Browse Definitions :
Definition

daemon

What is a daemon?

In computing, a daemon (pronounced DEE-muhn) is a program that runs continuously as a background process and wakes up to handle periodic service requests, which often come from remote processes. The daemon program is alerted to the request by the operating system (OS), and it either responds to the request itself or forwards the request to another program or process as appropriate.

Common daemon processes include print spoolers, email handlers and other programs that manage administrative tasks. Many Unix or Linux utility programs run as daemons. For example, on Linux, the Network Time Protocol (NTP) daemon is used to measure time differences between the clock on the computer it runs on and those of all other computers on the network. A time daemon runs on each of the host computers, with one being designated as primary and all others as secondary. Secondary daemons reset the network time on their host computer by first sending a request to the primary time daemon to find out the correct network time.

A daemon plays the role of a server in a client-server model.

What role do daemons play in web services?

One of the most obvious examples of a daemon is the Hypertext Transfer Protocol daemon (HTTPd), which runs on every web server, continually waiting in dormant mode until requests come in from web clients and their users. Earlier versions of HTTP daemons would spawn a new process to handle each request. The new process, a replica of the daemon, would fetch the requested content and return it to the requesting client. Then, the new process would die.

By spawning a new process, the original process could go back to dormant mode to wait for other requests. This approach was used to prevent the original process from getting too busy to service new requests, as a daemon that handles all requests by itself would make a system more vulnerable to hackers. Denial-of-service attacks are often based on the strategy of keeping a daemon too busy to handle incoming requests.

More modern HTTP daemons, such as Apache, handle requests using threads instead of spawning new processes. Threads, which came into common use well after the first generation of HTTP daemons were implemented and deployed, enable different parts of the same process to run in parallel. The main part of a daemon can wait for new requests, while other threads handle older requests. Threads require less overhead than spawning a new process, which takes time to accomplish, and the new process needs memory to run.

A third approach is exemplified by the Nginx HTTP daemon, which is based on an event-driven architecture operating in a single thread. Requests are handed off to worker processes, which constantly run in the background -- that is, they aren't spawned just to handle a request only to die off immediately afterward. The administrator determines how many worker processes to create.

What kind of operating systems do daemons require?

Since daemons require special services from the OS, they behave slightly differently from one operating system to another. The first daemons were run on the Unix OS and were designed around the features of Unix.

Daemons are started on the Unix command line or in a startup file; these files contain script that is executed when the system is booted or on some other event, such as user login or when a new shell script is spawned. They then run in the background and wait for a signal from the OS to wake up and go into action.

Daemons can only run on multitasking OSes. They were implemented in Microsoft Windows, starting with the NT version, and are often referred to as Windows services instead of daemons.

What are examples of daemons?

Daemons respond to alerts from the OS upon some external event, such as the arrival of a message on the network. For messages coming from the network, the TCP/IP module on the host computer looks up the port number of the message and sends an alert to the daemon assigned to that port number. For example, port number 80 is assigned to HTTP, so when a message with that port number is received, the TCP/IP stack built into the OS sends a signal to the HTTPd.

Any system based on Unix or on a variant of Unix runs several daemons, the names of which typically end with the letter d. The following are some examples of daemons:

  • init. This is the first daemon to start up when Unix boots, and it spawns all other processes.
  • inetd. This super-daemon listens for internet requests on a designated port number and spawns the appropriate server program to handle them. Services handled by inetd include rlogin, telnet, ftp, talk and finger.
  • crond. This daemon executes scheduled commands.
  • dhcpd. This daemon provides Dynamic Host Configuration Protocol services.
  • fingerd. This daemon is often started by inetd to respond to the finger command.
  • ftpd. This daemon is often started by inetd to handle File Transfer Protocol requests.
  • httpd. This daemon acts as a web server.
  • lpd. This daemon provides Line Printer Protocol requests.
  • named. This daemon provides Domain Name Protocol services.
  • nfsd. This daemon provides Network File System services.
  • ntpd. This daemon provides NTP services, either as primary or secondary.
  • portmap/rpcbind. This daemon converts Remote Procedure Call program numbers into internet port numbers.
  • sshd. This daemon provides Secure Shell services.
  • sendmail. This Simple Main Transfer Protocol or Mailer daemon handles incoming email messages.
  • swapper. This kernel daemon moves whole processes between main memory and secondary storage as part of virtual memory management.
  • syslogd. This daemon handles logging requests from the OS kernel, other processes on the same machine and other processes on remote machines.
  • syncd. This daemon synchronizes files on different servers.
  • systemd. This daemon replaces init on Linux systems.
  • vhand. This daemon selects pages that haven't been recently referenced and that can be swapped out of main memory into secondary storage if necessary.
  • ypbind. This daemon binds processes on a Network Information Service client to services on an NIS server.

History of daemons

The term daemon was coined by programmers at Massachusetts Institute of Technology's Project MAC (Mathematics and Computation) in 1963, inspired by Maxwell's demon, an imaginary agent in physics and thermodynamics. In a thought experiment devised by James Clerk Maxwell in 1867, a demon would control a small massless door between two chambers of gas, forcing fast-moving molecules to pass through in one direction and slow-moving molecules to pass in the other direction. In Greek mythology, a daemon was considered a supernatural being or power.

The MIT programmers thought demon would be an appropriate name for a background process that worked tirelessly to perform system chores. But instead of using the term demon, they used daemon, which is an older form of the word.

An acronym was back fitted once the concept came into common use. So, in some circles, daemon has come to stand for disk and execution monitor.

Learn how IT administrators can use Docker in rootless mode to run common containers, avoiding the potential for a privileged attack.

This was last updated in August 2022

Continue Reading About daemon

Networking
  • network interface card (NIC)

    A network interface card (NIC) is a hardware component, typically a circuit board or chip, installed on a computer so it can ...

  • User Datagram Protocol (UDP)

    User Datagram Protocol (UDP) is a communications protocol primarily used to establish low-latency and loss-tolerating connections...

  • Telnet

    Telnet is a network protocol used to virtually access a computer and provide a two-way, collaborative and text-based ...

Security
  • advanced persistent threat (APT)

    An advanced persistent threat (APT) is a prolonged and targeted cyber attack in which an intruder gains access to a network and ...

  • Mitre ATT&CK framework

    The Mitre ATT&CK (pronounced miter attack) framework is a free, globally accessible knowledge base that describes the latest ...

  • timing attack

    A timing attack is a type of side-channel attack that exploits the amount of time a computer process runs to gain knowledge about...

CIO
HRSoftware
  • employee resource group (ERG)

    An employee resource group is a workplace club or more formally realized affinity group organized around a shared interest or ...

  • employee training and development

    Employee training and development is a set of activities and programs designed to enhance the knowledge, skills and abilities of ...

  • employee sentiment analysis

    Employee sentiment analysis is the use of natural language processing and other AI techniques to automatically analyze employee ...

Customer Experience
  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

  • customer insight (consumer insight)

    Customer insight, also known as consumer insight, is the understanding and interpretation of customer data, behaviors and ...

  • buyer persona

    A buyer persona is a composite representation of a specific type of customer in a market segment.

Close