Browse Definitions :


What is a daemon?

In computing, a daemon (pronounced DEE-muhn) is a program that runs continuously as a background process and wakes up to handle periodic service requests, which often come from remote processes. The daemon program is alerted to the request by the operating system (OS), and it either responds to the request itself or forwards the request to another program or process as appropriate.

Common daemon processes include print spoolers, email handlers and other programs that manage administrative tasks. Many Unix or Linux utility programs run as daemons. For example, on Linux, the Network Time Protocol (NTP) daemon is used to measure time differences between the clock on the computer it runs on and those of all other computers on the network. A time daemon runs on each of the host computers, with one being designated as primary and all others as secondary. Secondary daemons reset the network time on their host computer by first sending a request to the primary time daemon to find out the correct network time.

A daemon plays the role of a server in a client-server model.

What role do daemons play in web services?

One of the most obvious examples of a daemon is the Hypertext Transfer Protocol daemon (HTTPd), which runs on every web server, continually waiting in dormant mode until requests come in from web clients and their users. Earlier versions of HTTP daemons would spawn a new process to handle each request. The new process, a replica of the daemon, would fetch the requested content and return it to the requesting client. Then, the new process would die.

By spawning a new process, the original process could go back to dormant mode to wait for other requests. This approach was used to prevent the original process from getting too busy to service new requests, as a daemon that handles all requests by itself would make a system more vulnerable to hackers. Denial-of-service attacks are often based on the strategy of keeping a daemon too busy to handle incoming requests.

More modern HTTP daemons, such as Apache, handle requests using threads instead of spawning new processes. Threads, which came into common use well after the first generation of HTTP daemons were implemented and deployed, enable different parts of the same process to run in parallel. The main part of a daemon can wait for new requests, while other threads handle older requests. Threads require less overhead than spawning a new process, which takes time to accomplish, and the new process needs memory to run.

A third approach is exemplified by the Nginx HTTP daemon, which is based on an event-driven architecture operating in a single thread. Requests are handed off to worker processes, which constantly run in the background -- that is, they aren't spawned just to handle a request only to die off immediately afterward. The administrator determines how many worker processes to create.

What kind of operating systems do daemons require?

Since daemons require special services from the OS, they behave slightly differently from one operating system to another. The first daemons were run on the Unix OS and were designed around the features of Unix.

Daemons are started on the Unix command line or in a startup file; these files contain script that is executed when the system is booted or on some other event, such as user login or when a new shell script is spawned. They then run in the background and wait for a signal from the OS to wake up and go into action.

Daemons can only run on Multitasking OSes. They were implemented in Microsoft Windows, starting with the NT version, and are often referred to as Windows services instead of daemons.

What are examples of daemons?

Daemons respond to alerts from the OS upon some external event, such as the arrival of a message on the network. For messages coming from the network, the TCP/IP module on the host computer looks up the port number of the message and sends an alert to the daemon assigned to that port number. For example, port number 80 is assigned to HTTP, so when a message with that port number is received, the TCP/IP stack built into the OS sends a signal to the HTTPd.

Any system based on Unix or on a variant of Unix runs several daemons, the names of which typically end with the letter d. The following are some examples of daemons:

  • init. This is the first daemon to start up when Unix boots, and it spawns all other processes.
  • inetd. This super-daemon listens for internet requests on a designated port number and spawns the appropriate server program to handle them. Services handled by inetd include rlogin, telnet, ftp, talk and finger.
  • crond. This daemon executes scheduled commands.
  • dhcpd. This daemon provides Dynamic Host Configuration Protocol services.
  • fingerd. This daemon is often started by inetd to respond to the finger command.
  • ftpd. This daemon is often started by inetd to handle File Transfer Protocol requests.
  • httpd. This daemon acts as a web server.
  • lpd. This daemon provides Line Printer Protocol requests.
  • named. This daemon provides Domain Name Protocol services.
  • nfsd. This daemon provides Network File System services.
  • ntpd. This daemon provides NTP services, either as primary or secondary.
  • portmap/rpcbind. This daemon converts Remote Procedure Call program numbers into internet port numbers.
  • sshd. This daemon provides Secure Shell services.
  • sendmail. This Simple Main Transfer Protocol or Mailer daemon handles incoming email messages.
  • swapper. This kernel daemon moves whole processes between main memory and secondary storage as part of virtual memory management.
  • syslogd. This daemon handles logging requests from the OS kernel, other processes on the same machine and other processes on remote machines.
  • syncd. This daemon synchronizes files on different servers.
  • systemd. This daemon replaces init on Linux systems.
  • vhand. This daemon selects pages that haven't been recently referenced and that can be swapped out of main memory into secondary storage if necessary.
  • ypbind. This daemon binds processes on a Network Information Service client to services on an NIS server.

History of daemons

The term daemon was coined by programmers at Massachusetts Institute of Technology's Project MAC (Mathematics and Computation) in 1963, inspired by Maxwell's demon, an imaginary agent in physics and thermodynamics. In a thought experiment devised by James Clerk Maxwell in 1867, a demon would control a small massless door between two chambers of gas, forcing fast-moving molecules to pass through in one direction and slow-moving molecules to pass in the other direction. In Greek mythology, a daemon was considered a supernatural being or power.

The MIT programmers thought demon would be an appropriate name for a background process that worked tirelessly to perform system chores. But instead of using the term demon, they used daemon, which is an older form of the word.

An acronym was back fitted once the concept came into common use. So, in some circles, daemon has come to stand for disk and execution monitor.

Learn how IT administrators can use Docker in rootless mode to run common containers, avoiding the potential for a privileged attack.

This was last updated in August 2022

Continue Reading About daemon

  • What is wavelength?

    Wavelength is the distance between identical points, or adjacent crests, in the adjacent cycles of a waveform signal propagated ...

  • subnet (subnetwork)

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

  • What is exposure management?

    Exposure management is a cybersecurity approach to protecting exploitable IT assets.

  • intrusion detection system (IDS)

    An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is ...

  • cyber attack

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the ...

  • What is a startup company?

    A startup company is a newly formed business with particular momentum behind it based on perceived demand for its product or ...

  • What is a CEO (chief executive officer)?

    A chief executive officer (CEO) is the highest-ranking position in an organization and responsible for implementing plans and ...

  • What is labor arbitrage?

    Labor arbitrage is the practice of searching for and then using the lowest-cost workforce to produce products or goods.

  • organizational network analysis (ONA)

    Organizational network analysis (ONA) is a quantitative method for modeling and analyzing how communications, information, ...

  • HireVue

    HireVue is an enterprise video interviewing technology provider of a platform that lets recruiters and hiring managers screen ...

  • Human Resource Certification Institute (HRCI)

    Human Resource Certification Institute (HRCI) is a U.S.-based credentialing organization offering certifications to HR ...

Customer Experience