Definition

daemon

Pat Brans
By
  • Pat Brans, Pat Brans Associates/Grenoble Ecole de Management

What is a daemon?

In computing, a daemon (pronounced DEE-muhn) is a program that runs continuously as a background process and wakes up to handle periodic service requests, which often come from remote processes. The daemon program is alerted to the request by the operating system (OS), and it either responds to the request itself or forwards the request to another program or process as appropriate.

Common daemon processes include print spoolers, email handlers and other programs that manage administrative tasks. Many Unix or Linux utility programs run as daemons. For example, on Linux, the Network Time Protocol (NTP) daemon is used to measure time differences between the clock on the computer it runs on and those of all other computers on the network. A time daemon runs on each of the host computers, with one being designated as primary and all others as secondary. Secondary daemons reset the network time on their host computer by first sending a request to the primary time daemon to find out the correct network time.

A daemon plays the role of a server in a client-server model.

What role do daemons play in web services?

One of the most obvious examples of a daemon is the Hypertext Transfer Protocol daemon (HTTPd), which runs on every web server, continually waiting in dormant mode until requests come in from web clients and their users. Earlier versions of HTTP daemons would spawn a new process to handle each request. The new process, a replica of the daemon, would fetch the requested content and return it to the requesting client. Then, the new process would die.

By spawning a new process, the original process could go back to dormant mode to wait for other requests. This approach was used to prevent the original process from getting too busy to service new requests, as a daemon that handles all requests by itself would make a system more vulnerable to hackers. Denial-of-service attacks are often based on the strategy of keeping a daemon too busy to handle incoming requests.

More modern HTTP daemons, such as Apache, handle requests using threads instead of spawning new processes. Threads, which came into common use well after the first generation of HTTP daemons were implemented and deployed, enable different parts of the same process to run in parallel. The main part of a daemon can wait for new requests, while other threads handle older requests. Threads require less overhead than spawning a new process, which takes time to accomplish, and the new process needs memory to run.

A third approach is exemplified by the Nginx HTTP daemon, which is based on an event-driven architecture operating in a single thread. Requests are handed off to worker processes, which constantly run in the background -- that is, they aren't spawned just to handle a request only to die off immediately afterward. The administrator determines how many worker processes to create.

What kind of operating systems do daemons require?

Since daemons require special services from the OS, they behave slightly differently from one operating system to another. The first daemons were run on the Unix OS and were designed around the features of Unix.

Daemons are started on the Unix command line or in a startup file; these files contain script that is executed when the system is booted or on some other event, such as user login or when a new shell script is spawned. They then run in the background and wait for a signal from the OS to wake up and go into action.

Daemons can only run on Multitasking OSes. They were implemented in Microsoft Windows, starting with the NT version, and are often referred to as Windows services instead of daemons.

What are examples of daemons?

Daemons respond to alerts from the OS upon some external event, such as the arrival of a message on the network. For messages coming from the network, the TCP/IP module on the host computer looks up the port number of the message and sends an alert to the daemon assigned to that port number. For example, port number 80 is assigned to HTTP, so when a message with that port number is received, the TCP/IP stack built into the OS sends a signal to the HTTPd.

Any system based on Unix or on a variant of Unix runs several daemons, the names of which typically end with the letter d. The following are some examples of daemons:

  • init. This is the first daemon to start up when Unix boots, and it spawns all other processes.
  • inetd. This super-daemon listens for internet requests on a designated port number and spawns the appropriate server program to handle them. Services handled by inetd include rlogin, telnet, ftp, talk and finger.
  • crond. This daemon executes scheduled commands.
  • dhcpd. This daemon provides Dynamic Host Configuration Protocol services.
  • fingerd. This daemon is often started by inetd to respond to the finger command.
  • ftpd. This daemon is often started by inetd to handle File Transfer Protocol requests.
  • httpd. This daemon acts as a web server.
  • lpd. This daemon provides Line Printer Protocol requests.
  • named. This daemon provides Domain Name Protocol services.
  • nfsd. This daemon provides Network File System services.
  • ntpd. This daemon provides NTP services, either as primary or secondary.
  • portmap/rpcbind. This daemon converts Remote Procedure Call program numbers into internet port numbers.
  • sshd. This daemon provides Secure Shell services.
  • sendmail. This Simple Main Transfer Protocol or Mailer daemon handles incoming email messages.
  • swapper. This kernel daemon moves whole processes between main memory and secondary storage as part of virtual memory management.
  • syslogd. This daemon handles logging requests from the OS kernel, other processes on the same machine and other processes on remote machines.
  • syncd. This daemon synchronizes files on different servers.
  • systemd. This daemon replaces init on Linux systems.
  • vhand. This daemon selects pages that haven't been recently referenced and that can be swapped out of main memory into secondary storage if necessary.
  • ypbind. This daemon binds processes on a Network Information Service client to services on an NIS server.

History of daemons

The term daemon was coined by programmers at Massachusetts Institute of Technology's Project MAC (Mathematics and Computation) in 1963, inspired by Maxwell's demon, an imaginary agent in physics and thermodynamics. In a thought experiment devised by James Clerk Maxwell in 1867, a demon would control a small massless door between two chambers of gas, forcing fast-moving molecules to pass through in one direction and slow-moving molecules to pass in the other direction. In Greek mythology, a daemon was considered a supernatural being or power.

The MIT programmers thought demon would be an appropriate name for a background process that worked tirelessly to perform system chores. But instead of using the term demon, they used daemon, which is an older form of the word.

An acronym was back fitted once the concept came into common use. So, in some circles, daemon has come to stand for disk and execution monitor.

Learn how IT administrators can use Docker in rootless mode to run common containers, avoiding the potential for a privileged attack.

This was last updated in August 2022

Continue Reading About daemon