DOKK / manpages / debian 11 / daemon / daemon.conf.5.en
DAEMON.C(1) User Commands DAEMON.C(1)

daemon - turns other processes into daemons

 usage: daemon [options] [--] [cmd arg...]
 options:
 -h, --help                - Print a help message then exit
 -V, --version             - Print a version message then exit
 -v, --verbose[=level]     - Set the verbosity level
 -d, --debug[=level]       - Set the debugging level
 -C, --config=path         - Specify the system configuration file
 -N, --noconfig            - Bypass the system configuration file
 -n, --name=name           - Guarantee a single named instance
 -X, --command="cmd"       - Specify the client command as an option
 -P, --pidfiles=/dir       - Override standard pidfile location
 -F, --pidfile=/path       - Override standard pidfile name and location
 -u, --user=user[:[group]] - Run the client as user[:group]
 -R, --chroot=path         - Run the client with path as root
 -D, --chdir=path          - Run the client in directory path
 -m, --umask=umask         - Run the client with the given umask
 -e, --env="var=val"       - Set a client environment variable
 -i, --inherit             - Inherit environment variables
 -U, --unsafe              - Allow execution of unsafe executable
 -S, --safe                - Deny execution of unsafe executable
 -c, --core                - Allow core file generation
     --nocore              - Disallow core file generation (default)
 -r, --respawn             - Respawn the client when it terminates
 -a, --acceptable=#        - Minimum acceptable client duration (seconds)
 -A, --attempts=#          - Respawn # times on error before delay
 -L, --delay=#             - Delay between spawn attempt bursts (seconds)
 -M, --limit=#             - Maximum number of spawn attempt bursts
     --idiot               - Idiot mode (trust root with the above)
 -f, --foreground          - Run the client in the foreground
 -p, --pty[=noecho]        - Allocate a pseudo terminal for the client
 -l, --errlog=spec         - Send daemon's error output to syslog or file
 -b, --dbglog=spec         - Send daemon's debug output to syslog or file
 -o, --output=spec         - Send client's output to syslog or file
 -O, --stdout=spec         - Send client's stdout to syslog or file
 -E, --stderr=spec         - Send client's stderr to syslog or file
     --ignore-eof          - After SIGCHLD ignore any client output
     --read-eof            - After SIGCHLD read any client output (default)
     --running             - Check if a named daemon is running
     --restart             - Restart a named daemon client
     --stop                - Terminate a named daemon process
     --signal=signame      - Send a signal to a named daemon
     --list                - Print a list of named daemons

daemon(1) turns other processes into daemons. There are many tasks that need to be performed to correctly set up a daemon process. This can be tedious. daemon performs these tasks for other processes.

The preparatory tasks that daemon performs for other processes are:

  • First revoke any setuid or setgid privileges that daemon may have been installed with (by system administrators who laugh in the face of danger).
  • Process command line options.
  • Change the root directory if the --chroot option was supplied.
  • Change the process uid and gid if the --user option was supplied. Only root can use this option. Note that the uid of daemon itself is changed, rather than just changing the uid of the client process.
  • Read the system configuration file(s) (/etc/daemon.conf and /etc/daemon.conf.d/* by default, or specified by the --config option), unless the --noconfig option was supplied. Then read the user's configuration file(s) (~/.daemonrc and ~/.daemonrc.d/*), if any. Generic options are processed first, then options specific to the daemon with the given name. Note: The root directory and the user must be set before access to the configuration file can be attempted so neither --chroot nor --user options may appear in the configuration file.

    On BSD systems (except macOS), the system configuration file(s) are /usr/local/etc/daemon.conf and /usr/local/etc/daemon.conf.d/* by default.

  • Disable core file generation to prevent leaking sensitive information in daemons run by root (unless the --core option was supplied).
  • Become a daemon process:
If daemon was not invoked by init(8) (i.e. pid 1) or inetd(8) (i.e. stdin is a socket):
  • Ignore SIGHUP signals in case the current process session leader terminates while attached to a controlling terminal causing us to receive a SIGHUP signal before we start our own process session below.

    This can happen when daemon was invoked interactively via the shell builtin exec. When this initial process terminates below, the terminal emulator that invoked the shell also terminates.

  • Background the process to lose process group leadership.
  • Start a new process session.
  • Background the process again to lose process session leadership. Under SVR4 this prevents the process from ever gaining a controlling terminal. This is only necessary under SVR4 but is always done for simplicity. Note that ignoring SIGHUP signals earlier means that when the newly created process session leader terminates, then even if it has a controlling terminal open, the newly backgrounded process won't receive the corresponding SIGHUP signal that is sent to all processes in the process session's foreground process group because it inherited signal dispositions from the initial process.
  • Change directory to the root directory so as not to hamper umounts.
  • Clear the umask to enable explicit file creation modes.
  • Close all open file descriptors. If daemon was invoked by inetd(8), stdin, stdout and stderr are left open since they are open to a socket.
  • Open stdin, stdout and stderr to /dev/null in case something requires them to be open. Of course, this is not done if daemon was invoked by inetd(8).
  • If the --name option was supplied, create and lock a file containing the process id of the daemon process. The presence of this locked file prevents two instances of a daemon with the same name from running at the same time. The standard location of the pidfile is /var/run for root (/etc on Solaris) and /tmp for normal users. If the --pidfiles option was supplied, its argument specifies the directory in which the pidfile will be placed. If the --pidfile option was supplied, its argument specifies the name of the pidfile and the directory in which it will be placed.
  • If the --umask option was supplied, set the umask to its argument. Otherwise, set the umask to 022 to prevent clients from accidentally creating group or world writable files.
  • Set the current directory if the --chdir option was supplied.
  • Spawn the client command and wait for it to terminate. The client command may be specified as command line arguments or as the argument of the --command option. If both the --command option and command line arguments are present, the client command is the result of appending the command line arguments to the argument of the --command option.
  • If the --output, --stdout and/or --stderr options were supplied, the client's standard output and/or standard error are captured by daemon and sent to the respective syslog destinations.
  • When the client terminates, daemon respawns it if the --respawn option was supplied. If the client ran for less than 300 seconds (or the value of the --acceptable option), then daemon sees this as an error. It will attempt to restart the client up to five times (or the value of the --attempts option) before waiting for 300 seconds (or the value of the --delay option). This gives the administrator the chance to correct whatever is preventing the client from running without overloading system resources. If the --limit option was supplied, daemon terminates after the specified number of spawn attempt bursts. The default is zero which means never give up, never surrender.

    When the client terminates and the --respawn option wasn't supplied, daemon terminates.

  • If daemon receives a SIGTERM signal, it propagates the signal to the client and then terminates.
  • If daemon receives a SIGUSR1 signal (from another invocation of daemon supplied with the --restart option), it sends a SIGTERM signal to the client. If started with the --respawn option, the client process will be restarted after it is killed by the SIGTERM signal.
  • If the --foreground option was supplied, the client process is run as a foreground process and is not turned into a daemon. If daemon is connected to a terminal, so will the client process. If daemon is not connected to a terminal but the client needs to be connected to a terminal, use the --pty option.

Display a help message and exit.
Display a version message and exit.
Set the message verbosity level to level (or 1 if level is not supplied). daemon does not have any verbose messages by default so this has no effect unless the --running or --list option is supplied.
Set the debug message level to level (or 1 if level is not supplied). Level 1 traces high level function calls. Level 2 traces lower level function calls and shows configuration information. Level 3 adds environment variables. Level 9 adds every return value from select(2) to the output. Debug messages are sent to the destination specified by the --dbglog option (by default, the syslog(3) facility, daemon.debug).
Specify the main configuration file to use. By default, /etc/daemon.conf is the main configuration file if it exists and is not group or world writable and does not exist in a group or world writable directory. The configuration file lets you predefine options that apply to all clients and to specifically named clients.

As well as the main configuration file, additional configuration files will be read from the directory whose path matches the main configuration file with ".d" appended to it (e.g. /etc/daemon.conf.d). Any file in that directory whose name starts with a dot character (".") is ignored. The same checks as described above apply to these files as well.

On BSD systems (except macOS), the system configuration file(s) are /usr/local/etc/daemon.conf and /usr/local/etc/daemon.conf.d/* by default.

Bypass the system configuration files, /etc/daemon.conf and /etc/daemon.conf.d/*. Only the user's ~/.daemonrc and ~/.daemonrc.d/* configuration files will be read (if they exist).
Create and lock a pidfile (name.pid), ensuring that only one daemon with the given name is active at the same time. The standard location of the pidfile is /var/run (/etc on Solaris) for root and /tmp for normal users. This location can be overridden with the --podfiles option.
Specify the client command as an option. If a command is specified along with its name in the configuration file, then daemons can be started merely by mentioning their name:

    daemon --name ftumpch
    

Note: If the client command is specified with the --command option, either in the configuration file or on the command line, any additional command line arguments on the daemon command line are appended to the specified client command.

Override the standard pidfile location. The standard pidfile location is /var/run (/etc on Solaris) for root and /tmp for nomal users.

This option only affects the --name or --list option. Use this option if these standard locations are unacceptable but make sure you don't forget where you put your pidfiles. This option is best used in configuration files or in shell scripts, not on the command line.

Override the standard pidfile name and location. The standard pidfile location is described immediately above. The standard pidfile name is the argument of the --name option followed by .pid. Use this option if the standard pidfile name and location are unacceptable but make sure you don't forget where you put your pidfile. This option is best used in configuration files or in shell scripts, not on the command line.
Run the client as a different user (and group). This only works for root. If the argument includes a :group specifier, daemon will assume the specified group and no other. Otherwise, daemon will assume all groups that the specified user is in. For backwards compatibility, "." may be used instead of ":" to separate the user and group but since "." may appear in user and group names, ambiguities can arise such as using --user=u.g with users u and u.g and group g. With such an ambiguity, daemon will assume the user u and group g. Use --user=u.g: instead for the other interpretation.
Change the root directory to path before running the client. On some systems, only root can do this. Note that the path to the client program and to the configuration file (if any) must be relative to the new root path.
Change the directory to path before running the client.
Change the umask to umask before running the client. umask must be a valid octal mode. The default umask is 022.
Set an environment variable for the client process. This option can be used any number of times. If it is used, only the supplied environment variables are passed to the client process. Otherwise, the client process inherits the current set of environment variables.
Explicitly inherit environment variables. This is only needed when the --env option is used. When this option is used, the --env option adds to the inherited environment, rather than replacing it.
Allow reading an unsafe configuration file and execution of an unsafe executable. A configuration file or executable is unsafe if it is group or world writable or is in a directory that is group or world writable (following symbolic links). If an executable is a script interpreted by another executable, then it is considered unsafe if the interpreter is unsafe. If the interpreter is /usr/bin/env (with an argument that is a command name to be searched for in $PATH), then that command must be safe. By default, daemon(1) will refuse to read an unsafe configuration file or to execute an unsafe executable when run by root. This option overrides that behaviour and hence should never be used.
Deny reading an unsafe configuration file and execution of an unsafe executable. By default, daemon(1) will allow reading an unsafe configuration file and execution of an unsafe executable when run by normal users. This option overrides that behaviour.
Allow the client to create a core file. This should only be used for debugging as it could lead to security holes in daemons run by root.
By default, clients are prevented from creating core files. If the --core option has been used in a configuraton file to apply to all named daemons, then this option may be used to restore the default behaviour for specific named daemons.
Respawn the client when it terminates.
Specify the minimum acceptable duration in seconds of a client process. The default value is 300 seconds. It cannot be set to less than 10 seconds except by root when used in conjunction with the --idiot option. This option can only be used with the --respawn option.

less than this, it is considered to have failed.

Number of attempts to spawn before delaying. The default value is 5. It cannot be set to more than 100 attempts except by root when used in conjunction with the --idiot option. This option can only be used with the --respawn option.
Delay in seconds between each burst of spawn attempts. The default value is 300 seconds. It cannot be set to less than 10 seconds except by root when used in conjunction with the --idiot option. This option can only be used with the --respawn option.
Limit the number of spawn attempt bursts. The default value is zero which means no limit. This option can only be used with the --respawn option.
Turn on idiot mode in which daemon will not enforce the minimum or maximum values normally imposed on the --acceptable, --attempts and --delay option arguments. The --idiot option must appear before any of these options. Only the root user may use this option because it can turn a slight misconfiguration into a lot of wasted CPU effort and log messages, somewhat akin to a self-inflicted denial of service.
Run the client in the foreground. The client is not turned into a daemon.
Connect the client to a pseudo terminal. This option can only be used with the --foreground option. This is the default when the --foreground option is supplied and daemon's standard input is connected to a terminal. This option is only necessary when the client process must be connected to a controlling terminal but daemon itself has been run without a controlling terminal (e.g. from cron(8) or a pipeline).

If the noecho argument is supplied with this option, the client's side of the pseudo terminal will be set to noecho mode. Use this only if there really is a terminal involved and input is being echoed twice.

Send daemon's standard output and error to the syslog destination or file specified by spec. If spec is a syslog destination of the form "facility.priority", then output is sent to syslog(3). Otherwise, output is appended to the file whose path is given in spec. By default, output is sent to the syslog destination, daemon.err. See the MESSAGING section below for more details.
Send daemon's debug output to the syslog destination or file specified by spec. If spec is a syslog destination of the form "facility.priority", then output is sent to syslog(3). Otherwise, output is appended to the file whose path is given in spec. By default, output is sent to the syslog destination daemon.debug. See the MESSAGING section below for more details.
Capture the client's standard output and error and send it to the syslog destination or file specified by spec. If spec is a syslog destination of the form "facility.priority", then output is sent to syslog(3). Otherwise, output is appended to the file whose path is given in spec. By default, output is discarded unless the --foreground option is present. In this case, the client's stdout and stderr are propagated to daemon's stdout and stderr respectively. See the MESSAGING section below for more details.
Capture the client's standard output and send it to the syslog destination or file specified by spec. If spec is a syslog destination of the form "facility.priority", then output is sent to syslog(3). Otherwise, stdout is appended to the file whose path is given in spec. By default, stdout is discarded unless the --foreground option is present, in which case, the client's stdout is propagated to daemon's stdout. See the MESSAGING section below for more details.
Capture the client's standard error and send it to the syslog destination specified by spec. If spec is a syslog destination of the form "facility.priority", then stderr is sent to syslog(3). Otherwise, stderr is appended to the file whose path is given in spec. By default, stderr is discarded unless the --foreground option is present, in this case, the client's stderr is propagated to daemon's stderr. See the MESSAGING section below for more details.
After receiving a SIGCHLD signal due to a stopped or restarted client process, don't bother reading the client's output until the end-of-file is reached before reaping the client process's termination status with wait(2). Normally, there will be little or no output after the SIGCHLD signal because the client process has just terminated. However, the client process may have its own child processes keeping its output open long after its own termination. When this happens, by default, the client process remains as a zombie process until its child processes terminate and close the output. Waiting for the client's child processes to terminate before considering the client stopped and before restarting a new invocation may be desirable. If not, this option can be used to consider the client process as being terminated as soon as the SIGCHLD signal has been received and reaping its termination status with wait(2) immediately.
After receiving a SIGCHLD signal due to a stopped or restarted client process, continue reading the client's output until the end-of-file is reached before reaping the client process's termination status with wait(2). This is the default behaviour. Normally, there will be little or no output after the SIGCHLD signal because the client process has just terminated. However, the client process may have its own child processes keeping its output open long after its own termination. When this happens, the client process remains as a zombie process until its child processes terminate and close the output. Waiting for the client's child processes to terminate before considering the client stopped and before restarting a new invocation may be desirable. If so, but the --ignore-eof option has been used in a configuraton file to apply to all named daemons, then this option may be used to restore the default behaviour for specific named daemons.
Check whether or not a named daemon is running, then exit(3) with EXIT_SUCCESS if the named daemon is running or EXIT_FAILURE if it isn't.

If the --verbose option is supplied, print a message before exiting. If both the named daemon and its client process are running, the output will look like this, showing both process IDs:

    daemon:  name is running (pid 7455) (clientpid 7457)
    

If the named daemon is running but its client process is not (there might be a delay between respawn attempt bursts), the output will look like this, showing only the daemon process's ID:

        daemon:  name is running (pid 7455) (client is not running)
    

If the named daemon is not running at all, the output will look like this:

        daemon:  name is not running
    

This option can only be used with the --name option. Note that the --chroot, --user, --name, --pidfiles and --pidfile (and possibly --config) options must be the same as for the target daemon. Note that the --running option must appear before any --pidfile or --pidfiles option when checking if another user's daemon is running otherwise you might get an error about the pidfile directory not being writable.

Instruct a named daemon to terminate and restart its client process by sending it a SIGUSR1 signal. This will cause the named daemon to send its client process a SIGTERM signal to stop it. If the named daemon had been started with the --restart option, the named daemon will then restart its client process. Otherwise, this has the same effect as the --stop option and the named daemon's client process is not restarted.

This option can only be used with the --name option. Note that the --chroot, --user, --name, --pidfiles and --pidfile (and possibly --config) options must be the same as for the target daemon.

Stop a named daemon by sending it a SIGTERM signal. This will cause the named daemon to send its client process a SIGTERM option and then exit.

This option can only be used with the --name option. Note that the --chroot, --user, --name, --pidfiles and --pidfile (and possibly --config) options must be the same as for the target daemon.

Send the given signal to a named daemon's client process. The signal may be specified either by number or by name (with or without the "sig" prefix). Any signal may be sent. However, the named daemon's client process may be ignoring some signals. For example, SIGHUP will be ignored by default unless the client process has installed a signal handler for it.

The known list of signals are: hup, int, quit, ill, trap, abrt, iot, bus, fpe, kill, usr1, segv, usr2, pipe, alrm, term, stkflt, cld, chld, cont, stop, tstp, ttin, ttou, urg, xcpu, xfsz, vtalrm, prof, winch, poll, io, pwr, sys, emt and info. Not all of ehem are available on all platforms.

Print a list of the currently running named daemons whose pidfiles are in the applicable pidfile directory which will either be the default (i.e. /var/run for root (/etc on Solaris) and /tmp for normal users) or it will be specified by the --pidfiles option. Then exit.

Without the --verbose option, this will only list the names of daemons whose pidfiles are locked, as this implies that the corresponding daemon must still be running. Note that pidfiles created for daemons that are not started by daemon(1) might not be locked. An unlocked pidfile might indicate that daemon(1) has died unexpectedly, or it might just be a pidfile for a daemon that was not started by daemon(1). If this might lead to confusion, you might want to consider using a dedicated pidfiles directory for daemons started by daemon(1) and leave the default pidfiles directories for other daemons that were started independently of daemon(1).

With the --verbose option, the items in the list will look like the output of the --running option with --verbose but with more detail.

If there are no pidfiles at all, the output will look like this:

    No named daemons are running
    

If a pidfile is locked, and there is a corresponding client pidfile, that indicates that the named daemon and its client are both running, and the output will look like this, showing both process IDs:

        name is running (pid ####) (client pid ####)
    

If a pidfile is locked, but there is no client pidfile, that indicates that the the named daemon is running but its client is not (e.g. during the delay between respawn attempt bursts when the client is failing to start successfully), and the output will look like one of the following three options:

When we can tell that the pidfile is for a process whose executable name is daemon:

        name is running (pid ####) (client is not running)
    

When we can tell that the pidfile is for a process whose executable name is something other than daemon (i.e. is independent of daemon(1)):

        name is running (pid ####) (independent)
    

When it's not possible to determine the name of the executable associated with the pidfile (i.e. On systems other than Linux without a /proc file system):

        name is running (pid ####) (client is not running or is independent)
    

If a pidfile is not locked, and the applicable pidfiles directory is the default, that indicates either that the daemon has unexpectedly terminated, or just that the pidfile is for a daemon that was not started by daemon(1), and the output will look like this:

    name is not running (or is independent)
    

If a pidfile is not locked, and the applicable pidfiles directory is not the default, then it is assumed that all pidfiles are for daemons that were started by daemon(1), and the output will look like this:

    name is not running
    

As with all other programs, a -- argument signifies the end of options. Any options that appear on the command line after -- are part of the client command.

/etc/daemon.conf, /etc/daemon.conf.d/* - system-wide default options

/usr/local/etc/daemon.conf, /usr/local/etc/daemon.conf.d/* - system-wide default options on BSD systems (except macOS).

~/.daemonrc, ~/.daemonrc.d/* - user-specific default options

Each line of the configuration file consists of a client name or '*', followed by whitespace, followed by a comma separated list of options. Blank lines and comments ('#' to end of the line) are ignored. Lines may be continued with a '\' character at the end of the line.

For example:

    *       errlog=daemon.err,output=local0.err,core
    test1   syslog=local0.debug,debug=9,verbose=9,respawn
    test2   syslog=local0.debug,debug=9,verbose=9,respawn

The command line options are processed first to look for a --config option. If no --config option was supplied, the default files, /etc/daemon.conf and /etc/daemon.conf.d/*, are used. On BSD systems (except macOS), the default files are /usr/local/etc/daemon.conf and /usr/local/etc/daemon.conf.d/*. If the user has their own configuration files, ~/.daemonrc and ~/.daemonrc.d/*, they are also used. If the configuration files contain any generic ('*') entries, their options are applied in order of appearance. If the --name option was supplied and the configuration files contain any entries with the given name, their options are then applied in order of appearance. Finally, the command line options are applied again. This ensures that any generic options apply to all clients by default. Client specific options override generic options. User options override system-wide options. Command line options override everything else.

Note that the configuration files are not opened and read until after any --chroot and/or --user command line options are processed. This means that the configuration file paths and the client's file path must be relative to the --chroot argument. It also means that the configuration files and the client executable must be readable/executable by the user specified by the --user argument. It also means that the --chroot and --user options must not appear in the configuration file. Also note that the --name option must not appear on the right hand side in the configuration file either.

The --errlog, --dbglog, --output, --stdout and --stderr options all take an argument that can be either a syslog destination of the form facility.priority or the name of a file. Here are the lists of syslog facilities and priorities:

  Facilities:
  kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron,
  local0, local1, local2, local3, local4, local5, local6, local7.
  Priorities:
  emerg, alert, crit, err, warning, notice (on some systems), info, debug.

If the name of a file is supplied instead, bear in mind the fact that daemon(1) changes to the root directory by default and so the file name should be supplied as an absolute path (or relative to the --chroot or --chdir option argument). Otherwise, daemon(1) will attempt to create the file relative to its current directory. You may not have permissions to do that or want to even if you do.

Clients can only be restarted if they were started with the --respawn option. Using --restart on a non-respawning daemon client is equivalent to using --stop.

Clients run in the foreground with a pseudo terminal don't respond to job control (i.e. suspending with Control-Z doesn't work). This is because the client belongs to an orphaned process group (it starts in its own process session) so the kernel won't send it SIGSTOP signals. However, if the client is a shell that supports job control, then its subprocesses can be suspended.

In KDE, if you use "exec daemon" (or just "exec" without daemon) in a shell to run a KDE application you may find that the KDE application sometimes doesn't run. This problem has only been seen with konsole(1) but it may happen with other KDE applications as well. Capturing the standard error of the KDE application might show something like:

  unnamed app(9697): KUniqueApplication: Registering failed!
  unnamed app(9697): Communication problem with  "konsole" , it probably crashed.
  Error message was:  "org.freedesktop.DBus.Error.ServiceUnknown" : " "The name
                      org.kde.konsole was not provided by any .service files"

A workaround seems to be to delay the termination of the initial daemon(1) process by at least 0.4 seconds. To make this happen, set the environment variable DAEMON_INIT_EXIT_DELAY_MSEC to the number of milliseconds by which to delay. For example: DAEMON_INIT_EXIT_DELAY_MSEC=400.

libslack(3), daemon(3), coproc(3), pseudo(3), init(8), inetd(8), fork(2), umask(2), setsid(2), chdir(2), chroot(2), setrlimit(2), setgid(2), setuid(2), setgroups(2), initgroups(3), syslog(3), kill(2), wait(2)

20201111 raf <raf@raf.org>

2020-11-14 perl v5.32.0