|
Previous | Table of Contents | Next |
The most secretive, yet most productive, application or service on a Unix system is the daemon process. A daemon, pronounced demon, process is secretive because it runs in the background, and often does not indicate its presence in any significant way. Without it, most Unix systems would cease to function. Programmers write daemons to carry out a function with little or no intervention by users or system administrators. In fact, many daemons require no intervention at all!The services offered by daemon processes are important to understand, because the potential security violation may be through a program that masquarades as a daemon.
A daemon process is a process that is not associated with a user, but performs system-wide functions, such as administration and control, network services, execution of time-dependent activities, and print services. To qualify as a daemon process, several criteria must be met: the process must not be associated with a users terminal session; and it must continue after the user logs off.
From the rudimentary process management knowledge you have read about so far, you know that each process a user starts is terminated by the init program when the user exits. The init program is the most famous of all system daemons. This approach, illustrated in figure 2.1, allows for proper management of the process table.
Figure 2.1 The process life cycle.
Although daemon processes are almost completely invisible, they do provide some level of service to users. Daemon processes accept user requests and process them; they also respond to various events and conditions. They are often inactive, however, and are designed to be called into service only when required. By using a daemon instead of starting a new process for every instance, system load is reduced, and large programs that take time to get started will not slow down the user or the operation.
A daemon can be distinguished from other programs on the system by examining the process tablethe ps command displays this table. The distinguishing characteristic of a daemon is that the TTY column does not reflect the controlling terminal name. The following portion of the process table shows this difference:
nms# ps -aux | more USER PID %CPU %MEM SZ RSS TT STAT START TIME COMMAND root 257 7.9 0.0 12 8 ? S Aug 22 47:24 update root 1 0.0 0.0 52 0 ? IW Aug 22 0:02 /sbin/init - root 289 0.0 0.0 40 0 ? IW Aug 22 0:00 - sxp.9600 ttya (getty) root 79 0.0 0.0 16 0 ? I Aug 22 0:00 (biod) root 2 0.0 0.0 0 0 ? D Aug 22 0:00 pagedaemon root 51 0.0 0.0 68 0 ? IW Aug 22 0:25 portmap root 56 0.0 0.7 84 212 ? S Aug 22 1:15 ypserv root 288 0.0 0.0 40 0 co IW Aug 22 0:00 - cons8 console (getty) bin 58 0.0 0.0 36 0 ? IW Aug 22 0:00 ypbind root 0 0.0 0.0 0 0 ? D Aug 22 1:31 swapper root 60 0.0 0.0 40 0 ? IW Aug 22 0:00 rpc.ypupdated root 73 0.0 0.5 48 140 ? S Aug 22 1:01 in.routed root 76 0.0 0.4 216 128 ? S Aug 22 0:38 in.named root 120 0.0 0.0 28 0 ? I Aug 22 0:00 (nfsd) root 93 0.0 0.4 68 120 ? S Aug 22 1:14 syslogd root 101 0.0 0.0 160 0 ? IW Aug 22 0:02 /usr/lib/ sendmail -bd -q root 62 0.0 0.0 40 0 ? IW Aug 22 0:00 keyserv root 119 0.0 0.0 72 0 ? IW Aug 22 0:00 rpc.lockd
The daemon is the process with a question mark ? as the controlling terminal name. The controlling terminal is identified in the TT or TTY column of the ps output. Whenever this is found in a process entry, the process is a daemon. You can see that most of the processes in this part of the process table are in fact daemon processes.
Daemon processes usually do not accumulate very much CPU in the short run, unless they have a lot of processing to do when they start. It usually takes a tremendous amount of time for these daemon processes to equal the CPU requirements that many other processes accumulate in a minute or two.
The daemon processes shown in the ps output were likely started as part of the systems boot process. The files required to boot the system and start these daemons for the SunOS 4.1.3 and SunOS 4.1.4 systems are listed in table 2.1.
File Name | Daemon | Description |
---|---|---|
/etc/rc | update | Periodically updates the super block |
cron | Executes commands at specified dates and times | |
in.rwhod | System status server | |
inetd | Internet services daemon | |
lpd | Printer daemon | |
/etc/rc.local | portmap | TCP/IP port to RPC program number mapper |
ypserv | NIS server | |
ypxfrd | NIS transfer server | |
rpc.ypupdated | NIS update server | |
ypbind | NIS domain binding agent | |
keyserv | Server for storing public and private keys | |
in.routed | Network routing daemon | |
in.named | Internet domain name server | |
biod | Asynchronous block I/O daemons | |
syslogd | Logs system messages | |
auditd | Controls the generation and location of audit trail files | |
sendmail | Sends mail over the Internet | |
ndbootd | ND boot block server | |
nfsd | Client file system requests | |
rpc.mountd | NFS mount request server | |
rarpd | TCP/IP Reverse Address Resolution Protocol server | |
bootparamd | Boot parameter server | |
rpc.statd | Network status monitor | |
rpc.lockd | Network lock daemon | |
automount | Automatically mounts NFS file systems | |
snmpd | Daemon that respond s to SNMP requests | |
Previous | Table of Contents | Next |