JET Academy

Category: Software

What is Daemon?

Daemon — a special type of process in Unix, Linux, and Unix-like operating systems that runs in the background, does not directly interact with users, and provides system or network services. Daemons start when the system boots and run continuously until the computer is shut down. The name comes from the expression "Disk And Execution MONitor" or from helper spirits (daimon) in Greek mythology. In Windows systems, these types of processes are called "services."

What is a Daemon?

A daemon is a system process without a user interface, not attached to a terminal or desktop, that operates independently. Daemons provide the core functionality of the operating system and manage various system services — network connections, scheduled tasks, logging, hardware monitoring, print service, etc.

Main characteristics of daemons:

Background operation: Daemons have no terminal or GUI of their own. Users don't see them, but they run continuously.

Parent process: Daemons typically become "children" of the init process (PID 1, systemd or SysVinit). The daemon detaches itself from the parent process and operates independently.

Session leader: Daemon creates a new session and process group and detaches from the controlling terminal.

Persistence: Runs from system boot to shutdown. Some daemons start on-demand when needed.

Root privileges: Many daemons run with root (superuser) privileges because they provide system-level functionality.

Naming convention: In Unix/Linux, daemon names typically end with the letter "d" — sshd, httpd, systemd, cron daemon (crond), syslogd, etc.

History of Daemons

The daemon concept originated in the late 1960s at MIT during Project MAC and CTSS (Compatible Time-Sharing System). The term was first used in 1963.

Unix era (1970s): In the Unix operating system, daemons became a core component. Ken Thompson and Dennis Ritchie developed the daemon concept. One of the first daemons was the printer spooler.

BSD Unix (1970s-1980s): In Berkeley Software Distribution (BSD) Unix, daemons were standardized. Network daemons (inetd - internet super-server) were created.

Linux era (1990s to present): In the Linux kernel (1991, Linus Torvalds), the daemon concept was preserved and developed. systemd (2010) became the modern init and daemon manager.

Types of Daemons

1. System Daemons

Daemons operating at system level that provide core operating system functions.

init / systemd:

  • PID 1, "parent" of all other processes
  • System initialization, service management
  • systemd is the dominant init system and daemon manager in modern Linux

syslogd / rsyslogd / journald:

  • System logging daemon
  • Collects and stores log messages from kernel and programs
  • Log files in /var/log/ folder
  • journald is systemd's logging service

udevd:

  • Device manager daemon
  • Dynamic detection and configuration of hardware devices
  • When USB, disk, network card is connected, udevd loads appropriate drivers and creates device nodes (/dev/sda, /dev/usb0)

acpid:

  • Advanced Configuration and Power Interface daemon
  • Power management events (when laptop lid closes, battery is low)
  • Suspend, hibernate, shutdown functions

crond (cron daemon):

  • Scheduled task execution
  • Executes commands at specified times based on crontab files
  • Backup, log rotation, system maintenance tasks
  • Example: Running backup script every night at 2:00 AM

atd:

  • "at" command daemon
  • One-time scheduled tasks (unlike cron, not recurring)

2. Network Daemons

Daemons providing network services.

sshd (SSH daemon):

  • Secure Shell server
  • Remote login and secure command execution
  • Listens on port 22
  • SSH key authentication, encrypted connection

httpd / apache2 / nginx:

  • Web server daemon
  • Services HTTP/HTTPS requests
  • Web site and application hosting
  • apache2 and nginx are the most popular web servers

ftpd / vsftpd:

  • FTP (File Transfer Protocol) server daemon
  • File upload/download service
  • vsftpd (Very Secure FTP Daemon) is a secure FTP server

smbd / nmbd (Samba):

  • SMB/CIFS protocol daemon
  • Windows file sharing on Linux
  • Network printer sharing

named / bind:

  • DNS (Domain Name System) server daemon
  • Domain name resolution
  • Authoritative and recursive DNS server

dhcpd:

  • DHCP (Dynamic Host Configuration Protocol) server daemon
  • Automatic IP address assignment on network

ntpd / chronyd:

  • Network Time Protocol daemon
  • System clock synchronization
  • Synchronization with time server

postfix / sendmail / exim:

  • Mail Transfer Agent (MTA) daemon
  • Email sending and receiving
  • SMTP server

3. Hardware and Device Daemons

Services related to hardware.

cupsd:

  • Common Unix Printing System daemon
  • Print job management
  • Printer discovery, driver management
  • Web interface (localhost:631)

bluetoothd:

  • Bluetooth device management
  • Bluetooth pairing, connection

avahi-daemon:

  • Zeroconf networking (mDNS/DNS-SD)
  • Service discovery on local network
  • Automatic printer, file share discovery

udisks2:

  • Disk management daemon
  • USB, external HDD auto-mounting
  • Disk info, partition management

4. Desktop and User Daemons

Daemons running at desktop environment and user level.

pulseaudio / pipewire:

  • Audio server daemon
  • Sound mixing, routing
  • Manages multiple audio sources

NetworkManager:

  • Network connection management
  • Wi-Fi, Ethernet, VPN, mobile broadband
  • GUI and CLI interface (nmcli, nmtui)

dbus-daemon:

  • D-Bus message bus daemon
  • Inter-process communication (IPC)
  • Message exchange between desktop applications

gvfsd:

  • GNOME Virtual File System daemon
  • Remote file system access (SSH, FTP, SMB)

polkitd:

  • PolicyKit daemon
  • Privilege escalation and authorization
  • When user requests temporary admin privileges (password dialog)

5. Database and Application Daemons

Daemons for specific applications and databases.

mysqld / mariadb:

  • MySQL/MariaDB database server daemon
  • SQL database service

postgresql:

  • PostgreSQL database server daemon

mongod:

  • MongoDB NoSQL database daemon

redis-server:

  • Redis in-memory data structure store daemon
  • Cache, session storage, message broker

dockerd:

  • Docker container runtime daemon
  • Container creation, management, networking

containerd:

  • Container runtime daemon (used by Docker and Kubernetes)

Operating Principle of Daemons

Daemon Creation (Daemonization)

To make a program a daemon, the following steps are executed:

1. Fork: Parent process creates child process with fork() system call and then exits. Child process becomes orphan and is adopted by init.

2. Setsid: Child process creates new session with setsid() and becomes session leader. This ensures detachment from controlling terminal.

3. Fork again: Session leader forks again and parent exits. This completely removes the daemon's ability to control a terminal.

4. Chdir: Changes working directory to root (/) or specific folder. This prevents preventing unmounting of mounted file systems.

5. Umask: Resets file creation mask (umask(0)). Ensures proper permissions for files created by daemon.

6. Close file descriptors: STDIN, STDOUT, STDERR and other open file descriptors are closed or redirected to /dev/null.

7. Signal handling: Assigns handlers for signals like SIGHUP, SIGTERM. SIGHUP is typically used for configuration reload.

8. PID file: Daemon stores its PID in a file (/var/run/daemon.pid) to prevent another instance from starting or for easier management.

Daemon Lifecycle

Start: Started by init system (systemd) or manually.

Run: Runs continuously in background. Reacts to events (network request, timer, signal).

Reload: Configuration reloaded with SIGHUP signal (without restart).

Stop: Stopped with SIGTERM or SIGKILL. Graceful shutdown (saves data, closes connections).

Restart: Stop + Start combination.

systemd and Daemon Management

In modern Linux distributions, systemd manages daemons.

systemd unit file: Each daemon has a .service file (/etc/systemd/system/ or /lib/systemd/system/).

Example: sshd.service

[Unit]

Description=OpenSSH server daemon

After=network.target


[Service]

Type=notify

ExecStart=/usr/sbin/sshd -D

ExecReload=/bin/kill -HUP $MAINPID

KillMode=process

Restart=on-failure


[Install]

WantedBy=multi-user.target

systemctl commands:

# Start daemon

sudo systemctl start sshd


# Stop daemon

sudo systemctl stop sshd


# Restart daemon

sudo systemctl restart sshd


# Reload configuration (without restart)

sudo systemctl reload sshd


# Daemon status

systemctl status sshd


# Auto-start daemon on boot

sudo systemctl enable sshd


# Disable auto-start

sudo systemctl disable sshd


# List of all daemons

systemctl list-units --type=service


# Failed daemons

systemctl --failed

journalctl - daemon logs:

# sshd logs

journalctl -u sshd


# Real-time log (like tail -f)

journalctl -u sshd -f


# Last 100 lines

journalctl -u sshd -n 100


# Since today

journalctl -u sshd --since today

SysVinit and Daemon Management (older systems)

Older Linux distributions used SysVinit.

/etc/init.d/ scripts: Shell script for each daemon.

# Start daemon

sudo /etc/init.d/ssh start


# Stop daemon

sudo /etc/init.d/ssh stop


# Restart

sudo /etc/init.d/ssh restart


# Status

sudo /etc/init.d/ssh status


# or service command

sudo service ssh start

Runlevel: 0 (halt), 1 (single-user), 2-5 (multi-user), 6 (reboot). Configuration of which daemons run at each runlevel.

Windows Services

In Windows, daemons are called "services" and operate on the same principle.

Services.msc: Windows Service Manager GUI.

Service Control Manager (SCM): Windows service management system.

Commands:

# Start service

net start ServiceName

sc start ServiceName


# Stop service

net stop ServiceName

sc stop ServiceName


# Service status

sc query ServiceName


# All services

sc query type= service state= all

PowerShell:

Get-Service

Start-Service -Name "ServiceName"

Stop-Service -Name "ServiceName"

Restart-Service -Name "ServiceName"

Windows service examples: Windows Update, Windows Defender, DHCP Client, DNS Client, Task Scheduler, Print Spooler, Windows Audio.

Daemon Security

Privilege separation: Daemons should run with minimal necessary privileges. Starting as root then switching to unprivileged user (privilege dropping).

Chroot jail: Running daemon in restricted file system. Malicious daemon cannot access rest of system.

SELinux / AppArmor: Mandatory access control. Daemon has access only to necessary files and resources.

Firewall rules: Network daemons should be accessible only from necessary ports.

Regular updates: Latest version of daemon software and security patches.

Log monitoring: Monitoring daemon logs for suspicious activity. Tools like fail2ban can automatically block.

Disable unused daemons: Unused daemons should be disabled (reducing attack surface).

Daemon Troubleshooting

Daemon won't start:

# Check status

systemctl status daemon-name


# Look at logs

journalctl -u daemon-name -n 50


# Check config file syntax

daemon-name -t # (Apache: apachectl configtest)


# Check file permissions

ls -l /path/to/daemon/files


# Check port conflict

sudo netstat -tulpn | grep :80

Daemon crashes and restarts:

# Check core dump

coredumpctl list

coredumpctl info PID


# Check resource limits

systemctl show daemon-name | grep Limit


# Memory and CPU usage

top, htop

Performance problem:

# Daemon resource usage

ps aux | grep daemon-name

pidstat -p PID 1


# Strace - trace system calls

sudo strace -p PID


# lsof - open files

sudo lsof -p PID

Future of Daemons

Containerization: In Docker and Kubernetes, daemons run in containers. systemd is also used in containers.

Microservices: Small, specialized services instead of monolithic daemons. API-based communication.

Cloud-native: Daemons optimized for cloud environments. Stateless, scalable.

Security enhancement: Zero-trust architecture, least privilege, sandboxing.

Observability: Advanced monitoring, tracing, metrics. Prometheus, Grafana integration.

In conclusion, daemons are a core component of Unix/Linux operating systems and provide system services in the background. In every area — network, logging, hardware, database — daemons play an important role. systemd has simplified and strengthened modern daemon management. Proper configuration, security, and monitoring of daemons is a core responsibility of the system administrator. In Windows it's a service, in Unix/Linux it's a daemon — the principle is the same: processes that provide continuous service in the background. Understanding and managing daemons is a fundamental skill for server administration, DevOps, and system engineering.

Register to Learn More About Our Courses

Tags:

daemon

Related Terms:

SoftwareSystem SoftwareOperating SystemWindows

Other Course Fields