Xiaopei's DokuWiki

These are the good times in your life,
so put on a smile and it'll be alright

User Tools

Site Tools


it:daemon

daemon(1)

turns other processes into daemons

运行步骤

http://libslack.org/daemon/README

daemon 的运行步骤如下:

  1. First revoke any setuid or setgid privileges that daemon may have been installed with (by system administrators who laugh in the face of danger). 安全检查, 阻止安装 daemon 时可能造成的 setuid or setgid 漏洞(不要给 daemon suid/sgid!)
  2. Process command line options. 处理读取命令行参数
    1. Change the root directory if the –chroot option was supplied.
    2. Change the process uid and gid if the –user option was supplied. Only root can use this option. Note that the uid of daemon itself is changed, rather than just changing the uid of the client process. –user 将修改 daemon 自己而不仅仅是 client process 的 uid
    3. Read the configuration file (/etc/daemon.conf by default, or specified by the –config option). Note: The root directory and the user must be set before access to the configuration file can be attempted so neither –chroot nor –user options may appear in the configuration file. 必须在加载配置前 –chroot 和 –user, 即配置文件中不能出现 –chroot 或 –user
  3. Disable core file generation to prevent security holes in daemons run by root (unless the –core option is supplied). 安全检查, :?:
  4. Become a daemon process
    1. If daemon was not invoked by init(8) or inetd(8): 如果是主动启动
      1. Background the process to lose process group leadership.
      2. Start a new process session.
      3. Under SVR41), background the process again to lose process session leadership. This prevents the process from ever gaining a controlling terminal. This only happens when SVR4 is defined and NO_EXTRA_SVR4_FORK is not defined when libslack is compiled. Before doing this, ignore SIGHUP because when the session leader terminates, all processes in the foreground process group are sent a SIGHUP signal. Note that this code may not execute (e.g. when started by init(8) or inetd(8) or when either SVR4 was not defined or NO_EXTRA_SVR4_FORK was defined when libslack was compiled). This means that the client can't make any assumptions(假定) about the SIGHUP handler when daemon_init() returns.
    2. Change directory to the root directory so as not to hamper(妨碍) umounts. 切换到 root
    3. Clear the umask to enable explicit file creation modes. 清理 umask
    4. Close all open file descriptors. If daemon was invoked by inetd(8) stdin, stdout and stderr are left open since they are open to a socket. 一些 io 清理
    5. Open stdin, stdout and stderr to /dev/null in case something requires them to be open. Of course, this is not done if daemon was invoked by inetd(8). 继续清理 io
    6. If the –name option is supplied, create and lock a file containing the process id of the daemon process. The presence of this locked file prevents two instances of a daemon with the same name from running at the same time. The default location of the pidfile is /var/run for root or /tmp for ordinary users. 创建 pidfile
  5. If the –umask option was supplied, set the umask to its argument. Otherwise, set the umask to 022 to prevent accidentally creating group or world writable files. 重置 umask
  6. Set the current directory if the –chdir option was supplied. 切换当前目录
  7. Daemon then spawns(产卵) the client command specified on its command line and waits for it to terminate. 运行 client command
  8. If the –syslog, –outlog and/or –errlog option were supplied, the client's standard output and/or standard error are captured by daemon and sent to the respective syslog destinations. 重置 client 的 log
  9. When the client terminates, daemon respawns(重生) it if the –respawn option is supplied and the client terminated successfully after at least 600 seconds. Otherwise daemon terminates. client 运行完后, 如果设置了 –respawn, respawn it, 否则 daemon 停止运行)
  10. If daemon receives a SIGTERM signal, it propagates the signal to the client and then terminates. 如果 daemon 收到 SIGTERM 信号, 则先将信号发给 client 再自己停止

参数

常用

  • -n, –name=name - Guarantee a single named instance, 服务运行后, 可用此 name 停止
  • -X, –command=cmd - Specify the client command as an option
  • -u, –user=user[:[group]] - Run the client as user[:group]
  • -r, –respawn - Respawn the client when it terminates
    • When the client terminates, daemon respawns it if the –respawn option was supplied. If the client ran for less than 300 seconds (or the value of the –acceptable option), then daemon sees this as an error. It will attempt to restart the client up to five times (or the value of the –attempts option) before waiting for 300 seconds (or the value of the –delay option). This gives the administrator the chance to correct whatever is preventing the client from running without overloading system resources. If the –limit option was supplied, daemon terminates after the specified number of spawn attempt bursts. The default is zero which means never give up, never surrender.
  • –running - Check if a named daemon is running
  • –restart - Restart a named daemon client
  • –stop - Terminate a named daemon process

e.g.

# 开启
$ /usr/bin/daemon --respawn --name=foo --command="/usr/share/foo/foo -o client_opts"
# 停止
$ /usr/bin/daemon --name=foo --stop

further

配置

/etc/daemon.conf
# /etc/daemon.conf: system-wide daemon(1) configuration.
# See daemon(1) for full documentation.
 
# Format: <name|"*"> <option(","option)*>
*       errlog=daemon.err,output=local0.err,core
test1   syslog=local0.debug,debug=9,verbose=9,respawn
test2   syslog=local0.debug,debug=9,verbose=9,respawn
1)
System V Release 4.0, 是 UNIX 操作系统的一种新的内核标准
it/daemon.txt · Last modified: 2013/08/19 07:22 (external edit)