First of all, it's daemon not demon.
- demon is an evil spirit
- daemon is an attendant spirit (between human and god)
How to see them? LEARN YOUR LOCAL "ps" COMMAND!
- BSD-style: "ps auxw" (SunOS 4.1.x, Linux, AIX)
- SysV-style: "ps -elf" (SunOS 5.x, IRIX, AIX, HP-UX)
- man ps to learn more
Daemon characteristics
A daemon is a UNIX process that is not associated with a terminal and that runs in the background. Note that these general characteristics are similiar to a Windows NT/2000 service.
Why have daemons & services?
- Modularity - don't want to have to recompile the kernel to modify services.
- UNIX Kernel size - want to keep the kernel small.
- robustness - don't want the kernel to crash when a lowly daemon dies (say lpd) however, the death of some "kernel" daemons will generally kill the system.
Kernel and user daemons
Some daemons execute in kernel mode (pagedaemon and swapper are examples); the rest execute in user mode.
All UNIX processes have a unique process ID (PID).
A system is usually defined by the types of daemons or services that are running on the machine in the background. Here is a brief sketch of many of the more popular UNIX-based daemons, but beware this list is by no means complete.
BSD swapper (PID 0) daemon
The swapper is a kernel daemon. Swapper moves whole processes between main memory and secondary storage (swapping out and swapping in) as part of the operating system's virtual memory system.
SA RELEVANCE: The swapper is the first process to start after the kernel is loaded. If the machine crashes immediately after the kernel is loaded then you may not have your swap space configured correctly.
The swapper is described as a separate kernel process in other non-BSD UNIXes. It appears in the Linux process table as kswapd (its PID varies). It does appear on AIX, HP-UX, IRIX; for example it appears in the Solaris process table as sched (the SysV swapper is sometimes called the scheduler because it 'schedules' the allocation of memory and thus influences the CPU scheduler).
BSD pagedaemon (PID 2)
The second process created by the kernel is the pagedaemon. The pagedaemon is a kernel process originated with BSD systems (demand paging was initially a BSD feature) which was adopted by AT&T. The pageout process (PID 2) in Solaris provides the same function with a different name. In Linux this process is called kpiod.
SA RELEVANCE: This is all automatic - not much for the SA to do, except monitor system behavior to make sure the system isn't thrashing, meaning the operating system is busy swapping pages in and out the cache or the microprocessor. Thrashing results in page faults.
init (PID 1) daemon
The first user process (user == root) started by the kernel. All other processes are children of init. Depending on the boot parameters init either:
- spawns a single-user shell at the console
- begins the multi-user start-up scripts (which are, unfortunately, not standardized across UNIX systems).
update daemon
The update daemon executes the sync() system call every 30 seconds or so. The sync() system call flushes the system buffer cache; it is needed because UNIX uses delayed write when buffering file I/O to and from disk.
SA RELEVANCE: Don't just turn off a UNIX machine without flushing the buffer cache! It is better to halt the system using /etc/shutdown or halt; these commands attempt to put the system in a quiescent state (including calling sync()).
The update daemon goes by other names on other UNIXes (see bdflush and kupdate in Linux and fsflush in Solaris).
inetd
Even though well-written daemons consume little CPU time they do take up virtual memory and process table entries. Years ago, as people created new services, the idea of a super-daemon was created to manage the class of network daemons. Many network servers are mediated by the inetd daemon at connect time.
Inetd listens for requests for connections on behalf of the various network services and then starts the appropriate daemon, handing off the network connection pointers to the daemon.. Some examples are: rlogin, telnet, ftp, talk, finger, etc. The configuration file that tells the inetd which servers to manage is /etc/inetd.conf.
/etc/services
This file maps TCP and UDP protocol server names to port numbers.
/etc/inetd.conf
A popular replacement to inetd is xinetd, which combines standard inetd functions with other useful features, such as logging and access control. The configuration file structure is also different; /etc/xinetd.conf is used to modify general behavior of the daemon and the directory /etc/xinetd.d contains separate files per service.
SA RELEVANCE: When installing new software packages you may have to modify /etc/inetd.conf and/or /etc/services. A hangup signal will get the inetd to re-read its config file ("kill -HUP pid").
portmap
Portmap maps Sun Remote Procedure Call (RPC) services to ports (/etc/rpc). Sun RPC is a backbone protocol used by other services, such as NFS and NIS. RPC servers register with this daemon and RPC clients get the port number for a service from the daemon. You can get a lot of information using 'rpcinfo'. For example, rpcinfo -p will list the RPC services on the local machine, then you can see which other machines on the same local network provide the same services. Try: rpcinfo -b ypbind 1. On Solaris, portmap is named rpcbind.
SA RELEVANCE: Other daemons may fail if portmap isn't running. Most UNIXes these days automatically start up portmap after installation, so it's usually not a problem.
syslogd
Syslogd is a daemon whose function is to handle logging requests from
- the kernel
- other user processes (daemons)
- processes on other machines (across the net)
A process can make a logging request to the syslogd by using the function syslog(). Syslogd determines what to do with logging requests according to the configuration file /etc/syslog.conf.
SA RELEVANCE: For a single UNIX machine, the default syslog.conf will suffice. You should at least read the file and figure out where the most common error messages end up (/var/adm/messages or /var/log/messages are typical default locations). If you are going to manage a number of UNIX machines, consider learning how to modify syslog.conf on the machines so all the syslog messages are routed to a single "LOGHOST".
You can see the processes running under Windows via the Task Manager -- Press CTRL-ALT-DEL, select Task Manager, or just press CTRL-SHIFT-ESC.
You can see/end/modify/switch/create applications, see/end processes, and view CPU/memory performance.
A nice feature of the Processes display is the ability to sort on any column by clicking on the column header (the sort toggles from ascending/descending).
You can also view the lists of services through the Control panel "Services" icon. The Services applet is roughly equivalent to managing inetd through /etc/inetd.conf.
An extensive list of Windows 2003 services can be found in your Windows book.