be the same as for the target dae-
mon.
--restart
Instruct a named daemon to terminate and restart its client
process. This option can only be used with the --name option. Note
that the --chroot, --user, --name, --pidfiles and --pidfile (and
possibly --config) options must be the same as for the target dae-
mon.
Blank lines and comments ('#' to end of the line) are ignored. Lines
may be continued with a '\' character at the end of the line.
For example:
* errlog=daemon.err,output=local0.err,core
test1 syslog=local0.debug,debug=9,verbose=9,respawn
test2 syslog=local0.debug,debug=9,verbose=9,respawn
The command line options are processed first to look for a --config
option. If no --config option was supplied, the default file, /etc/dae-
mon.conf, is used. If the user has their own configuration file,
~/.daemorc it is also used. If the configuration files contain any
generic ('*') entries, their options are applied in order of appear-
ance. If the --name option was supplied and the configuration files
contain any entries with the given name, their options are then applied
in order of appearance. Finally, the command line options are applied
again. This ensures that any generic options apply to all clients by
default. Client specific options override generic options. User options
override system wide options. Command line options override everything
else.
Note that the configuration files are not opened and read until after
any --chroot and/or --user command line options are processed. This
means that the configuration file paths and the client's file path must
be relative to the --chroot argument. It also means that the configura-
tion files and the client executable must be readable/executable by the
user specified by the --user argument. It also means that the --chroot
and --user options must not appear in the configuration file. Also note
that the --name must not appear in the configuration file either.
BUGS
If you specify (in a configuration file) that all clients allow core
file generation, there is no way to countermand that for any client
(without using an alternative configuration file). So don't do that.
The same applies to respawning and foreground.
It is possible for the client process to obtain a controlling terminal
under BSD (and even under SVR4 if SVR4 was not defined or
NO_EXTRA_SVR4_FORK was defined when libslack(3) is compiled). If any-
thing calls open(2) on a terminal device without the O_NOCTTY flag, the
process doing so will obtain a controlling terminal and then be suscep-
tible to unintended termination by a SIGHUP.
Clients run in the foreground with a pseudo terminal don't respond to
job control (i.e. suspending with Control-Z doesn't work). This is
because the client belongs to an orphaned process group (it starts in
its own process session) so the kernel won't send it SIGSTOP signals.
However, if the client is a shell that supports job control, it's sub-
processes can be suspended.
Clients can only be restarted if they were started with the --respawn
option. Using --restart on a non-respawning daemon client is equivalent
to using --stop.
$ echo subscribe | mail daemon-users-request@libslack.org
$ echo subscribe | mail daemon-dev-request@libslack.org
Or you can send a mail message to majordomo@libslack.org with subscribe
listname in the message body. This way, you can subscribe to multiple
lists at the same time. e.g.
$ mail majordomo@libslack.org
subscribe daemon-announce
subscribe daemon-users
subscribe daemon-dev
.
A digest version of each mailing list is also available. Subscribe to
digests as above but append -digest to the listname.
SEE ALSO
libslack(3), daemon(3), coproc(3), pseudo(3), init(8), inetd(8),
fork(2), umask(2), setsid(2), chdir(2), chroot(2), setrlimit(2), set-
gid(2), setuid(2), setgroups(2), initgroups(3), syslog(3), kill(2)
AUTHOR
20040806 raf <raf@raf.org>
perl v5.8.4 2004-08-04 DAEMON.C(1)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2013
Hurricane Electric.
All Rights Reserved.