daemon-manager.conf - Master configuration file for Daemon Manager


# Example configuration file
user1: www-data
# user2 is allowed to launch daemons but only as itself
user3: nobody, www-data # Comments can go anywhere.
user4: @group1          # user4 can run as any user in group1
@group2: user1, @group3 # any user in group2 can run as user1
                        # or any user in group3
user1 : user2, user3 # whitespace is generally ignored
user3: user1
user3: user2            # user3 manages user1 & user2 (the rules accumulate)
@group1: user1, @group2 # Groups work here too.


This manual page describes the master config file for daemon-manager(1). This file controls which users can launch daemons and what users the daemons can be run as when they are launched. The file is loaded from /etc/daemon-manager/daemon-manager.conf. It is required to be owned by root and cannot be world or group writable.


The config file is a plain text file. Comments are stripped from lines before they are parsed. A comment starts with a "#" and continues to the end of a line. Blank lines are ignored.

The file consists of two sections designated by




The can_run_as section identifies which users are allowed to launch daemons. It looks like this:

bob: mary, bruce, rhonda

That line means that bob is allowed to start the demons in his home directory and have them run as bob, mary, bruce, or rhonda. Users are always allowed to launch daemons as themselves so there is no need to list them on the right hand side. If you only want to allow bob to launch daemons as himself then just list him on his own line in the can_run_as section:


A trailing ‘:’ is also acceptable:


The manages section allows the system administrator to appoint users that can start and stop daemons on behalf of other users. It has the same syntax as the can_run_as section:

larry: bob, martha

That line means that larry can start, stop, restart, and inspect bob or martha's daemons. He will not be able to see or control bruce's daemons, though.


If a name is prefixed by ‘@’ then the name is interpreted as a unix group name and acts as if the members of that group had been listed explicitly:

bob: @dev

is equivalent to this, if the group named dev has mary and bruce as members:

bob: mary, bruce

On the other hand, this:

@dev: bob

is equivalent to this, given the same constraints:

mary: bob
bruce: bob


If a user is referenced on the left hand side of the ‘:’ in more than one rule (including the case where the user is part of a ‘@group’ expansion), then the result is an accumulation of the rules:

bob: mary
bob: bruce
@dev: www-data

If dev has bob and bruce as members, then this is equivalent:

bob: mary, bruce, www-data
bruce: www-data


daemon-manager(1), daemon-manager.conf(5), dmctl(1)

Last Modified on: Mar 8, 2014 19:24pm