= Configuring your daemon daemon-kit provides a multitude of ways to configure your daemon, this document will outline the different options available to you. == Configuration files and #DaemonKit::Config #DaemonKit::Config gives you easy access to any YAML configuration files you have in your config directory. You can access the configuration files like this: config = DaemonKit::Config.load('sample') The above snippet relies on the presence of a config/sample.yml file. #DaemonKit::Config is environment aware, so configuration files are parsed for a top-level key that is the same as the value of DAEMON_ENV, and if present is loaded into the object as the configuration data. If the key is not present, the whole YAML document is exposed as configuration data. == Command line arguments The most flexible way to configure your daemon is through command line arguments, or switches. DaemonKit includes a couple of its own arguments that can be used: -e ENV (or --env ENV) to set the daemon environment --pid /path/to/pidfile to set the path to a pidfile -l path (or --log path) to set the path for the log file -v shows the DaemonKit version -h shows a useful help message === Custom arguments It is possible for you to specify your own arguments as well, by updating the config/arguments.rb file. This file is eval'd inside #DaemonKit::Arguments and gives you access to the following two variables: * opts - Instance of OptionParser[http://www.ruby-doc.org/stdlib/libdoc/optparse/rdoc/classes/OptionParser.html] * @options - A standard Ruby hash that you can populate and access later Your custom arguments can be accessed like this: DaemonKit.arguments.options === Advanced Configuration All the writable attributes of the default #DaemonKit::Configuration instance call also be modified from the command line using the special --config arguments: --config force_kill_wait=30 This happens after config/environment.rb is processed, so all command line arguments will overwrite those values. === Daemon umask By default daemon processes run with a umask of 022, but this can be changed on the command line or in +config/environment.rb+. To set a more restrictive umask via command line arguments, you can start your daemon like this: $ ./bin/daemon start --config umask=0077 Or the same in +config/environment.rb+ DaemonKit::Initializer.run do |config| # ... # restrictive umask config.umask = 0077 # ... end === Privilege Separation By default daemon processes run as the user that starts them, inheriting all their privileges (or lack thereof). Getting daemon-kit to drop privileges can currently only be done using command-line parameters, and only works reliable on *nix (OSX seemed cranky at the time of testing). $ ./bin/daemon start --config user=nobody --config group=nobody Privileges are dropped at the earliest possible phase of starting the daemon. Things to note on privilege separation: * You generally have to be root to be able to perform this * File system permissions for +log/+ needs to be correct * Daemon-kit will only shed privileges on the +start+ command, not on +run+ * Make sure your code is secure if accepting stuff from the outside world * The daemon will continue to run if it failed, this is because the feature is experimental and could change in the future. * The damon logs the reduced privileges in the log file shortly after booting, please check it carefully The implementation stems from the advice given by Joe Damato on his blog post http://timetobleed.com/tag/privilege-escalation/ IMPORTANT NOTE FOR OSX USERS: Testing on my iBook with OSX 10.5.8 using Ruby 1.8.6-p287 failed to drop privileges correctly because of the 'nobody' user's UID being too large (Bignum), however testing with Ruby 1.9.1-p129 on OSX 10.5.8 did work as expected.