From nobody Sun Feb 15 11:18:49 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fDNhB4fSRz6SWRJ for ; Sun, 15 Feb 2026 11:18:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fDNhB2fgHz4Q9t for ; Sun, 15 Feb 2026 11:18:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1771154330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CTMoXHgJGiKo+34D557w60Kc4y662iRWcYN/7XgAxGE=; b=HXIkiKsaiuygEidR8/Xq1ZQ9hsb/xRhcW0fr9wZHGlSF1kSSdmcKVa1MPOp++wgaHMc+vE at3LZhip8m2qzkJ6s8YSeizDFjCOIKDdDyoDfnoV6a0V+Lfmj5wgRBmE8oFowxpeL0NJ6Q MTggLjAY0Cth6JnvndYzXIYhd4pliq9FDPFRJXmaPLeDBeeYrc/quxlz6ne5tvpg6mBPoP G8BEEmUCRg9vP4b9n0VdyI3q5ExbEUVkRQtlr5xRTgc8wHH82l0zT5RseqoO2PTBuz9PYZ x1VNrAdFwpzS4jTSzCZ3RnbTm//yM+Cycsf5QAgj+y8i/x0rL4tBCays7xwfCg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1771154330; a=rsa-sha256; cv=none; b=disjqgvpnob7RR5nUDa+xfg+6G8QNiiSJhL3vc4jv8AcMkM2AQHqPzhMZxd3zaGts4mzO+ +axeqc8KxkGZhLh4Y0dUf4NfrVCG7XWPly47Oic/ECwY6HOcYGLZqeiTV7gx9c7/qTEv92 RTX5IdOonxH8nUXk1kM47E/na13zQhsfdpCUGvY4m951Kp/KOKIzk3laUz3gGexykqK7Aq 2BrP4z71+MiOgCV4sQMWjCTQ+q8coth7VP4cnFC8R+9TUoTArh7In8diuYK52ETlhB0JJd 50rOyhQF83s2Fw9myluN2sb5yLSsq2/sgnx3ci3tL6x8O0/YTopZaZw3ebMgnQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1771154330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CTMoXHgJGiKo+34D557w60Kc4y662iRWcYN/7XgAxGE=; b=h/NY19caCS9FUEUiR4FtKYf6yWsYe+4Pkx3B/ClwNbvXVZpACC+Th9Q78c3+iZ0Xl7kBZe I+PiqlFURF7B+cDPnOdtiXd+Dd4LzyF0j8R3FxURNepWdKXkzHExtpdBpBqCB3gXbgaBtt z1/xeluDXJU1ILx+Pjcoop+AP8njqwVwCKCGCht0fgS4Uh9HBajP5xb1mqMlvojdkxd+0x 9Ddq1fTLrJ+z13bv4+4OiURDkO3PG9q5/+ZmQu1yMiM1xepuyioLDzu8xBUyjkdiDslkb2 SlJrSKfnu2VHufodk7K9dSA/XK6X5r1ak9LEnOimtSTM9eyF6VTRx5r7RAoYdg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fDNhB1Jp1zrHx for ; Sun, 15 Feb 2026 11:18:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3379d by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Sun, 15 Feb 2026 11:18:49 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Osipov Subject: git: cc35db95eb9e - stable/14 - daemon: Add option for output file mode List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: michaelo X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: cc35db95eb9ed1c62bb2eb7251e4c2ab67907d62 Auto-Submitted: auto-generated Date: Sun, 15 Feb 2026 11:18:49 +0000 Message-Id: <6991ab99.3379d.7918573e@gitrepo.freebsd.org> The branch stable/14 has been updated by michaelo: URL: https://cgit.FreeBSD.org/src/commit/?id=cc35db95eb9ed1c62bb2eb7251e4c2ab67907d62 commit cc35db95eb9ed1c62bb2eb7251e4c2ab67907d62 Author: Michael Osipov AuthorDate: 2026-01-28 18:49:26 +0000 Commit: Michael Osipov CommitDate: 2026-02-15 11:08:12 +0000 daemon: Add option for output file mode The daemon utility has always created its output file with a fixed mode of 0600. This causes issues for log collection setups where the collector does not run as root but instead relies on group access to the watched daemon’s log file. Introduce a new option that allows specifying the output file mode using install(1)-style semantics. This enables non-root log collectors to access the file as intended and improves compatibility with log rotation tools. Reviewed by: kevans MFC after: 1 week Relnotes: yes Differential Revision: https://reviews.freebsd.org/D54930 (cherry picked from commit a3b90a1f008365d9f62773998f89f9c872e2bed5) --- usr.sbin/daemon/daemon.8 | 17 +++++++++++++++-- usr.sbin/daemon/daemon.c | 28 +++++++++++++++++++++------- 2 files changed, 36 insertions(+), 9 deletions(-) diff --git a/usr.sbin/daemon/daemon.8 b/usr.sbin/daemon/daemon.8 index fce08bc90e62..a1a56de03d4a 100644 --- a/usr.sbin/daemon/daemon.8 +++ b/usr.sbin/daemon/daemon.8 @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 18, 2023 +.Dd January 28, 2026 .Dt DAEMON 8 .Os .Sh NAME @@ -98,10 +98,23 @@ or both This value specifies what is sent to syslog and the log file. The default is .Cm 3 . +.It Fl M , Fl -output-file-mode Ar mode +Specify the file +.Ar mode +to use when creating the +.Pa output_file . +The mode is interpreted using +.Xr chmod 1 +style semantics. +This option is useful when the daemonized process or external log +collectors require group or world access to the output file. +The default is +.Cm 0600 . .It Fl o , Fl -output-file Ar output_file Append output from the daemonized process to .Pa output_file . -If the file does not exist, it is created with permissions 0600. +If the file does not exist, it is created with the default file +.Ar mode . When this option is used together with options .Fl -change-dir and diff --git a/usr.sbin/daemon/daemon.c b/usr.sbin/daemon/daemon.c index 73524e3bd286..c83d9ed8f35c 100644 --- a/usr.sbin/daemon/daemon.c +++ b/usr.sbin/daemon/daemon.c @@ -86,13 +86,14 @@ struct daemon_state { int syslog_facility; int keep_fds_open; int output_fd; + mode_t output_file_mode; bool restart_enabled; bool syslog_enabled; bool log_reopen; }; static void restrict_process(const char *); -static int open_log(const char *); +static int open_log(const char *, mode_t); static void reopen_log(struct daemon_state *); static bool listen_child(int, struct daemon_state *); static int get_log_mapping(const char *, const CODE *); @@ -109,7 +110,7 @@ static int daemon_setup_kqueue(void); static int pidfile_truncate(struct pidfh *); -static const char shortopts[] = "+cfHSp:P:ru:o:s:l:t:m:R:T:h"; +static const char shortopts[] = "+cfHSp:P:ru:o:M:s:l:t:m:R:T:h"; static const struct option longopts[] = { { "change-dir", no_argument, NULL, 'c' }, @@ -117,6 +118,7 @@ static const struct option longopts[] = { { "sighup", no_argument, NULL, 'H' }, { "syslog", no_argument, NULL, 'S' }, { "output-file", required_argument, NULL, 'o' }, + { "output-file-mode", required_argument, NULL, 'M' }, { "output-mask", required_argument, NULL, 'm' }, { "child-pidfile", required_argument, NULL, 'p' }, { "supervisor-pidfile", required_argument, NULL, 'P' }, @@ -136,7 +138,7 @@ usage(int exitcode) { (void)fprintf(stderr, "usage: daemon [-cfHrS] [-p child_pidfile] [-P supervisor_pidfile]\n" - " [-u user] [-o output_file] [-t title]\n" + " [-u user] [-o output_file] [-M output_file_mode] [-t title]\n" " [-l syslog_facility] [-s syslog_priority]\n" " [-T syslog_tag] [-m output_mask] [-R restart_delay_secs]\n" "command arguments ...\n"); @@ -147,6 +149,7 @@ usage(int exitcode) " --sighup -H Close and re-open output file on SIGHUP\n" " --syslog -S Send output to syslog\n" " --output-file -o Append output of the child process to file\n" + " --output-file-mode -M Output file mode of the child process\n" " --output-mask -m What to send to syslog/file\n" " 1=stdout, 2=stderr, 3=both\n" " --child-pidfile -p Write PID of the child process to file\n" @@ -168,6 +171,7 @@ main(int argc, char *argv[]) { char *p = NULL; int ch = 0; + mode_t *set = NULL; struct daemon_state state; daemon_state_init(&state); @@ -229,6 +233,15 @@ main(int argc, char *argv[]) */ state.mode = MODE_SUPERVISE; break; + case 'M': + if ((set = setmode(optarg)) == NULL) { + errx(6, "unrecognized output file mode: %s", optarg); + } else { + state.output_file_mode = getmode(set, 0); + } + free(set); + set = NULL; + break; case 'p': state.child_pidfile = optarg; state.mode = MODE_SUPERVISE; @@ -293,7 +306,7 @@ main(int argc, char *argv[]) } if (state.output_filename) { - state.output_fd = open_log(state.output_filename); + state.output_fd = open_log(state.output_filename, state.output_file_mode); if (state.output_fd == -1) { err(7, "open"); } @@ -726,10 +739,10 @@ do_output(const unsigned char *buf, size_t len, struct daemon_state *state) } static int -open_log(const char *outfn) +open_log(const char *outfn, mode_t outfm) { - return open(outfn, O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC, 0600); + return open(outfn, O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC, outfm); } static void @@ -737,7 +750,7 @@ reopen_log(struct daemon_state *state) { int outfd; - outfd = open_log(state->output_filename); + outfd = open_log(state->output_filename, state->output_file_mode); if (state->output_fd >= 0) { close(state->output_fd); } @@ -771,6 +784,7 @@ daemon_state_init(struct daemon_state *state) .keep_fds_open = 1, .output_fd = -1, .output_filename = NULL, + .output_file_mode = 0600 }; }