daemon-manager.conf - Master configuration file for Daemon Manager
# Example configuration file [can_run_as] user1: www-data # user2 is allowed to launch daemons but only as itself user2 user3: nobody, www-data # Comments can go anywhere. user4: @group1 # user4 can run as any user in group1 @group2: user1, @group3 # any user in group2 can run as user1 # or any user in group3
[manages] user1 : user2, user3 # whitespace is generally ignored user3: user1 user3: user2 # user3 manages user1 & user2 (the rules accumulate) @group1: user1, @group2 # Groups work here too.
This manual page describes the master config file for daemon-manager(1). This file controls which users can launch daemons and what users the daemons can be run as when they are launched. The file is loaded from /etc/daemon-manager/daemon-manager.conf. It is required to be owned by root and cannot be world or group writable.
The config file is a plain text file. Comments are stripped from lines before they are parsed. A comment starts with a "#" and continues to the end of a line. Blank lines are ignored.
The file consists of two sections designated by
The can_run_as section identifies which users are allowed to launch daemons. It looks like this:
bob: mary, bruce, rhonda
That line means that bob is allowed to start the demons in his home directory and have them run as bob, mary, bruce, or rhonda. Users are always allowed to launch daemons as themselves so there is no need to list them on the right hand side. If you only want to allow bob to launch daemons as himself then just list him on his own line in the can_run_as section:
A trailing ‘:’ is also acceptable:
The manages section allows the system administrator to appoint users that can start and stop daemons on behalf of other users. It has the same syntax as the can_run_as section:
larry: bob, martha
That line means that larry can start, stop, restart, and inspect bob or martha's daemons. He will not be able to see or control bruce's daemons, though.
If a name is prefixed by ‘@’ then the name is interpreted as a unix group name and acts as if the members of that group had been listed explicitly:
is equivalent to this, if the group named dev has mary and bruce as members:
bob: mary, bruce
On the other hand, this:
is equivalent to this, given the same constraints:
mary: bob bruce: bob
If a user is referenced on the left hand side of the ‘:’ in more than one rule (including the case where the user is part of a ‘@group’ expansion), then the result is an accumulation of the rules:
bob: mary bob: bruce @dev: www-data
If dev has bob and bruce as members, then this is equivalent:
bob: mary, bruce, www-data bruce: www-data
daemon-manager(1), daemon-manager.conf(5), dmctl(1)