Mastering Linux Daemon Processes: Logging, Users, and Resource Limits

Beyond network communication, Linux server programs must handle many routine details such as daemonization, logging, user permissions, configuration, PID files, and resource limits.

1. Linux System Logs

Linux provides syslogd and its upgraded version rsyslogd to handle system logs.

rsyslogd can receive logs from user processes and the kernel.

User processes generate logs via the syslog function, which writes to the Unix domain socket /dev/log that rsyslogd monitors.

The kernel logs are written to a circular buffer accessible via /proc/kmsg and are read by rsyslogd.

Default log files include /var/log/debug, /var/log/messages, and /var/log/kern.log; configuration resides in /etc/rsyslog.conf.

2. syslog()

Applications use syslog() to communicate with rsyslogd. The function accepts variable arguments to structure the output, including a priority composed of a facility (default LOG_USER) and a severity level.

Additional functions allow changing the default output format, setting a log mask to filter messages, and closing the logging facility.

3. User Information (UID, EUID, GID, EGID)

Server security relies on proper user IDs. Processes have real and effective IDs (UID/EUID, GID/EGID) to control resource access; the effective IDs determine the privileges of a running process.

4. Switching Users

Techniques for changing the effective user of a process are demonstrated, typically involving setuid binaries.

5. Process Relationships

Each Linux process belongs to a process group (PGID) and may be part of a session (SID). Functions exist to retrieve and set PGIDs and to create new sessions, with restrictions on which processes may invoke them.

The ps command can display the relationships among processes, groups, and sessions.

6. System Resource Limits

Programs are constrained by limits on CPU time, memory, file sizes, etc. The getrlimit and setrlimit functions read and modify these limits, using the rlimit structure with rlim_cur (soft limit) and rlim_max (hard limit).

7. Changing Working Directory and Root Directory

Functions getcwd and chdir retrieve and change the current working directory, while chroot changes the process's root directory. After chroot, a subsequent chdir("/") is required to move into the new root.

8. Daemonizing a Process

To run a process as a daemon, follow a series of steps such as forking, creating a new session, changing the working directory, and redirecting standard file descriptors. Linux also provides library functions that perform these steps automatically.