Linux-守护进程的实现

时间:2021-04-11 19:08:08

Some basic rules to coding a daemon prevent unwanted interactions from happening. We state these rules and then show a function, daemonize, that implements them.

编写一个没有交互功能的守护进程是有一定的步骤的。我们列出相关的步骤,并且给出一个函数daemonize,用于展示。

1.    The first thing to do is call umask to set the file mode creation mask to 0. The file mode creation mask that's inherited could be set to deny certain permissions. If the daemon process is going to create files, it may want to set specific permissions. For example, if it specifically creates files with group-read and group-write enabled, a file mode creation mask that turns off either of these permissions would undo its efforts.

第一步是使用umask函数,把所有的文件屏蔽字置0。文件屏蔽字是可以继承的,当你有相关操作时,如果你要创建一个文件,继承过来的屏蔽字可能阻止你创建相关属性的文件。比如:如果你明确的创建一个文件为组可读,组可写。如果你没有把屏蔽字清零,那么继承过来的屏蔽字可能不允许你添加这两个属性。

2.    Call fork and have the parent exit. This does several things. First, if the daemon was started as a simple shell command, having the parent terminate makes the shell think that the command is done. Second, the child inherits the process group ID of the parent but gets a new process ID, so we're guaranteed that the child is not a process group leader. This is a prerequisite for the call to setsid that is done next.

第二步,创建一个子进程,并且令父进程退出。这样做有以下几个好处:一,如果守护进程是一个简单的shell命令启动的,那么父进程的终止可以使shell认为这个命令已经执行结束了。二,子进程继承了父进程的组ID,但又有自己的进程ID,所以我们可以保证目前的子进程不是进程组长。这一步也是我们接下来要用到的setid函数之前的必要条件。

3.    Call setsid to create a new session. The three steps listed in Section 9.5 occur. The process (a) becomes a session leader of a new session, (b) becomes the process group leader of a new process group, and (c) has no controlling terminal.

Under System Vbased systems, some people recommend calling fork again at this point and having the parent terminate. The second child continues as the daemon. This guarantees that the daemon is not a session leader, which prevents it from acquiring a controlling terminal under the System V rules (Section 9.6). Alternatively, to avoid acquiring a controlling terminal, be sure to specify O_NOCTTY whenever opening a terminal device.

使用setsid函数创建一个新的对会话。这样做可以分三个步骤(第一步:把冰箱门打开………):首先,该进程变为一个新的会话组的会话头。其次,成为了新的进程组的组长。最后该进程不再控制终端。

在system V 下,一些人建议在此时重新fork一次,并且令父进程退出。第二个子进程仍然是一个守护进程。这样做可以保证当前进程不是一个会话组的组长,这样就可以防止他获得控制终端的能力。作为选择,为了防止获得终端的控制权,确定打开终端驱动时明确设置O_NOCTTY。

4.    Change the current working directory to the root directory. The current working directory inherited from the parent could be on a mounted file system. Since daemons normally exist until the system is rebooted, if the daemon stays on a mounted file system, that file system cannot be unmounted.

把当前工作目录变为根目录。当前的工作目录是继承父进程的。守护进程是一直存在的,除非你重启计算机。如果你的守护进程是挂载到文件系统上的,那这个文件系统就不能卸载掉。

Alternatively, some daemons might change the current working directory to some specific location, where they will do all their work. For example, line printer spooling daemons often change to their spool directory.

可以根据你的选择,一些守护进程也许把当前目录改变到一些特殊的目录下,同样也能完成所有工作。

5.    Unneeded file descriptors should be closed. This prevents the daemon from holding open any descriptors that it may have inherited from its parent (which could be a shell or some other process). We can use our open_max function (Figure 2.16) or the getrlimit function (Section 7.11) to determine the highest descriptor and close all descriptors up to that value.

不需要的文件描述符应当关掉。这样可以防止守护进程持有从父进程继承过来的文件描述符。我们可以获取最大的文件描述符,或者使用getrlimit函数来决定最大的文件描述符的值。并且全部关闭。

6.    Some daemons open file descriptors 0, 1, and 2 to /dev/null so that any library routines that try to read from standard input or write to standard output or standard error will have no effect. Since the daemon is not associated with a terminal device, there is nowhere for output to be displayed; nor is there anywhere to receive input from an interactive user. Even if the daemon was started from an interactive session, the daemon runs in the background, and the login session can terminate without affecting the daemon. If other users log in on the same terminal device, we wouldn't want output from the daemon showing up on the terminal, and the users wouldn't expect their input to be read by the daemon.

一些守护进程把0,1,2这三个文件描述符指向/dev/null,这样的话,当库函数试图通过标准输入输出,标准错误时是没有效果的。当一个守护进程脱离了终端时,就没有地方打印信息;也没有地方接收来自用户的交互式输入。甚至当一个守护进程从一个交互式的会话开始,守护进程在后台运行,登陆会话关闭也不会影响到守护进程。如果其他用户用同样的终端登陆,我们不用设想从守护进程打印信息到终端,也别指望用户读取守护进程。