Understanding your (Red Hat Enterprise Linux) daemons
by Len DiMaggio
A Unix daemon is a program that runs in the “background,” enabling you to do other work in the “foreground,” and is independent of control from a terminal. Daemons can either be started by a process, such as a system startup script, where there is no controlling terminal, or by a user at a terminal without “tying up” that terminal as the daemon runs. But which daemons can you safely play with? Which should you leave running?
An introduction to daemons
The real-world (i.e., non-computer) definition of “daemon” is either a spirit (an evil one) or an inner or private voice. It’s interesting to note that each of the real-world definitions actually does apply to Unix daemon programs. Like mythological daemons, Unix daemon programs skulk around unseen in the background just as a daemon would. And daemons act like an inner voice in that they can run continuously and, like a conscience, can always be accessed. The word “daemon” is one of those cases of chicken and egg computer acronyms in search of a definition and supposedly is based on “Disk And Execution MONitor” program.
An introduction to services
The daemons referenced in /etc/init.d are configured to be run as Linux services. Services are programs that are started and stopped through the init scripts in the /etc/init.d directory. Many of these services are launched when the system is booted. The /sbin/service utility provides a consistent interface to executing the init scripts. The init scripts provide a consistent interface to managing a service by providing options that start, stop, restart, query status, and perform other actions on services. For example, the httpd service init script provides these options:/sbin/service httpd
Usage: httpd {startstoprestartcondrestartreloadstatusfullstatusgracefulhelpconfigtest}
You can view the current state of all services with this option to the service utility:/sbin/service –status-all
acpid (pid 2481) is running...
anacron (pid 2647) is running...
atd (pid 2657) is running...
auditd (pid 2189) is running...
....
Runlevel information for these services, that is, the settings for which system runlevel the service will be started at boot time, can be queried and modified with the chkconfig utility. For example, to query the current settings for the syslog service:/sbin/chkconfig --list syslog
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
This shows that that syslog service will be automatically started at boot-time for runlevels 2, 3, 4, and 5. To set the service to not start for runlevels 3 and 4 (not a good idea, by the way), you would use these options for the chkconfig utility:/sbin/chkconfig –levels 34 syslog off
The /usr/bin/system-config-services utility provides a GUI interface that enables you to both query and modify the current state of a service, as well as its defined run levels. See Illustration 1.
Illustration 1: The /usr/bin/system-config-services utility GUI
Let’s look at how these services and daemons appear in output from ps. Here’s a short list:UID PID PPID C STIME TTY TIME CMD
root 1 0 0 23:36 ? 00:00:00 init [5]
root 2161 1 0 23:37 ? 00:00:00 auditd
root 2177 1 0 23:37 ? 00:00:00 syslogd -m 0
root 2180 1 0 23:37 ? 00:00:00 klogd -x
root 2207 1 0 23:37 ? 00:00:00 mcstransd
root 2254 1 0 23:37 ? 00:00:00 rpc.statd
root 2287 1 0 23:37 ? 00:00:00 rpc.idmapd
root 2577 1 0 23:37 ? 00:00:00 crond
root 2631 1 0 23:37 ? 00:00:00 /usr/sbin/atd
root 2654 1 0 23:37 ? 00:00:00 rhnsd --interval 240
What’s important to note here? (Other than I’m staying up too late at night, that is.) For each of the daemons, the parent process ID (PPID) is 1. This indicates that the daemons were started up during the boot process by init.
A useful tool for viewing the “tree” of processes and their parents is “pstree.” Here’s a fragment of the output from pstree:init-+
-NetworkManager---2*[{NetworkManager}]
-NetworkManagerD
-acpid
-atd
-auditd-+-python
`-{auditd}
-avahi-daemon---avahi-daemon
-bonobo-activati---{bonobo-activati}
-crond
-cupsd---cups-polld
-2*[dbus-daemon---{dbus-daemon}]
-dbus-launch
-dhcdbd---dhclient
A closer look at your system’s daemons
So much for background information. Let’s take a look at your system’s daemons and see which ones you can safely play with. Note that for this article, the system used was running the Red Hat Enterprise Linux Beta 2 release, workstation configuration. Based on your specific system, you may see more or fewer daemons, or even some not included here.
We’ve listed web-sites where you can learn more about these daemons, but the best place to start learning is the manpage. O’Reilly also has an excellent alphabetic index of Linux commands and wikipedia.org has entries for most of these daemons. And, don’t forget to look in the README files.
acpid
This is the daemon for the Advanced Configuration and Power Interface (ACPI). ACPI is an open industry standard for system control related actions, most notably plug-and-play hardware recognition and power management, such as startup and shutdown and putting systems into low poser consumption modes.
You’ll probably never want to shut down this daemon, unless you are explicitly instructed to do so to debug a hardware problem.
Learn more:http://www.acpi.info
anacron
One of the problems with living on a laptop, as so many of us do these days, is that when you set up a cron job to run, you can’t always be sure that your laptop will be running at the time that the job should run. anacron (the name refers to its being an “anachronistic cron”) gets around this problem by scheduling tasks in days. For example, anacron will run a job if the job has not been run in the specified number of days.
When are you safe not running anacron? When your system is running continuously. Should you simply stop cron from running if you have anacron running? No; anacron is able to specify job intervals in days, not hours and seconds.
Learn more:http://anacron.sourceforge.net
apmd
This is the daemon for the Advanced Power Management (APM) BIOS driver. The APM hardware standard and apmd are being replaced by ACPI and acpid. If your hardware supports ACPI, then you don’t need to run apmd.
atd
This is the daemon for the at job processor (at enables you to run tasks at specified times). You can turn off this daemon if you don’t use it.
autofs
This daemon automatically mounts disks and file systems that you define in a configuration file. Using this daemon can be more convenient that explicitly mounting removable disks.
Learn more:http://freshmeat.net/projects/autofs
auditd
The Linux Auditing System provides kernel-resident logging of system calls and user space tools to collect and view the logs. The auditd daemon writes the logging records to disk. auditd is configurable to allow control over what information is written to the logs.
Why should you keep auditd running? The information in the log may prove useful in debugging security-related issues. For example, auditd is used to log SELinux events. There are also utilities such as aureport that enable you to view the audit log. Here’s an example of a report generated by aureport:Summary Report
======================
Range of time in logs: 11/28/2006 06:07:04.800 - 02/06/2007 21:10:09.957
Selected time for report: 12/31/1969 19:00:00 - 02/06/2007 21:10:09.957
Number of changes in configuration: 285
Number of changes to accounts, groups, or roles: 32
Number of logins: 145
Number of failed logins: 11
Number of users: 2
Number of terminals: 22
Number of host names: 11
Number of executables: 27
Number of files: 91
Number of AVC denials: 688
Number of MAC events: 12
Number of failed syscalls: 404
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 0
Number of process IDs: 14022
Number of events: 70694
Avahi-daemon and avahi-dnsconfd
The Avahi website defines Avahi as: ‘a system which facilitates service discovery on a local network. This means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to, or find files being shared…’ Avahi is a Zeroconf implementation. Zeroconf is an approach that enables users to create usable IP networks without having special configuration servers such as DNS servers.A common use of the avahi-daemon is with Rhythmbox, so you can see music that is made available to be shared with others. If you’re not sharing music or files on your system, you can turn off this daemon.
Learn more:http://avahi.orghttp://zeroconf.org
Bluetooth and hidd and pand
The name says it all. Run this service to enable your system to make use of Bluetooth devices. The name of the actual daemon is hcid (Host Controller Interface Daemon).
There’s also a daemon named hidd. This is the Bluetooth Human Interface Device Daemon. It provides keyboard, mouse, and track-ball device support over Bluetooth.
And, there’s pand. This daemon enables your computer to connect to ethernet networks using Bluetooth.
Learn more:http://www.bluetooth.comhttp://bluez.sourceforge.net/contrib/HOWTO-PAN
capi
This daemon supports the Common ISDN Application Programming Interface. You’ll run this if you’re connecting to ISDN hardware components. The service runs capiinit.
Learn more:http://www.capi.org/pages
conman
No, this isn’t related to late-night infomercials about real estate investing. The conman service (and the conmand daemon) support console management. This supports multiple console devices and simultaneous users. It supports local serial devices and remote terminal servers (via the telnet protocol). If you’re managing multiple servers, you may want to run conman.
Learn more:http://home.gna.org/conman/
cpuspeed
This daemon adjusts the CPU speed based on the power consumption. Less power is used when the CPU is idle, and more power is available when needed to improve performance. If you’re running on a laptop, you might want to consider running cpuspeed.
Learn more:http://carlthompson.net/Software/CPUSpeed
crond
This daemon automates the running of tasks. These jobs are necessary for any Linux or Unix system. Don’t stop or disable this one.
Learn more:http://www.unixgeeks.org/security/newbie/unix/cron-1.htmlhttp://www.linuxhelp.net/guides/cron/
CUPS and cups-config-daemon
This daemon is the “Common UNIX Printing Solution.” Like the name implies, it’s a printing system that can handle multiple data formats and printers. If you want to print, leave this daemon running.
Learn more:http://www.cups.orghttp://www.easysw.com/cups/index.php
dhcdbd
This is the DHcp Client D-Bus Daemon. According to The Free DeskTop wiki,
D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a “single instance” application or daemon, and to launch applications and daemons on demand when their services are needed.
Do you want to run this daemon? If you’re running your system on a network (and who isn’t?), especially if you’re moving between networks such as when you move from a wired network to wireless as you move around your office, then you should be running NetworkManager. (We’ll discuss NetworkManager in a bit.)
The dhcdbd daemon provides a D-Bus interface to dhclient, the DHCP client from ISC. This makes it possible for NetworkManager can to query and control dhclient.
Learn more:http://www.freedesktop.org/wiki/Software/dbus
gpmd
This daemon enables you to use your mouse in text-based applications such as the Midnight Commander file manager and on the console. You might find this useful if you’re working through situations in the console; otherwise, you’ll be working in the X windowing system and you might never need gpmd.
hald
No, this isn’t related to the evil computer in the film “2001, A Space Odyssey.” In this context, HAL refers to the “Hardware Abstraction Layer.” The HAL daemon collects this information about hardware devices from the kernel and the hardware and makes it available in a consistent manner.
Don’t turn off this daemon. Multiple applications rely on it.
Learn more:“Desktop and hardware configuration,” by David Zeuthen
hplipd
This daemon supports HP Linux Imaging and Printing (HPLIP) for printing, scanning, and faxing with HP inkjet and laser printers. HPLIP works CUPS by providing a backend to connect to HP devices.
Learn more:http://hplip.sourceforge.net
hsqldb
This is the daemon for a Java relational database. The daemon gets its name from the Hypersonic SQL project that has been discontinued. hsqldb is used widely in open source projects such as OpenOffice (it’s the database behind the “base” feature) and is often used in demonstration programs, as it can run entirely in memory. It also runs fast. Should you run this daemon? Only if you have a specific program that makes use of it. But, it’s a very useful tool, and if you’re not familiar with it, it’s worth taking a look.
Learn more:http://hsqldb.orghttp://dba.openoffice.org
httpd
The Apache web server. Used by almost 60% of all websites. If you want to host a website, you run Apache. Need we say more?
Learn more:http://httpd.apache.org
ip6tables and iptables
These daemons are firewalls. A firewall, according to Wikipedia, is an “information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization’s security policy. Firewalls can either be hardware and/or software based.”
iptables functions by maintaining tables of IPv4 packet filter rules in the kernel. It checks incoming and outgoing packets against these rules and blocks packets that don’t meet the rules. ip6tables does the same for IPv6 packets.
Which should you run? Both. Always. It’s a dangerous world on the ‘net.
Learn more:http://www.netfilter.orghttp://www.ipv6.org
irda
IrDA (Infrared Data Association) is an industry standard for inter-device wireless, infrared communications. Most laptops are configured with an IrDA infrared transceiver. You only need to run this daemon if you need to communicate via an infrared connection to other devices.
Learn more:http://irda.sourceforge.net
irqbalance
This daemon distributes hardware interrupts to the CPUs in SMP (symmetric processor: multi-processor architecture) systems to increase performance. The daemon balances savings in power consumption with performance.
You need not run this daemon on single processor systems, as it only has an effect on multiple-processor systems. Red Hat Kbase articles1 indicate that irqbalance is relevant on x86, x86_64, and AMD systems.
Learn more:http://www.irqbalance.org
kudzu
This is a very useful daemon. At boot time, it detects if hardware devices have been added to or removed from the the system. It”s worthwhile to run kudzu at boot time, even if you don’t plan on adding or removing hardware often. You might run into a situation where you add a device and just assume that the system will figure out that it’s there. Also, since kudzu only runs at boot time, and does not stay running, there’s no performance hit on the system.
Learn more:http://fedora.redhat.com/projects/additional-projects/kudzu
lisa
This daemon gets its name from Lan Information Server. lisa provides a function similar to the MS-Windows Network Neighborhood and provides you access to servers, including CIFS (Common Internet File Systems) servers on your network. lisa only needs the TCP/IP stack to function. It sends ICMP echo requests to ranges of IP address that you define in its configuration file and waits for responses.
Learn more:http://docs.kde.org/stable/en/kdenetwork/lisahttp://docs.kde.org/userguide/networking-with-windows.htmlhttp://lisa-home.sourceforge.net
lm_sensors
This daemon supports monitoring temperatures, voltages, and cooling fans. In order to make use of this daemon, your system hardware has to include sensors to perform this monitoring. You can only run this daemon if your hardware can support if. You probably don’t want to run this daemon on a workstation. It’s more likely to be used for hi-end, mission critical servers.
Learn more:http://www.lm-sensors.orghttp://freshmeat.net/projects/lm_sensors
mcstrans
SELinux Context Translation System Daemon. This daemon translates security context informartion into a human readable form. You can probably stop this daemon, but if you do, you’ll see a change in the SELinux information displayed with ls -Z. For example, with the daemon running, you’ll see:ls -Z
-rw-r--r-- jsmith jsmith user_u:object_r:user_home_t bookmarks.html
drwxr-xr-x jsmith jsmith user_u:object_r:user_home_t Desktop
-r-xr-xr-x jsmith jsmith user_u:object_r:user_home_t hello
-r--r--r-- jsmith jsmith user_u:object_r:user_home_t hello.c
And, with it stopped, you’ll see:ls -Z
-rw-r--r-- jsmith jsmith user_u:object_r:user_home_t:s0 bookmarks.html
drwxr-xr-x jsmith jsmith user_u:object_r:user_home_t:s0 Desktop
-r-xr-xr-x jsmith jsmith user_u:object_r:user_home_t:s0 hello
-r--r--r-- jsmith jsmith user_u:object_r:user_home_t:s0 hello.c
Note that with the daemon stopped, the security context value of “s0” is displayed. mctrans translates this to a null display. Other security contexts are translated from alphanumeric values in their names.
Learn more:http://fedoraproject.org/wiki/SELinux/Understandinghttp://danwalsh.livejournal.com
mdmonitor and mdmpd
These two daemons are used with RAID (redundant array of inexpensive/independent disks) data storage systems. Mdmonitor starts, stops, and reloads the mdadm (multipath device monitoring and management) software RAID monitoring and management utilities. You should only run these daemons if you have RAID storage in your system.
Learn more:http://www.linuxdevcenter.com/pub/a/linux/2002/12/05/RAID.html
messagebus
This is the D-BUS system-wide message bus daemon. This daemon broadcasts notifications of system events and such as changes in the printer queue or the adding and removing of devices. (Note that this is not the same operation as Kudzu, as it can take place while the system is running and not only at boot time.)
Learn more:http://www.freedesktop.org/software/dbus
netplugd and ifplugd
These daemons configure Ethernet devices when cables are plugged in and deconfigure them when the cables are removes. Why would you want this to happen? It makes sense for laptops so that your network connections are only brought up when their cables are attached.
Note that the development of netplugd has been discontinued in favor of ifplugd.
Learn more:http://0pointer.de/lennart/projects/ifplugd
NetworkManager and NetworkManagerDispatcher
The NetworkManager daemon automates switching between network connections. This is a useful daemon for laptop users who switch between wireless WiFi connections and Ethernet connections. The NetworkManagerDispatcher daemon automatically runs scripts (including scripts to force any actions that you want to have happen such as setting up specific routes) when NetworkManager changes the network state.
Learn more:http://www.gnome.org/projects/NetworkManager
named
This daemon is the Domain Name Server. You’ll need to run this daemon only if your system is acting as a DNS server for your network.
Learn more:http://www.dns.net/dnsrd
nfsd
The nfs daemon supports the nfs communications protocol for file sharing across TCP/IP networks. You’ll want to run this daemon if you make use of file systems shared with nfs.
Learn more:http://nfs.sourceforge.net
nscd
This is the name service cache daemon. It takes care of group and password lookups for running programs and then caches the lookup results for the next query for services that can experience slowness in picking up changes such as NIS or LDAP. If you’re running these services, you may want to run nscd.
ntpd
This is the Network Time Protocol daemon. This deamon sets and maintains the system time of day by keeping it in synch with Internet standard time servers. If your system is connected to the Internet (and who isn’t?) then running ntpd will keep your system time correct.
Learn more:http://www.ntp.org
oddjobd
The oddjobd daemon provides the com.redhat.oddjob service on the system-wide message bus. Each facility which oddjobd provides is provided as a separate D-Bus method. oddjobd provides support for unprivileged applications that require privileged operations to be performed.
You should only run this daemon if you are using an application that requires it, such as Conga.
Learn more:http://people.redhat.com/nalin/oddjob/oddjob.htmlhttp://sourceware.org/cluster/conga
openvpn
This daemon supports virtual private networks (VPNs). The daemon startup script says it all:
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port.
If your system is a node in a VPN, then you’ll probably run OpenVPN.
Learn more:http://openvpn.net
pcscd
This is the PC/SC Smart Card Daemon. pcscd is the daemon for pcsc-lite (middleware for accessing smart cards) and the (java-based) MuscleCard framework. It enables communications with smart card readers and smart cards.
(A smart card is a card that is embedded with either a memory chip or microprocessor and a memory chip. And Muscle is the Movement for the Use of Smart Cards in a Linux Environment.)
Learn more:http://www.smartcardalliance.orghttp://pcsclite.alioth.debian.orghttp://www.linuxnet.com/musclecard/index.html
portmap
The portmapper daemon manages RPC (remote procedure call) connections. It converts RPC program numbers into TCP/IP (or UDP/IP) protocol port numbers. The most common use of portmapper is by NFS and NIS.
So, if your system relies on NIS or NFS, don’t turn off the portmap daemon.
Learn more:http://www.linux-nis.org/nis-howto/HOWTO/portmapper.html
postfix
This daemon is a mail transport agent. Unless your system is a mail relay server, you don’t need to run this daemon.
Learn more:http://www.postfix.org
rdisc
This daemon (the router discovery daemon) discovers routers on the local subnet. It is run at boot time to populate the network routing tables with default routes.
Learn more:http://www.informit.com/articles/article.asp?p=23951&rl=1
restorecond
This is an SELinux daemon. restorecond watches for file creation (of files listed in /etc/selinux/restorecond.conf) and then ensures that the files have the correct file context associated with the policy, and then sets the default SELinux file context.
Don’t turn this one off. SELinux needs it.
Learn more:http://fedoraproject.org/wiki/SELinux/Understandinghttp://danwalsh.livejournal.com/
rhnsd
This daemon periodically checks for actions that have been scheduled though the Red Hat Network web interface and runs them. This includes actions such as installing, removing, or updating software, rebooting the system, starting a kickstart installation, or installing configuration files.
Learn more:https://www.redhat.com/rhn/
rpcgssd and rpcidmapd and rpcsvcgssd
The rpcgssd and rpcsvcgssd daemons handle security for RPC. The rpcidmapd maps user names to UID and GID numbers.
If you’re running NFS or NIS, then you should have these daemons running.
Learn more:http://nfs.sourceforge.net/
readahead_early and readahead_later
The readahead daemon causes the programs used during startup to be loaded into memory before they are needed, to improve startup performance.
saslauthd
This is the SASL authentication server daemon. SASL is the Simple Authentication and Security Layer and allows for adding authentication to connection-based protocols.
Learn more:http://asg.web.cmu.edu/sasl
sendmail
This is a SMTP (Simple Mail Transfer Protocol) server. sendmail moves mail from one system to another as a Mail Transport Agent. If you run a mail program such as Thunderbird or Evolution, you don’t need to run sendmail.
Learn more:http://www.sendmail.org
setroubleshoot
This is the SELinux Troubleshooting Daemon. setroubleshooter is one of the great recent additions to SELinux. setroubleshooter provides real-time feedback to users on SELInux AVC denials. And it provides this feedback in a easy to follow format.
Learn more:https://hosted.fedoraproject.org/projects/setroubleshoot
smartd
This daemon monitors the SMART (Self-Monitoring, Analysis and Reporting Technology) systems included in many types of disk drives, such as SCSI-3 type drives. The daemon will monitor reliability and performs self-tests. You should run this daemon if your hardware supports it.
Learn more:http://sourceforge.net/projects/smartmontools
spamassassin
This daemon uses the Apache SpamAssassin program to check email for SPAM. It is usually run on a mail deleivery agent (MDA) server. If you use a client program such as Thunderbird or Evolution to access your mail, then you don’t need to run spamassassin.
Learn more:http://spamassassin.apache.org
sshd
This is the daemon for open ssh. ssh replaces the insecure rsh and rlogin programs and enables encryption for communications between hosts over insecure networks. If you connect with other systems over the public Internet, you want to use ssh and run this daemon.
Learn more:http://www.ssh.comhttp://www.openssh.com
syslog
syslog is the standard logging system for Linux systems. Don’t turn this one off.
Learn more:http://www.syslog.org
winbind
This daemon is part of the Samba suite and enables Windows domain users to function as Unix users on Unix servers. You may want to run this daemon if you’re dealing with a mixed PC and Linux/Unix network.
Learn more:http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.htmlhttp://www.samba.org
xfs
This damon is the xfs font server. This daemon loads fonts into memory to enable X applications to run faster than if they had to load the fonts from disk. This daemon is worth running to improve application performance.
Learn more:http://linuxreviews.org/howtos/xfree/xfs
ypbind
This daemon binds NIS clients to an NIS domian. The “yp” refers to “yellow pages,” as the NIS directory of user accounts acts like the telephone book yellow pages. You only want to run this daemon if your system relies on NIS (Network Information Service) for user accounts and system names.
Learn more:http://www.linux-nis.org
yum-updatesd
yum-updatesd checks for software updates and can send notifications of these updates via mail, dbus, or syslog messages, or can automatically install the updates. The dbus messages are picked up by the “puplet” (package updater), which notifies the user of the updates and lets the user install them.
Learn more:http://linux.duke.edu/projects/yumhttp://www.redhat.com/magazine/024oct06/features/fc62
References
“Which Services Can I Disable?,” Dinkar, TejasLinux Services, Devices, and DaemonsFedora Core 3 Linux ServicesServices in Fedora, Mauriat Miranda
Acknowledgments
I’d like to acknowledge the information presented by Mauriet Miranda in his “Services in Fedora” web-site. His work was especially helpful as a starting point for researching this article. Also, I’d like to thank Christopher Smith, James Bowes, and Dan Walsh for their insightful technical information in writing the article.
Len DiMaggio is a QE Engineer at Red Hat in Westford, Massachusettes and has published articles on software engineering in Red Hat Magazine, Dr. Dobbs Journal, Software Development Magazine, IBM Developerworks, STQE, and other journals.
This entry was posted by Len DiMaggio on Friday, March 9th, 2007 at 6:17 am and is filed under Red Hat Enterprise Linux. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
16 responses to “Understanding your (Red Hat Enterprise Linux) daemons”
Ben Russo says: March 9th, 2007 at 11:18 am
How about adding a “service XXX help” init script command option that would give a description of the service and give examples of what types of servers should have it running, and what types of servers could turn it off. It could just look under /usr/share/doc/services/XXX for a file. each RPM that installs a file in /etc/init.d would drop a corresponding description in /usr/share/doc/services/
Thanks!-Ben.
Ashish Malik says: March 10th, 2007 at 1:10 am
The article was great…:) It’s difficult to find such type of info about all the services at one place. Finally, RedHat did it. It’s a good tutorial for beginners.
But I am not bale to find about “service httpd condrestart”. What does this condrestart does?
Len DiMaggio says: March 10th, 2007 at 2:14 pm
Hi Ashish – thanks for the kind comment – here’s a fragment from the httpd startup script – the “condrestart” is a conditional restart. it only restarts the service if it’s running, unlike restart, which always restarts the service.
==================================restart)stopstart;;condrestart)if [ -f ${pidfile} ] ; thenstopstartfi;;==================================
Jovonnie Chesney says: March 13th, 2007 at 3:28 am
I agree with Ashish-this is an excellent and well written! Len, thank you for consolidating information from multiple sources into a single, easy to digest article that is both practical and a great study resource.
Wolf says: March 14th, 2007 at 3:26 pm
/sbin/service –status-all should be /sbin/service -–status-all
hermouche says: March 18th, 2007 at 8:36 pm
Great job.Agree with Wolf.thanks
Len DiMaggio says: March 19th, 2007 at 1:50 am
Wolf is correct – the syntax is: /sbin/service -–status-all
Good catch!
Swapnil says: March 21st, 2007 at 11:27 pm
Thanks a lot for this article.I was looking for this for quite some time.
Dean Gibson says: April 4th, 2007 at 2:39 pm
I don’t agree that “If you run a mail program such as Thunderbird or Evolution, you don’t need to run sendmail.” The two programs perform different tasks.
If your system generates mail messages (eg, the daily logwatch), then you probably need to run sendmail or postfix.
Fred New says: April 5th, 2007 at 2:23 am
This is a useful list of services. Well done. If this isn’t already available in the online Red Hat documentation, it would probably find more readers there. It would also be useful to know how to configure IP tables ports for various services, like for CUPS, NFS and Samba. And speaking of Samba, maybe nmb and smb should be in this list.
Vladimir says: April 10th, 2007 at 10:01 pm
It’s a good tutorial for beginnersBest Regards!
Patrick Wolfe says: September 9th, 2007 at 10:45 am
rpcgssd, rpcsvcgssd and rpcidmapd are only used by version 4 of the NFS protocol. Since most NFS clients use version 3, not version 4, these daemons are quite often safe to disable.
The easy way to tell which version you use is by checking your /etc/fstab and /etc/auto.* files. If you use the fstype “nfs”, you’re using protocol version 3. If you see “nfs4″, then you’re using protocol version 4, and require these daemons.
http film says: February 1st, 2008 at 3:55 pm
http film
cool site
Vitaly says: March 31st, 2008 at 4:40 am
Regarding HAL daemon – is it used only by “desktop” application? I.e., may I stop hald for runlevel 3?
Tux Training » Blog Archive » A step-by-step guide to building a new SELinux policy module says: May 12th, 2008 at 4:46 pm
[...] Since simple daemon applications usually have security goals close to what the application is designed to do,a good place to begin writing policy is for daemons started during the system startup routines or CGI scripts. Avoid writing policy for user applications until you thoroughly understand SELinux and your security goals for that application. [...]
Amr Hamdy says: January 28th, 2009 at 7:32 pm
Thanks a lot,Very useful article … It’s the only article I found to mention the real need or no-need to run mcstrans service
by Len DiMaggio
A Unix daemon is a program that runs in the “background,” enabling you to do other work in the “foreground,” and is independent of control from a terminal. Daemons can either be started by a process, such as a system startup script, where there is no controlling terminal, or by a user at a terminal without “tying up” that terminal as the daemon runs. But which daemons can you safely play with? Which should you leave running?
An introduction to daemons
The real-world (i.e., non-computer) definition of “daemon” is either a spirit (an evil one) or an inner or private voice. It’s interesting to note that each of the real-world definitions actually does apply to Unix daemon programs. Like mythological daemons, Unix daemon programs skulk around unseen in the background just as a daemon would. And daemons act like an inner voice in that they can run continuously and, like a conscience, can always be accessed. The word “daemon” is one of those cases of chicken and egg computer acronyms in search of a definition and supposedly is based on “Disk And Execution MONitor” program.
An introduction to services
The daemons referenced in /etc/init.d are configured to be run as Linux services. Services are programs that are started and stopped through the init scripts in the /etc/init.d directory. Many of these services are launched when the system is booted. The /sbin/service utility provides a consistent interface to executing the init scripts. The init scripts provide a consistent interface to managing a service by providing options that start, stop, restart, query status, and perform other actions on services. For example, the httpd service init script provides these options:/sbin/service httpd
Usage: httpd {startstoprestartcondrestartreloadstatusfullstatusgracefulhelpconfigtest}
You can view the current state of all services with this option to the service utility:/sbin/service –status-all
acpid (pid 2481) is running...
anacron (pid 2647) is running...
atd (pid 2657) is running...
auditd (pid 2189) is running...
....
Runlevel information for these services, that is, the settings for which system runlevel the service will be started at boot time, can be queried and modified with the chkconfig utility. For example, to query the current settings for the syslog service:/sbin/chkconfig --list syslog
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
This shows that that syslog service will be automatically started at boot-time for runlevels 2, 3, 4, and 5. To set the service to not start for runlevels 3 and 4 (not a good idea, by the way), you would use these options for the chkconfig utility:/sbin/chkconfig –levels 34 syslog off
The /usr/bin/system-config-services utility provides a GUI interface that enables you to both query and modify the current state of a service, as well as its defined run levels. See Illustration 1.
Illustration 1: The /usr/bin/system-config-services utility GUI
Let’s look at how these services and daemons appear in output from ps. Here’s a short list:UID PID PPID C STIME TTY TIME CMD
root 1 0 0 23:36 ? 00:00:00 init [5]
root 2161 1 0 23:37 ? 00:00:00 auditd
root 2177 1 0 23:37 ? 00:00:00 syslogd -m 0
root 2180 1 0 23:37 ? 00:00:00 klogd -x
root 2207 1 0 23:37 ? 00:00:00 mcstransd
root 2254 1 0 23:37 ? 00:00:00 rpc.statd
root 2287 1 0 23:37 ? 00:00:00 rpc.idmapd
root 2577 1 0 23:37 ? 00:00:00 crond
root 2631 1 0 23:37 ? 00:00:00 /usr/sbin/atd
root 2654 1 0 23:37 ? 00:00:00 rhnsd --interval 240
What’s important to note here? (Other than I’m staying up too late at night, that is.) For each of the daemons, the parent process ID (PPID) is 1. This indicates that the daemons were started up during the boot process by init.
A useful tool for viewing the “tree” of processes and their parents is “pstree.” Here’s a fragment of the output from pstree:init-+
-NetworkManager---2*[{NetworkManager}]
-NetworkManagerD
-acpid
-atd
-auditd-+-python
`-{auditd}
-avahi-daemon---avahi-daemon
-bonobo-activati---{bonobo-activati}
-crond
-cupsd---cups-polld
-2*[dbus-daemon---{dbus-daemon}]
-dbus-launch
-dhcdbd---dhclient
A closer look at your system’s daemons
So much for background information. Let’s take a look at your system’s daemons and see which ones you can safely play with. Note that for this article, the system used was running the Red Hat Enterprise Linux Beta 2 release, workstation configuration. Based on your specific system, you may see more or fewer daemons, or even some not included here.
We’ve listed web-sites where you can learn more about these daemons, but the best place to start learning is the manpage. O’Reilly also has an excellent alphabetic index of Linux commands and wikipedia.org has entries for most of these daemons. And, don’t forget to look in the README files.
acpid
This is the daemon for the Advanced Configuration and Power Interface (ACPI). ACPI is an open industry standard for system control related actions, most notably plug-and-play hardware recognition and power management, such as startup and shutdown and putting systems into low poser consumption modes.
You’ll probably never want to shut down this daemon, unless you are explicitly instructed to do so to debug a hardware problem.
Learn more:http://www.acpi.info
anacron
One of the problems with living on a laptop, as so many of us do these days, is that when you set up a cron job to run, you can’t always be sure that your laptop will be running at the time that the job should run. anacron (the name refers to its being an “anachronistic cron”) gets around this problem by scheduling tasks in days. For example, anacron will run a job if the job has not been run in the specified number of days.
When are you safe not running anacron? When your system is running continuously. Should you simply stop cron from running if you have anacron running? No; anacron is able to specify job intervals in days, not hours and seconds.
Learn more:http://anacron.sourceforge.net
apmd
This is the daemon for the Advanced Power Management (APM) BIOS driver. The APM hardware standard and apmd are being replaced by ACPI and acpid. If your hardware supports ACPI, then you don’t need to run apmd.
atd
This is the daemon for the at job processor (at enables you to run tasks at specified times). You can turn off this daemon if you don’t use it.
autofs
This daemon automatically mounts disks and file systems that you define in a configuration file. Using this daemon can be more convenient that explicitly mounting removable disks.
Learn more:http://freshmeat.net/projects/autofs
auditd
The Linux Auditing System provides kernel-resident logging of system calls and user space tools to collect and view the logs. The auditd daemon writes the logging records to disk. auditd is configurable to allow control over what information is written to the logs.
Why should you keep auditd running? The information in the log may prove useful in debugging security-related issues. For example, auditd is used to log SELinux events. There are also utilities such as aureport that enable you to view the audit log. Here’s an example of a report generated by aureport:Summary Report
======================
Range of time in logs: 11/28/2006 06:07:04.800 - 02/06/2007 21:10:09.957
Selected time for report: 12/31/1969 19:00:00 - 02/06/2007 21:10:09.957
Number of changes in configuration: 285
Number of changes to accounts, groups, or roles: 32
Number of logins: 145
Number of failed logins: 11
Number of users: 2
Number of terminals: 22
Number of host names: 11
Number of executables: 27
Number of files: 91
Number of AVC denials: 688
Number of MAC events: 12
Number of failed syscalls: 404
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 0
Number of process IDs: 14022
Number of events: 70694
Avahi-daemon and avahi-dnsconfd
The Avahi website defines Avahi as: ‘a system which facilitates service discovery on a local network. This means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to, or find files being shared…’ Avahi is a Zeroconf implementation. Zeroconf is an approach that enables users to create usable IP networks without having special configuration servers such as DNS servers.A common use of the avahi-daemon is with Rhythmbox, so you can see music that is made available to be shared with others. If you’re not sharing music or files on your system, you can turn off this daemon.
Learn more:http://avahi.orghttp://zeroconf.org
Bluetooth and hidd and pand
The name says it all. Run this service to enable your system to make use of Bluetooth devices. The name of the actual daemon is hcid (Host Controller Interface Daemon).
There’s also a daemon named hidd. This is the Bluetooth Human Interface Device Daemon. It provides keyboard, mouse, and track-ball device support over Bluetooth.
And, there’s pand. This daemon enables your computer to connect to ethernet networks using Bluetooth.
Learn more:http://www.bluetooth.comhttp://bluez.sourceforge.net/contrib/HOWTO-PAN
capi
This daemon supports the Common ISDN Application Programming Interface. You’ll run this if you’re connecting to ISDN hardware components. The service runs capiinit.
Learn more:http://www.capi.org/pages
conman
No, this isn’t related to late-night infomercials about real estate investing. The conman service (and the conmand daemon) support console management. This supports multiple console devices and simultaneous users. It supports local serial devices and remote terminal servers (via the telnet protocol). If you’re managing multiple servers, you may want to run conman.
Learn more:http://home.gna.org/conman/
cpuspeed
This daemon adjusts the CPU speed based on the power consumption. Less power is used when the CPU is idle, and more power is available when needed to improve performance. If you’re running on a laptop, you might want to consider running cpuspeed.
Learn more:http://carlthompson.net/Software/CPUSpeed
crond
This daemon automates the running of tasks. These jobs are necessary for any Linux or Unix system. Don’t stop or disable this one.
Learn more:http://www.unixgeeks.org/security/newbie/unix/cron-1.htmlhttp://www.linuxhelp.net/guides/cron/
CUPS and cups-config-daemon
This daemon is the “Common UNIX Printing Solution.” Like the name implies, it’s a printing system that can handle multiple data formats and printers. If you want to print, leave this daemon running.
Learn more:http://www.cups.orghttp://www.easysw.com/cups/index.php
dhcdbd
This is the DHcp Client D-Bus Daemon. According to The Free DeskTop wiki,
D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a “single instance” application or daemon, and to launch applications and daemons on demand when their services are needed.
Do you want to run this daemon? If you’re running your system on a network (and who isn’t?), especially if you’re moving between networks such as when you move from a wired network to wireless as you move around your office, then you should be running NetworkManager. (We’ll discuss NetworkManager in a bit.)
The dhcdbd daemon provides a D-Bus interface to dhclient, the DHCP client from ISC. This makes it possible for NetworkManager can to query and control dhclient.
Learn more:http://www.freedesktop.org/wiki/Software/dbus
gpmd
This daemon enables you to use your mouse in text-based applications such as the Midnight Commander file manager and on the console. You might find this useful if you’re working through situations in the console; otherwise, you’ll be working in the X windowing system and you might never need gpmd.
hald
No, this isn’t related to the evil computer in the film “2001, A Space Odyssey.” In this context, HAL refers to the “Hardware Abstraction Layer.” The HAL daemon collects this information about hardware devices from the kernel and the hardware and makes it available in a consistent manner.
Don’t turn off this daemon. Multiple applications rely on it.
Learn more:“Desktop and hardware configuration,” by David Zeuthen
hplipd
This daemon supports HP Linux Imaging and Printing (HPLIP) for printing, scanning, and faxing with HP inkjet and laser printers. HPLIP works CUPS by providing a backend to connect to HP devices.
Learn more:http://hplip.sourceforge.net
hsqldb
This is the daemon for a Java relational database. The daemon gets its name from the Hypersonic SQL project that has been discontinued. hsqldb is used widely in open source projects such as OpenOffice (it’s the database behind the “base” feature) and is often used in demonstration programs, as it can run entirely in memory. It also runs fast. Should you run this daemon? Only if you have a specific program that makes use of it. But, it’s a very useful tool, and if you’re not familiar with it, it’s worth taking a look.
Learn more:http://hsqldb.orghttp://dba.openoffice.org
httpd
The Apache web server. Used by almost 60% of all websites. If you want to host a website, you run Apache. Need we say more?
Learn more:http://httpd.apache.org
ip6tables and iptables
These daemons are firewalls. A firewall, according to Wikipedia, is an “information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization’s security policy. Firewalls can either be hardware and/or software based.”
iptables functions by maintaining tables of IPv4 packet filter rules in the kernel. It checks incoming and outgoing packets against these rules and blocks packets that don’t meet the rules. ip6tables does the same for IPv6 packets.
Which should you run? Both. Always. It’s a dangerous world on the ‘net.
Learn more:http://www.netfilter.orghttp://www.ipv6.org
irda
IrDA (Infrared Data Association) is an industry standard for inter-device wireless, infrared communications. Most laptops are configured with an IrDA infrared transceiver. You only need to run this daemon if you need to communicate via an infrared connection to other devices.
Learn more:http://irda.sourceforge.net
irqbalance
This daemon distributes hardware interrupts to the CPUs in SMP (symmetric processor: multi-processor architecture) systems to increase performance. The daemon balances savings in power consumption with performance.
You need not run this daemon on single processor systems, as it only has an effect on multiple-processor systems. Red Hat Kbase articles1 indicate that irqbalance is relevant on x86, x86_64, and AMD systems.
Learn more:http://www.irqbalance.org
kudzu
This is a very useful daemon. At boot time, it detects if hardware devices have been added to or removed from the the system. It”s worthwhile to run kudzu at boot time, even if you don’t plan on adding or removing hardware often. You might run into a situation where you add a device and just assume that the system will figure out that it’s there. Also, since kudzu only runs at boot time, and does not stay running, there’s no performance hit on the system.
Learn more:http://fedora.redhat.com/projects/additional-projects/kudzu
lisa
This daemon gets its name from Lan Information Server. lisa provides a function similar to the MS-Windows Network Neighborhood and provides you access to servers, including CIFS (Common Internet File Systems) servers on your network. lisa only needs the TCP/IP stack to function. It sends ICMP echo requests to ranges of IP address that you define in its configuration file and waits for responses.
Learn more:http://docs.kde.org/stable/en/kdenetwork/lisahttp://docs.kde.org/userguide/networking-with-windows.htmlhttp://lisa-home.sourceforge.net
lm_sensors
This daemon supports monitoring temperatures, voltages, and cooling fans. In order to make use of this daemon, your system hardware has to include sensors to perform this monitoring. You can only run this daemon if your hardware can support if. You probably don’t want to run this daemon on a workstation. It’s more likely to be used for hi-end, mission critical servers.
Learn more:http://www.lm-sensors.orghttp://freshmeat.net/projects/lm_sensors
mcstrans
SELinux Context Translation System Daemon. This daemon translates security context informartion into a human readable form. You can probably stop this daemon, but if you do, you’ll see a change in the SELinux information displayed with ls -Z. For example, with the daemon running, you’ll see:ls -Z
-rw-r--r-- jsmith jsmith user_u:object_r:user_home_t bookmarks.html
drwxr-xr-x jsmith jsmith user_u:object_r:user_home_t Desktop
-r-xr-xr-x jsmith jsmith user_u:object_r:user_home_t hello
-r--r--r-- jsmith jsmith user_u:object_r:user_home_t hello.c
And, with it stopped, you’ll see:ls -Z
-rw-r--r-- jsmith jsmith user_u:object_r:user_home_t:s0 bookmarks.html
drwxr-xr-x jsmith jsmith user_u:object_r:user_home_t:s0 Desktop
-r-xr-xr-x jsmith jsmith user_u:object_r:user_home_t:s0 hello
-r--r--r-- jsmith jsmith user_u:object_r:user_home_t:s0 hello.c
Note that with the daemon stopped, the security context value of “s0” is displayed. mctrans translates this to a null display. Other security contexts are translated from alphanumeric values in their names.
Learn more:http://fedoraproject.org/wiki/SELinux/Understandinghttp://danwalsh.livejournal.com
mdmonitor and mdmpd
These two daemons are used with RAID (redundant array of inexpensive/independent disks) data storage systems. Mdmonitor starts, stops, and reloads the mdadm (multipath device monitoring and management) software RAID monitoring and management utilities. You should only run these daemons if you have RAID storage in your system.
Learn more:http://www.linuxdevcenter.com/pub/a/linux/2002/12/05/RAID.html
messagebus
This is the D-BUS system-wide message bus daemon. This daemon broadcasts notifications of system events and such as changes in the printer queue or the adding and removing of devices. (Note that this is not the same operation as Kudzu, as it can take place while the system is running and not only at boot time.)
Learn more:http://www.freedesktop.org/software/dbus
netplugd and ifplugd
These daemons configure Ethernet devices when cables are plugged in and deconfigure them when the cables are removes. Why would you want this to happen? It makes sense for laptops so that your network connections are only brought up when their cables are attached.
Note that the development of netplugd has been discontinued in favor of ifplugd.
Learn more:http://0pointer.de/lennart/projects/ifplugd
NetworkManager and NetworkManagerDispatcher
The NetworkManager daemon automates switching between network connections. This is a useful daemon for laptop users who switch between wireless WiFi connections and Ethernet connections. The NetworkManagerDispatcher daemon automatically runs scripts (including scripts to force any actions that you want to have happen such as setting up specific routes) when NetworkManager changes the network state.
Learn more:http://www.gnome.org/projects/NetworkManager
named
This daemon is the Domain Name Server. You’ll need to run this daemon only if your system is acting as a DNS server for your network.
Learn more:http://www.dns.net/dnsrd
nfsd
The nfs daemon supports the nfs communications protocol for file sharing across TCP/IP networks. You’ll want to run this daemon if you make use of file systems shared with nfs.
Learn more:http://nfs.sourceforge.net
nscd
This is the name service cache daemon. It takes care of group and password lookups for running programs and then caches the lookup results for the next query for services that can experience slowness in picking up changes such as NIS or LDAP. If you’re running these services, you may want to run nscd.
ntpd
This is the Network Time Protocol daemon. This deamon sets and maintains the system time of day by keeping it in synch with Internet standard time servers. If your system is connected to the Internet (and who isn’t?) then running ntpd will keep your system time correct.
Learn more:http://www.ntp.org
oddjobd
The oddjobd daemon provides the com.redhat.oddjob service on the system-wide message bus. Each facility which oddjobd provides is provided as a separate D-Bus method. oddjobd provides support for unprivileged applications that require privileged operations to be performed.
You should only run this daemon if you are using an application that requires it, such as Conga.
Learn more:http://people.redhat.com/nalin/oddjob/oddjob.htmlhttp://sourceware.org/cluster/conga
openvpn
This daemon supports virtual private networks (VPNs). The daemon startup script says it all:
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port.
If your system is a node in a VPN, then you’ll probably run OpenVPN.
Learn more:http://openvpn.net
pcscd
This is the PC/SC Smart Card Daemon. pcscd is the daemon for pcsc-lite (middleware for accessing smart cards) and the (java-based) MuscleCard framework. It enables communications with smart card readers and smart cards.
(A smart card is a card that is embedded with either a memory chip or microprocessor and a memory chip. And Muscle is the Movement for the Use of Smart Cards in a Linux Environment.)
Learn more:http://www.smartcardalliance.orghttp://pcsclite.alioth.debian.orghttp://www.linuxnet.com/musclecard/index.html
portmap
The portmapper daemon manages RPC (remote procedure call) connections. It converts RPC program numbers into TCP/IP (or UDP/IP) protocol port numbers. The most common use of portmapper is by NFS and NIS.
So, if your system relies on NIS or NFS, don’t turn off the portmap daemon.
Learn more:http://www.linux-nis.org/nis-howto/HOWTO/portmapper.html
postfix
This daemon is a mail transport agent. Unless your system is a mail relay server, you don’t need to run this daemon.
Learn more:http://www.postfix.org
rdisc
This daemon (the router discovery daemon) discovers routers on the local subnet. It is run at boot time to populate the network routing tables with default routes.
Learn more:http://www.informit.com/articles/article.asp?p=23951&rl=1
restorecond
This is an SELinux daemon. restorecond watches for file creation (of files listed in /etc/selinux/restorecond.conf) and then ensures that the files have the correct file context associated with the policy, and then sets the default SELinux file context.
Don’t turn this one off. SELinux needs it.
Learn more:http://fedoraproject.org/wiki/SELinux/Understandinghttp://danwalsh.livejournal.com/
rhnsd
This daemon periodically checks for actions that have been scheduled though the Red Hat Network web interface and runs them. This includes actions such as installing, removing, or updating software, rebooting the system, starting a kickstart installation, or installing configuration files.
Learn more:https://www.redhat.com/rhn/
rpcgssd and rpcidmapd and rpcsvcgssd
The rpcgssd and rpcsvcgssd daemons handle security for RPC. The rpcidmapd maps user names to UID and GID numbers.
If you’re running NFS or NIS, then you should have these daemons running.
Learn more:http://nfs.sourceforge.net/
readahead_early and readahead_later
The readahead daemon causes the programs used during startup to be loaded into memory before they are needed, to improve startup performance.
saslauthd
This is the SASL authentication server daemon. SASL is the Simple Authentication and Security Layer and allows for adding authentication to connection-based protocols.
Learn more:http://asg.web.cmu.edu/sasl
sendmail
This is a SMTP (Simple Mail Transfer Protocol) server. sendmail moves mail from one system to another as a Mail Transport Agent. If you run a mail program such as Thunderbird or Evolution, you don’t need to run sendmail.
Learn more:http://www.sendmail.org
setroubleshoot
This is the SELinux Troubleshooting Daemon. setroubleshooter is one of the great recent additions to SELinux. setroubleshooter provides real-time feedback to users on SELInux AVC denials. And it provides this feedback in a easy to follow format.
Learn more:https://hosted.fedoraproject.org/projects/setroubleshoot
smartd
This daemon monitors the SMART (Self-Monitoring, Analysis and Reporting Technology) systems included in many types of disk drives, such as SCSI-3 type drives. The daemon will monitor reliability and performs self-tests. You should run this daemon if your hardware supports it.
Learn more:http://sourceforge.net/projects/smartmontools
spamassassin
This daemon uses the Apache SpamAssassin program to check email for SPAM. It is usually run on a mail deleivery agent (MDA) server. If you use a client program such as Thunderbird or Evolution to access your mail, then you don’t need to run spamassassin.
Learn more:http://spamassassin.apache.org
sshd
This is the daemon for open ssh. ssh replaces the insecure rsh and rlogin programs and enables encryption for communications between hosts over insecure networks. If you connect with other systems over the public Internet, you want to use ssh and run this daemon.
Learn more:http://www.ssh.comhttp://www.openssh.com
syslog
syslog is the standard logging system for Linux systems. Don’t turn this one off.
Learn more:http://www.syslog.org
winbind
This daemon is part of the Samba suite and enables Windows domain users to function as Unix users on Unix servers. You may want to run this daemon if you’re dealing with a mixed PC and Linux/Unix network.
Learn more:http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.htmlhttp://www.samba.org
xfs
This damon is the xfs font server. This daemon loads fonts into memory to enable X applications to run faster than if they had to load the fonts from disk. This daemon is worth running to improve application performance.
Learn more:http://linuxreviews.org/howtos/xfree/xfs
ypbind
This daemon binds NIS clients to an NIS domian. The “yp” refers to “yellow pages,” as the NIS directory of user accounts acts like the telephone book yellow pages. You only want to run this daemon if your system relies on NIS (Network Information Service) for user accounts and system names.
Learn more:http://www.linux-nis.org
yum-updatesd
yum-updatesd checks for software updates and can send notifications of these updates via mail, dbus, or syslog messages, or can automatically install the updates. The dbus messages are picked up by the “puplet” (package updater), which notifies the user of the updates and lets the user install them.
Learn more:http://linux.duke.edu/projects/yumhttp://www.redhat.com/magazine/024oct06/features/fc62
References
“Which Services Can I Disable?,” Dinkar, TejasLinux Services, Devices, and DaemonsFedora Core 3 Linux ServicesServices in Fedora, Mauriat Miranda
Acknowledgments
I’d like to acknowledge the information presented by Mauriet Miranda in his “Services in Fedora” web-site. His work was especially helpful as a starting point for researching this article. Also, I’d like to thank Christopher Smith, James Bowes, and Dan Walsh for their insightful technical information in writing the article.
Len DiMaggio is a QE Engineer at Red Hat in Westford, Massachusettes and has published articles on software engineering in Red Hat Magazine, Dr. Dobbs Journal, Software Development Magazine, IBM Developerworks, STQE, and other journals.
This entry was posted by Len DiMaggio on Friday, March 9th, 2007 at 6:17 am and is filed under Red Hat Enterprise Linux. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
16 responses to “Understanding your (Red Hat Enterprise Linux) daemons”
Ben Russo says: March 9th, 2007 at 11:18 am
How about adding a “service XXX help” init script command option that would give a description of the service and give examples of what types of servers should have it running, and what types of servers could turn it off. It could just look under /usr/share/doc/services/XXX for a file. each RPM that installs a file in /etc/init.d would drop a corresponding description in /usr/share/doc/services/
Thanks!-Ben.
Ashish Malik says: March 10th, 2007 at 1:10 am
The article was great…:) It’s difficult to find such type of info about all the services at one place. Finally, RedHat did it. It’s a good tutorial for beginners.
But I am not bale to find about “service httpd condrestart”. What does this condrestart does?
Len DiMaggio says: March 10th, 2007 at 2:14 pm
Hi Ashish – thanks for the kind comment – here’s a fragment from the httpd startup script – the “condrestart” is a conditional restart. it only restarts the service if it’s running, unlike restart, which always restarts the service.
==================================restart)stopstart;;condrestart)if [ -f ${pidfile} ] ; thenstopstartfi;;==================================
Jovonnie Chesney says: March 13th, 2007 at 3:28 am
I agree with Ashish-this is an excellent and well written! Len, thank you for consolidating information from multiple sources into a single, easy to digest article that is both practical and a great study resource.
Wolf says: March 14th, 2007 at 3:26 pm
/sbin/service –status-all should be /sbin/service -–status-all
hermouche says: March 18th, 2007 at 8:36 pm
Great job.Agree with Wolf.thanks
Len DiMaggio says: March 19th, 2007 at 1:50 am
Wolf is correct – the syntax is: /sbin/service -–status-all
Good catch!
Swapnil says: March 21st, 2007 at 11:27 pm
Thanks a lot for this article.I was looking for this for quite some time.
Dean Gibson says: April 4th, 2007 at 2:39 pm
I don’t agree that “If you run a mail program such as Thunderbird or Evolution, you don’t need to run sendmail.” The two programs perform different tasks.
If your system generates mail messages (eg, the daily logwatch), then you probably need to run sendmail or postfix.
Fred New says: April 5th, 2007 at 2:23 am
This is a useful list of services. Well done. If this isn’t already available in the online Red Hat documentation, it would probably find more readers there. It would also be useful to know how to configure IP tables ports for various services, like for CUPS, NFS and Samba. And speaking of Samba, maybe nmb and smb should be in this list.
Vladimir says: April 10th, 2007 at 10:01 pm
It’s a good tutorial for beginnersBest Regards!
Patrick Wolfe says: September 9th, 2007 at 10:45 am
rpcgssd, rpcsvcgssd and rpcidmapd are only used by version 4 of the NFS protocol. Since most NFS clients use version 3, not version 4, these daemons are quite often safe to disable.
The easy way to tell which version you use is by checking your /etc/fstab and /etc/auto.* files. If you use the fstype “nfs”, you’re using protocol version 3. If you see “nfs4″, then you’re using protocol version 4, and require these daemons.
http film says: February 1st, 2008 at 3:55 pm
http film
cool site
Vitaly says: March 31st, 2008 at 4:40 am
Regarding HAL daemon – is it used only by “desktop” application? I.e., may I stop hald for runlevel 3?
Tux Training » Blog Archive » A step-by-step guide to building a new SELinux policy module says: May 12th, 2008 at 4:46 pm
[...] Since simple daemon applications usually have security goals close to what the application is designed to do,a good place to begin writing policy is for daemons started during the system startup routines or CGI scripts. Avoid writing policy for user applications until you thoroughly understand SELinux and your security goals for that application. [...]
Amr Hamdy says: January 28th, 2009 at 7:32 pm
Thanks a lot,Very useful article … It’s the only article I found to mention the real need or no-need to run mcstrans service
Comments