daemon(1) writes PID files as 0600

[Dan Mahoney (ports)]

Hey folks,

Lots of startup scripts write PID files as 644 or 755, but for whatever reason, the PID files created by daemon(1)

The source code (/usr/src/usr.sbin/daemon.c) seems to call pidfile_write, but doesn't supply any mask info that I can see.

Is there a way to override this? We'd like service(1) to be able to run status commands as a nonroot user.

-Dan

[Karl Vogel]

>> On Sun 08 Mar 2026 at 16:54:44 (-0400), Dan Mahoney (ports) wrote:

> The source code (/usr/src/usr.sbin/daemon.c) seems to call
> pidfile_write, but doesn't supply any mask info that I can see.
> Is there a way to override this? We'd like service(1) to be able
> to run status commands as a nonroot user.

It looks like the mode is hard-coded:

me% grep -n -C2 pidfile_open daemon.c
399-
400- if (pidfile) {
401: *pfh = pidfile_open(pidfile, 0600, &fpid);
402- if (*pfh == NULL) {
403- if (errno == EEXIST) {
--
410- /* Do the same for the actual daemon process. */
411- if (ppidfile) {
412: *ppfh = pidfile_open(ppidfile, 0600, &fpid);
413- if (*ppfh == NULL) {
414- serrno = errno;

It looks like your choices are:

* change daemon.c
* install daemonize from ports
* run service using sudo or doas

Unfortunately, daemonize doesn't clean up after itself like daemon does;
the pid file sticks around.

--
Karl Vogel I don't speak for anyone but myself

Q: But my code compiles and my detailed report is grammatically correct!
A: So is a well-formatted ransom note.
--BOFH RFC 406i Rejection of Artificially Generated Slop (RAGS)

[Michael Osipov]

Dan,

I have recently your exact request for the output file:
https://github.com/freebsd/freebsd-src/commit/a3b90a1f008365d9f62773998f89f9c872e2bed5

One can copy the approach for the PID files as well.

Michael