|
|
| Previous | Table of Contents | Next |
The most secretive, yet most productive, application or service on a Unix system is the daemon process. A daemon, pronounced “demon,” process is secretive because it runs in the background, and often does not indicate its presence in any significant way. Without it, most Unix systems would cease to function. Programmers write daemons to carry out a function with little or no intervention by users or system administrators. In fact, many daemons require no intervention at all!The services offered by daemon processes are important to understand, because the potential security violation may be through a program that masquarades as a daemon.
A daemon process is a process that is not associated with a user, but performs system-wide functions, such as administration and control, network services, execution of time-dependent activities, and print services. To qualify as a daemon process, several criteria must be met: the process must not be associated with a user’s terminal session; and it must continue after the user logs off.
From the rudimentary process management knowledge you have read about so far, you know that each process a user starts is terminated by the init program when the user exits. The init program is the most famous of all system daemons. This approach, illustrated in figure 2.1, allows for proper management of the process table.
)
Figure 2.1 The process life cycle.
Although daemon processes are almost completely invisible, they do provide some level of service to users. Daemon processes accept user requests and process them; they also respond to various events and conditions. They are often inactive, however, and are designed to be called into service only when required. By using a daemon instead of starting a new process for every instance, system load is reduced, and large programs that take time to get started will not slow down the user or the operation.
A daemon can be distinguished from other programs on the system by examining the process table—the ps command displays this table. The distinguishing characteristic of a daemon is that the TTY column does not reflect the controlling terminal name. The following portion of the process table shows this difference:
nms# ps -aux | more
USER PID %CPU %MEM SZ RSS TT STAT START TIME COMMAND
root 257 7.9 0.0 12 8 ? S Aug 22 47:24 update
root 1 0.0 0.0 52 0 ? IW Aug 22 0:02 /sbin/init -
root 289 0.0 0.0 40 0 ? IW Aug 22 0:00 - sxp.9600
ttya (getty)
root 79 0.0 0.0 16 0 ? I Aug 22 0:00 (biod)
root 2 0.0 0.0 0 0 ? D Aug 22 0:00 pagedaemon
root 51 0.0 0.0 68 0 ? IW Aug 22 0:25 portmap
root 56 0.0 0.7 84 212 ? S Aug 22 1:15 ypserv
root 288 0.0 0.0 40 0 co IW Aug 22 0:00 - cons8
console
(getty)
bin 58 0.0 0.0 36 0 ? IW Aug 22 0:00 ypbind
root 0 0.0 0.0 0 0 ? D Aug 22 1:31 swapper
root 60 0.0 0.0 40 0 ? IW Aug 22 0:00 rpc.ypupdated
root 73 0.0 0.5 48 140 ? S Aug 22 1:01 in.routed
root 76 0.0 0.4 216 128 ? S Aug 22 0:38 in.named
root 120 0.0 0.0 28 0 ? I Aug 22 0:00 (nfsd)
root 93 0.0 0.4 68 120 ? S Aug 22 1:14 syslogd
root 101 0.0 0.0 160 0 ? IW Aug 22 0:02 /usr/lib/
sendmail
-bd -q
root 62 0.0 0.0 40 0 ? IW Aug 22 0:00 keyserv
root 119 0.0 0.0 72 0 ? IW Aug 22 0:00 rpc.lockd
The daemon is the process with a question mark “?” as the controlling terminal name. The controlling terminal is identified in the “TT” or “TTY” column of the ps output. Whenever this is found in a process entry, the process is a daemon. You can see that most of the processes in this part of the process table are in fact daemon processes.
Daemon processes usually do not accumulate very much CPU in the short run, unless they have a lot of processing to do when they start. It usually takes a tremendous amount of time for these daemon processes to equal the CPU requirements that many other processes accumulate in a minute or two.
The daemon processes shown in the ps output were likely started as part of the system’s boot process. The files required to boot the system and start these daemons for the SunOS 4.1.3 and SunOS 4.1.4 systems are listed in table 2.1.
| File Name | Daemon | Description |
|---|---|---|
| /etc/rc | update | Periodically updates the super block |
| cron | Executes commands at specified dates and times | |
| in.rwhod | System status server | |
| inetd | Internet services daemon | |
| lpd | Printer daemon | |
| /etc/rc.local | portmap | TCP/IP port to RPC program number mapper |
| ypserv | NIS server | |
| ypxfrd | NIS transfer server | |
| rpc.ypupdated | NIS update server | |
| ypbind | NIS domain binding agent | |
| keyserv | Server for storing public and private keys | |
| in.routed | Network routing daemon | |
| in.named | Internet domain name server | |
| biod | Asynchronous block I/O daemons | |
| syslogd | Logs system messages | |
| auditd | Controls the generation and location of audit trail files | |
| sendmail | Sends mail over the Internet | |
| ndbootd | ND boot block server | |
| nfsd | Client file system requests | |
| rpc.mountd | NFS mount request server | |
| rarpd | TCP/IP Reverse Address Resolution Protocol server | |
| bootparamd | Boot parameter server | |
| rpc.statd | Network status monitor | |
| rpc.lockd | Network lock daemon | |
| automount | Automatically mounts NFS file systems | |
| snmpd | Daemon that respond s to SNMP requests | |
| Previous | Table of Contents | Next |