Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

RHEL 6 Daemons

News RHEL Daemons Recommended Books Recommended Links Disabling the avahi daemon How to disable SELinux Checklist for Securing RedHat Li systemd
Cron Wheel Group PAM Networking NTP configuration SELinux LVM Xinetd
RPM YUM Apache rsyslog SSH NFS Samba NTP
Apache pure-ftpd vsftpd Xinetd        
rsync Sendmail postfix VNC/VINO RC scripts Tips Humor Etc

Here are daemons that are "on" in a typical RHEL 5 installation:

# chkconfig --list | grep ':on'
acpid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
anacron         0:off   1:off   2:on    3:on    4:on    5:on    6:off
atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
autofs          0:off   1:off   2:off   3:on    4:on    5:on    6:off
cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
firstboot       0:off   1:off   2:off   3:on    4:off   5:on    6:off
gpm             0:off   1:off   2:on    3:on    4:on    5:on    6:off
haldaemon       0:off   1:off   2:off   3:on    4:on    5:on    6:off
irqbalance      0:off   1:off   2:on    3:on    4:on    5:on    6:off
jexec           0:on    1:on    2:on    3:on    4:on    5:on    6:on
kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
lm_sensors      0:off   1:off   2:on    3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
mcstrans        0:off   1:off   2:on    3:on    4:on    5:on    6:off
mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:off   3:on    4:on    5:on    6:off
microcode_ctl   0:off   1:off   2:on    3:on    4:on    5:on    6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfslock         0:off   1:off   2:off   3:on    4:on    5:on    6:off
portmap         0:off   1:off   2:off   3:on    4:on    5:on    6:off
rawdevices      0:off   1:off   2:off   3:on    4:on    5:on    6:off
readahead_early 0:off   1:off   2:on    3:on    4:on    5:on    6:off
readahead_later 0:off   1:off   2:off   3:off   4:off   5:on    6:off
rhnsd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
rpcgssd         0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcidmapd       0:off   1:off   2:off   3:on    4:on    5:on    6:off
sendmail        0:off   1:off   2:on    3:on    4:on    5:on    6:off
smartd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
sysstat         0:off   1:off   2:on    3:on    4:off   5:on    6:off
vsftpd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
xfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off
xinetd          0:off   1:off   2:off   3:on    4:on    5:on    6:off
yum-updatesd    0:off   1:off   2:on    3:on    4:on    5:on    6:off

That's 38 daemons in the list above. That reminds me Windows. Many of those do not have man pages (lm_sensors, lvm2-monitor, mcstrans, messagebus, netfs, rpcgssd, rpcidmapd) so who any why is using them for ordinary sysadmin is unknown.

Here are daemons that are typically off in a RHEL installation (in the example below along with junk daemons like avahi-daemon includes SElinux and iptables/ip6tables ;-):

[0]root@lusytp08: # chkconfig --list | grep -v ':on'
NetworkManager  0:off   1:off   2:off   3:off   4:off   5:off   6:off
avahi-daemon    0:off   1:off   2:off   3:off   4:off   5:off   6:off
avahi-dnsconfd  0:off   1:off   2:off   3:off   4:off   5:off   6:off
capi            0:off   1:off   2:off   3:off   4:off   5:off   6:off
cups            0:off   1:off   2:off   3:off   4:off   5:off   6:off
dnsmasq         0:off   1:off   2:off   3:off   4:off   5:off   6:off
dovecot         0:off   1:off   2:off   3:off   4:off   5:off   6:off
ip6tables       0:off   1:off   2:off   3:off   4:off   5:off   6:off
ipmi            0:off   1:off   2:off   3:off   4:off   5:off   6:off
iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
iscsi           0:off   1:off   2:off   3:off   4:off   5:off   6:off
iscsid          0:off   1:off   2:off   3:off   4:off   5:off   6:off
isdn            0:off   1:off   2:off   3:off   4:off   5:off   6:off
kdump           0:off   1:off   2:off   3:off   4:off   5:off   6:off
ktune           0:off   1:off   2:off   3:off   4:off   5:off   6:off
mdmpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
multipathd      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netplugd        0:off   1:off   2:off   3:off   4:off   5:off   6:off
nfs             0:off   1:off   2:off   3:off   4:off   5:off   6:off
ntpd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
o2cb            0:off   1:off   2:off   3:off   4:off   5:off   6:off
ocfs2           0:off   1:off   2:off   3:off   4:off   5:off   6:off
oraclevalidated 0:off   1:off   2:off   3:off   4:off   5:off   6:off
pcscd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
psacct          0:off   1:off   2:off   3:off   4:off   5:off   6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
restorecond     0:off   1:off   2:off   3:off   4:off   5:off   6:off
rpcsvcgssd      0:off   1:off   2:off   3:off   4:off   5:off   6:off
saslauthd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
setroubleshoot  0:off   1:off   2:off   3:off   4:off   5:off   6:off
smb             0:off   1:off   2:off   3:off   4:off   5:off   6:off
snmpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
snmptrapd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
spamassassin    0:off   1:off   2:off   3:off   4:off   5:off   6:off
svnserve        0:off   1:off   2:off   3:off   4:off   5:off   6:off
vncserver       0:off   1:off   2:off   3:off   4:off   5:off   6:off
wdaemon         0:off   1:off   2:off   3:off   4:off   5:off   6:off
winbind         0:off   1:off   2:off   3:off   4:off   5:off   6:off
wpa_supplicant  0:off   1:off   2:off   3:off   4:off   5:off   6:off
ypbind          0:off   1:off   2:off   3:off   4:off   5:off   6:off

xinetd based services:
        chargen-dgram:  off
        chargen-stream: off
        daytime-dgram:  off
        daytime-stream: off
        discard-dgram:  off
        discard-stream: off
        echo-dgram:     off
        echo-stream:    off
        omni:           on
        rmcp:           off
        rsync:          off
        tcpmux-server:  off
        telnet:         on
        tftp:           off
        time-dgram:     off
        time-stream:    off

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

What is messagebus service used for in Red Hat Enterprise Linux

Red Hat Customer Portal

What is messagebus service used for in Red Hat Enterprise Linux ?
(Updated 23 May 2011, 9:04 AM GMT

On servers, D-Bus is used by applications such as hald to communicate with libvirt, rhn_register, and yum-updatesd.

On desktops, GNOME and KDE use this extensively, and require this service to be enabled to function correctly.

This is an essential service, and should be enabled on boot. For further information on D-Bus, refer to http://www.freedesktop.org/wiki/Software/dbus

Understanding your (Red Hat Enterprise Linux) daemons by

A Unix daemon is a program that runs in the "background," enabling you to do other work in the "foreground," and is independent of control from a terminal. Daemons can either be started by a process, such as a system startup script, where there is no controlling terminal, or by a user at a terminal without "tying up" that terminal as the daemon runs. But which daemons can you safely play with? Which should you leave running?

An introduction to daemons

The real-world (i.e., non-computer) definition of "daemon" is either a spirit (an evil one) or an inner or private voice. It's interesting to note that each of the real-world definitions actually does apply to Unix daemon programs. Like mythological daemons, Unix daemon programs skulk around unseen in the background just as a daemon would. And daemons act like an inner voice in that they can run continuously and, like a conscience, can always be accessed. The word "daemon" is one of those cases of chicken and egg computer acronyms in search of a definition and supposedly is based on "Disk And Execution MONitor" program.

An introduction to services

The daemons referenced in /etc/init.d are configured to be run as Linux services. Services are programs that are started and stopped through the init scripts in the /etc/init.d directory. Many of these services are launched when the system is booted. The /sbin/service utility provides a consistent interface to executing the init scripts. The init scripts provide a consistent interface to managing a service by providing options that start, stop, restart, query status, and perform other actions on services. For example, the httpd service init script provides these options:

/sbin/service httpd
Usage: httpd {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}

You can view the current state of all services with this option to the service utility:

/sbin/service –status-all
acpid (pid 2481) is running...
anacron (pid 2647) is running...
atd (pid 2657) is running...
auditd (pid 2189) is running...
....

Runlevel information for these services, that is, the settings for which system runlevel the service will be started at boot time, can be queried and modified with the chkconfig utility. For example, to query the current settings for the syslog service:

/sbin/chkconfig --list syslog
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

This shows that that syslog service will be automatically started at boot-time for runlevels 2, 3, 4, and 5. To set the service to not start for runlevels 3 and 4 (not a good idea, by the way), you would use these options for the chkconfig utility:

/sbin/chkconfig –levels 34 syslog off

The /usr/bin/system-config-services utility provides a GUI interface that enables you to both query and modify the current state of a service, as well as its defined run levels. See Illustration 1.

Illustration 1

Illustration 1: The /usr/bin/system-config-services utility GUI

Let's look at how these services and daemons appear in output from ps. Here's a short list:

UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 23:36 ?        00:00:00 init [5]
root      2161     1  0 23:37 ?        00:00:00 auditd
root      2177     1  0 23:37 ?        00:00:00 syslogd -m 0
root      2180     1  0 23:37 ?        00:00:00 klogd -x
root      2207     1  0 23:37 ?        00:00:00 mcstransd
root      2254     1  0 23:37 ?        00:00:00 rpc.statd
root      2287     1  0 23:37 ?        00:00:00 rpc.idmapd
root      2577     1  0 23:37 ?        00:00:00 crond
root      2631     1  0 23:37 ?        00:00:00 /usr/sbin/atd
root      2654     1  0 23:37 ?        00:00:00 rhnsd --interval 240

What's important to note here? (Other than I'm staying up too late at night, that is.) For each of the daemons, the parent process ID (PPID) is 1. This indicates that the daemons were started up during the boot process by init.

A useful tool for viewing the "tree" of processes and their parents is "pstree." Here's a fragment of the output from pstree:

init-+
     |-NetworkManager---2*[{NetworkManager}]
     |-NetworkManagerD
     |-acpid
     |-atd
     |-auditd-+-python
     |        `-{auditd}
     |-avahi-daemon---avahi-daemon
     |-bonobo-activati---{bonobo-activati}
     |-crond
     |-cupsd---cups-polld
     |-2*[dbus-daemon---{dbus-daemon}]
     |-dbus-launch
     |-dhcdbd---dhclient

A closer look at your system's daemons

So much for background information. Let's take a look at your system's daemons and see which ones you can safely play with. Note that for this article, the system used was running the Red Hat Enterprise Linux Beta 2 release, workstation configuration. Based on your specific system, you may see more or fewer daemons, or even some not included here.

We've listed web-sites where you can learn more about these daemons, but the best place to start learning is the manpage. O'Reilly also has an excellent alphabetic index of Linux commands and wikipedia.org has entries for most of these daemons. And, don't forget to look in the README files.

acpid

This is the daemon for the Advanced Configuration and Power Interface (ACPI). ACPI is an open industry standard for system control related actions, most notably plug-and-play hardware recognition and power management, such as startup and shutdown and putting systems into low poser consumption modes.

You'll probably never want to shut down this daemon, unless you are explicitly instructed to do so to debug a hardware problem.

Learn more:
http://www.acpi.info

anacron

One of the problems with living on a laptop, as so many of us do these days, is that when you set up a cron job to run, you can't always be sure that your laptop will be running at the time that the job should run. anacron (the name refers to its being an "anachronistic cron") gets around this problem by scheduling tasks in days. For example, anacron will run a job if the job has not been run in the specified number of days.

When are you safe not running anacron? When your system is running continuously. Should you simply stop cron from running if you have anacron running? No; anacron is able to specify job intervals in days, not hours and seconds.

Learn more:
http://anacron.sourceforge.net

apmd

This is the daemon for the Advanced Power Management (APM) BIOS driver. The APM hardware standard and apmd are being replaced by ACPI and acpid. If your hardware supports ACPI, then you don't need to run apmd.

atd

This is the daemon for the at job processor (at enables you to run tasks at specified times). You can turn off this daemon if you don't use it.

autofs

This daemon automatically mounts disks and file systems that you define in a configuration file. Using this daemon can be more convenient that explicitly mounting removable disks.

Learn more:
http://freshmeat.net/projects/autofs

auditd

The Linux Auditing System provides kernel-resident logging of system calls and user space tools to collect and view the logs. The auditd daemon writes the logging records to disk. auditd is configurable to allow control over what information is written to the logs.

Why should you keep auditd running? The information in the log may prove useful in debugging security-related issues. For example, auditd is used to log SELinux events. There are also utilities such as aureport that enable you to view the audit log. Here's an example of a report generated by aureport:

Summary Report
======================
Range of time in logs: 11/28/2006 06:07:04.800 - 02/06/2007 21:10:09.957
Selected time for report: 12/31/1969 19:00:00 - 02/06/2007 21:10:09.957
Number of changes in configuration: 285
Number of changes to accounts, groups, or roles: 32
Number of logins: 145
Number of failed logins: 11
Number of users: 2
Number of terminals: 22
Number of host names: 11
Number of executables: 27
Number of files: 91
Number of AVC denials: 688
Number of MAC events: 12
Number of failed syscalls: 404
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 0
Number of process IDs: 14022
Number of events: 70694

Avahi-daemon and avahi-dnsconfd

The Avahi website defines Avahi as: 'a system which facilitates service discovery on a local network. This means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to, or find files being shared…' Avahi is a Zeroconf implementation. Zeroconf is an approach that enables users to create usable IP networks without having special configuration servers such as DNS servers.
A common use of the avahi-daemon is with Rhythmbox, so you can see music that is made available to be shared with others. If you're not sharing music or files on your system, you can turn off this daemon.

Learn more:
http://avahi.org
http://zeroconf.org

Bluetooth and hidd and pand

The name says it all. Run this service to enable your system to make use of Bluetooth devices. The name of the actual daemon is hcid (Host Controller Interface Daemon).

There's also a daemon named hidd. This is the Bluetooth Human Interface Device Daemon. It provides keyboard, mouse, and track-ball device support over Bluetooth.

And, there's pand. This daemon enables your computer to connect to ethernet networks using Bluetooth.

Learn more:
http://www.bluetooth.com
http://bluez.sourceforge.net/contrib/HOWTO-PAN

capi

This daemon supports the Common ISDN Application Programming Interface. You'll run this if you're connecting to ISDN hardware components. The service runs capiinit.

Learn more:
http://www.capi.org/pages

conman

No, this isn't related to late-night infomercials about real estate investing. The conman service (and the conmand daemon) support console management. This supports multiple console devices and simultaneous users. It supports local serial devices and remote terminal servers (via the telnet protocol). If you're managing multiple servers, you may want to run conman.

Learn more:
http://home.gna.org/conman/

cpuspeed

This daemon adjusts the CPU speed based on the power consumption. Less power is used when the CPU is idle, and more power is available when needed to improve performance. If you're running on a laptop, you might want to consider running cpuspeed.

Learn more:
http://carlthompson.net/Software/CPUSpeed

crond

This daemon automates the running of tasks. These jobs are necessary for any Linux or Unix system. Don't stop or disable this one.

Learn more:
http://www.unixgeeks.org/security/newbie/unix/cron-1.html
http://www.linuxhelp.net/guides/cron/

CUPS and cups-config-daemon

This daemon is the "Common UNIX Printing Solution." Like the name implies, it's a printing system that can handle multiple data formats and printers. If you want to print, leave this daemon running.

Learn more:
http://www.cups.org
http://www.easysw.com/cups/index.php

dhcdbd

This is the DHcp Client D-Bus Daemon. According to The Free DeskTop wiki,

D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a "single instance" application or daemon, and to launch applications and daemons on demand when their services are needed.

Do you want to run this daemon? If you're running your system on a network (and who isn't?), especially if you're moving between networks such as when you move from a wired network to wireless as you move around your office, then you should be running NetworkManager. (We'll discuss NetworkManager in a bit.)

The dhcdbd daemon provides a D-Bus interface to dhclient, the DHCP client from ISC. This makes it possible for NetworkManager can to query and control dhclient.

Learn more:
http://www.freedesktop.org/wiki/Software/dbus

gpmd

This daemon enables you to use your mouse in text-based applications such as the Midnight Commander file manager and on the console. You might find this useful if you're working through situations in the console; otherwise, you'll be working in the X windowing system and you might never need gpmd.

hald

No, this isn't related to the evil computer in the film "2001, A Space Odyssey." In this context, HAL refers to the "Hardware Abstraction Layer." The HAL daemon collects this information about hardware devices from the kernel and the hardware and makes it available in a consistent manner.

Don't turn off this daemon. Multiple applications rely on it.

Learn more:
"Desktop and hardware configuration," by David Zeuthen

hplipd

This daemon supports HP Linux Imaging and Printing (HPLIP) for printing, scanning, and faxing with HP inkjet and laser printers. HPLIP works CUPS by providing a backend to connect to HP devices.

Learn more:
http://hplip.sourceforge.net

hsqldb

This is the daemon for a Java relational database. The daemon gets its name from the Hypersonic SQL project that has been discontinued. hsqldb is used widely in open source projects such as OpenOffice (it's the database behind the "base" feature) and is often used in demonstration programs, as it can run entirely in memory. It also runs fast. Should you run this daemon? Only if you have a specific program that makes use of it. But, it's a very useful tool, and if you're not familiar with it, it's worth taking a look.

Learn more:
http://hsqldb.org
http://dba.openoffice.org

httpd

The Apache web server. Used by almost 60% of all websites. If you want to host a website, you run Apache. Need we say more?

Learn more:
http://httpd.apache.org

ip6tables and iptables

These daemons are firewalls. A firewall, according to Wikipedia, is an "information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based."

iptables functions by maintaining tables of IPv4 packet filter rules in the kernel. It checks incoming and outgoing packets against these rules and blocks packets that don't meet the rules. ip6tables does the same for IPv6 packets.

Which should you run? Both. Always. It's a dangerous world on the 'net.

Learn more:
http://www.netfilter.org
http://www.ipv6.org

irda

IrDA (Infrared Data Association) is an industry standard for inter-device wireless, infrared communications. Most laptops are configured with an IrDA infrared transceiver. You only need to run this daemon if you need to communicate via an infrared connection to other devices.

Learn more:
http://irda.sourceforge.net

irqbalance

This daemon distributes hardware interrupts to the CPUs in SMP (symmetric processor: multi-processor architecture) systems to increase performance. The daemon balances savings in power consumption with performance.

You need not run this daemon on single processor systems, as it only has an effect on multiple-processor systems. Red Hat Kbase articles1 indicate that irqbalance is relevant on x86, x86_64, and AMD systems.

Learn more:
http://www.irqbalance.org

kudzu

This is a very useful daemon. At boot time, it detects if hardware devices have been added to or removed from the the system. It"s worthwhile to run kudzu at boot time, even if you don't plan on adding or removing hardware often. You might run into a situation where you add a device and just assume that the system will figure out that it's there. Also, since kudzu only runs at boot time, and does not stay running, there's no performance hit on the system.

Learn more:
http://fedora.redhat.com/projects/additional-projects/kudzu

lisa

This daemon gets its name from Lan Information Server. lisa provides a function similar to the MS-Windows Network Neighborhood and provides you access to servers, including CIFS (Common Internet File Systems) servers on your network. lisa only needs the TCP/IP stack to function. It sends ICMP echo requests to ranges of IP address that you define in its configuration file and waits for responses.

Learn more:
http://docs.kde.org/stable/en/kdenetwork/lisa
http://docs.kde.org/userguide/networking-with-windows.html
http://lisa-home.sourceforge.net

lm_sensors

This daemon supports monitoring temperatures, voltages, and cooling fans. In order to make use of this daemon, your system hardware has to include sensors to perform this monitoring. You can only run this daemon if your hardware can support if. You probably don't want to run this daemon on a workstation. It's more likely to be used for hi-end, mission critical servers.

Learn more:
http://www.lm-sensors.org
http://freshmeat.net/projects/lm_sensors

mcstrans

SELinux Context Translation System Daemon. This daemon translates security context informartion into a human readable form. You can probably stop this daemon, but if you do, you'll see a change in the SELinux information displayed with ls -Z. For example, with the daemon running, you'll see:

ls -Z
-rw-r--r--  jsmith jsmith user_u:object_r:user_home_t      bookmarks.html
drwxr-xr-x  jsmith jsmith user_u:object_r:user_home_t      Desktop
-r-xr-xr-x  jsmith jsmith user_u:object_r:user_home_t      hello
-r--r--r--  jsmith jsmith user_u:object_r:user_home_t      hello.c

And, with it stopped, you'll see:

ls -Z
-rw-r--r--  jsmith jsmith user_u:object_r:user_home_t:s0   bookmarks.html
drwxr-xr-x  jsmith jsmith user_u:object_r:user_home_t:s0   Desktop
-r-xr-xr-x  jsmith jsmith user_u:object_r:user_home_t:s0   hello
-r--r--r--  jsmith jsmith user_u:object_r:user_home_t:s0   hello.c

Note that with the daemon stopped, the security context value of "s0" is displayed. mctrans translates this to a null display. Other security contexts are translated from alphanumeric values in their names.

Learn more:
http://fedoraproject.org/wiki/SELinux/Understanding
http://danwalsh.livejournal.com

mdmonitor and mdmpd

These two daemons are used with RAID (redundant array of inexpensive/independent disks) data storage systems. Mdmonitor starts, stops, and reloads the mdadm (multipath device monitoring and management) software RAID monitoring and management utilities. You should only run these daemons if you have RAID storage in your system.

Learn more:
http://www.linuxdevcenter.com/pub/a/linux/2002/12/05/RAID.html

messagebus

This is the D-BUS system-wide message bus daemon. This daemon broadcasts notifications of system events and such as changes in the printer queue or the adding and removing of devices. (Note that this is not the same operation as Kudzu, as it can take place while the system is running and not only at boot time.)

Learn more:
http://www.freedesktop.org/software/dbus

netplugd and ifplugd

These daemons configure Ethernet devices when cables are plugged in and deconfigure them when the cables are removes. Why would you want this to happen? It makes sense for laptops so that your network connections are only brought up when their cables are attached.

Note that the development of netplugd has been discontinued in favor of ifplugd.

Learn more:
http://0pointer.de/lennart/projects/ifplugd

NetworkManager and NetworkManagerDispatcher

The NetworkManager daemon automates switching between network connections. This is a useful daemon for laptop users who switch between wireless WiFi connections and Ethernet connections. The NetworkManagerDispatcher daemon automatically runs scripts (including scripts to force any actions that you want to have happen such as setting up specific routes) when NetworkManager changes the network state.

Learn more:
http://www.gnome.org/projects/NetworkManager

named

This daemon is the Domain Name Server. You'll need to run this daemon only if your system is acting as a DNS server for your network.

Learn more:
http://www.dns.net/dnsrd

nfsd

The nfs daemon supports the nfs communications protocol for file sharing across TCP/IP networks. You'll want to run this daemon if you make use of file systems shared with nfs.

Learn more:
http://nfs.sourceforge.net

nscd

This is the name service cache daemon. It takes care of group and password lookups for running programs and then caches the lookup results for the next query for services that can experience slowness in picking up changes such as NIS or LDAP. If you're running these services, you may want to run nscd.

ntpd

This is the Network Time Protocol daemon. This deamon sets and maintains the system time of day by keeping it in synch with Internet standard time servers. If your system is connected to the Internet (and who isn't?) then running ntpd will keep your system time correct.

Learn more:
http://www.ntp.org

oddjobd

The oddjobd daemon provides the com.redhat.oddjob service on the system-wide message bus. Each facility which oddjobd provides is provided as a separate D-Bus method. oddjobd provides support for unprivileged applications that require privileged operations to be performed.

You should only run this daemon if you are using an application that requires it, such as Conga.

Learn more:
http://people.redhat.com/nalin/oddjob/oddjob.html
http://sourceware.org/cluster/conga

openvpn

This daemon supports virtual private networks (VPNs). The daemon startup script says it all:

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port.

If your system is a node in a VPN, then you'll probably run OpenVPN.

Learn more:
http://openvpn.net

pcscd

This is the PC/SC Smart Card Daemon. pcscd is the daemon for pcsc-lite (middleware for accessing smart cards) and the (java-based) MuscleCard framework. It enables communications with smart card readers and smart cards.

(A smart card is a card that is embedded with either a memory chip or microprocessor and a memory chip. And Muscle is the Movement for the Use of Smart Cards in a Linux Environment.)

Learn more:
http://www.smartcardalliance.org
http://pcsclite.alioth.debian.org
http://www.linuxnet.com/musclecard/index.html

portmap

The portmapper daemon manages RPC (remote procedure call) connections. It converts RPC program numbers into TCP/IP (or UDP/IP) protocol port numbers. The most common use of portmapper is by NFS and NIS.

So, if your system relies on NIS or NFS, don't turn off the portmap daemon.

Learn more:
http://www.linux-nis.org/nis-howto/HOWTO/portmapper.html

postfix

This daemon is a mail transport agent. Unless your system is a mail relay server, you don't need to run this daemon.

Learn more:
http://www.postfix.org

rdisc

This daemon (the router discovery daemon) discovers routers on the local subnet. It is run at boot time to populate the network routing tables with default routes.

Learn more:
http://www.informit.com/articles/article.asp?p=23951&rl=1

restorecond

This is an SELinux daemon. restorecond watches for file creation (of files listed in /etc/selinux/restorecond.conf) and then ensures that the files have the correct file context associated with the policy, and then sets the default SELinux file context.

Don't turn this one off. SELinux needs it.

Learn more:
http://fedoraproject.org/wiki/SELinux/Understanding
http://danwalsh.livejournal.com/

rhnsd

This daemon periodically checks for actions that have been scheduled though the Red Hat Network web interface and runs them. This includes actions such as installing, removing, or updating software, rebooting the system, starting a kickstart installation, or installing configuration files.

Learn more:
https://www.redhat.com/rhn/

rpcgssd and rpcidmapd and rpcsvcgssd

The rpcgssd and rpcsvcgssd daemons handle security for RPC. The rpcidmapd maps user names to UID and GID numbers.

If you're running NFS or NIS, then you should have these daemons running.

Learn more:
http://nfs.sourceforge.net/

readahead_early and readahead_later

The readahead daemon causes the programs used during startup to be loaded into memory before they are needed, to improve startup performance.

saslauthd

This is the SASL authentication server daemon. SASL is the Simple Authentication and Security Layer and allows for adding authentication to connection-based protocols.

Learn more:
http://asg.web.cmu.edu/sasl

sendmail

This is a SMTP (Simple Mail Transfer Protocol) server. sendmail moves mail from one system to another as a Mail Transport Agent. If you run a mail program such as Thunderbird or Evolution, you don't need to run sendmail.

Learn more:
http://www.sendmail.org

setroubleshoot

This is the SELinux Troubleshooting Daemon. setroubleshooter is one of the great recent additions to SELinux. setroubleshooter provides real-time feedback to users on SELInux AVC denials. And it provides this feedback in a easy to follow format.

Learn more:
https://hosted.fedoraproject.org/projects/setroubleshoot

smartd

This daemon monitors the SMART (Self-Monitoring, Analysis and Reporting Technology) systems included in many types of disk drives, such as SCSI-3 type drives. The daemon will monitor reliability and performs self-tests. You should run this daemon if your hardware supports it.

Learn more:
http://sourceforge.net/projects/smartmontools

spamassassin

This daemon uses the Apache SpamAssassin program to check email for SPAM. It is usually run on a mail deleivery agent (MDA) server. If you use a client program such as Thunderbird or Evolution to access your mail, then you don't need to run spamassassin.

Learn more:
http://spamassassin.apache.org

sshd

This is the daemon for open ssh. ssh replaces the insecure rsh and rlogin programs and enables encryption for communications between hosts over insecure networks. If you connect with other systems over the public Internet, you want to use ssh and run this daemon.

Learn more:
http://www.ssh.com
http://www.openssh.com

syslog

syslog is the standard logging system for Linux systems. Don't turn this one off.

Learn more:
http://www.syslog.org

winbind

This daemon is part of the Samba suite and enables Windows domain users to function as Unix users on Unix servers. You may want to run this daemon if you're dealing with a mixed PC and Linux/Unix network.

Learn more:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
http://www.samba.org

xfs

This damon is the xfs font server. This daemon loads fonts into memory to enable X applications to run faster than if they had to load the fonts from disk. This daemon is worth running to improve application performance.

Learn more:
http://linuxreviews.org/howtos/xfree/xfs

ypbind

This daemon binds NIS clients to an NIS domian. The "yp" refers to "yellow pages," as the NIS directory of user accounts acts like the telephone book yellow pages. You only want to run this daemon if your system relies on NIS (Network Information Service) for user accounts and system names.

Learn more:
http://www.linux-nis.org

yum-updatesd

yum-updatesd checks for software updates and can send notifications of these updates via mail, dbus, or syslog messages, or can automatically install the updates. The dbus messages are picked up by the "puplet" (package updater), which notifies the user of the updates and lets the user install them.

Learn more:
http://linux.duke.edu/projects/yum
http://www.redhat.com/magazine/024oct06/features/fc62

References

"Which Services Can I Disable?," Dinkar, Tejas
Linux Services, Devices, and Daemons
Fedora Core 3 Linux Services
Services in Fedora, Mauriat Miranda

Acknowledgments

I'd like to acknowledge the information presented by Mauriet Miranda in his "Services in Fedora" web-site. His work was especially helpful as a starting point for researching this article. Also, I'd like to thank Christopher Smith, James Bowes, and Dan Walsh for their insightful technical information in writing the article.

Len DiMaggio is a QE Engineer at Red Hat in Westford, Massachusettes and has published articles on software engineering in Red Hat Magazine, Dr. Dobbs Journal, Software Development Magazine, IBM Developerworks, STQE, and other journals.

This entry was posted by on Friday, March 9th, 2007 at 6:17 am and is filed under Red Hat Enterprise Linux. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

16 responses to "Understanding your (Red Hat Enterprise Linux) daemons"

  1. Ben Russo says:
    March 9th, 2007 at 11:18 am

    How about adding a "service XXX help" init script command option that would give a description of the service and give examples of what types of servers should have it running, and what types of servers could turn it off. It could just look under /usr/share/doc/services/XXX for a file. each RPM that installs a file in /etc/init.d would drop a corresponding description in /usr/share/doc/services/

    Thanks!
    -Ben.

  2. Ashish Malik says:
    March 10th, 2007 at 1:10 am

    The article was great…:) It's difficult to find such type of info about all the services at one place. Finally, RedHat did it. It's a good tutorial for beginners.

    But I am not bale to find about "service httpd condrestart". What does this condrestart does?

  3. Len DiMaggio says:
    March 10th, 2007 at 2:14 pm

    Hi Ashish – thanks for the kind comment – here's a fragment from the httpd startup script – the "condrestart" is a conditional restart. it only restarts the service if it's running, unlike restart, which always restarts the service.

    ==================================
    restart)
    stop
    start
    ;;
    condrestart)
    if [ -f ${pidfile} ] ; then
    stop
    start
    fi
    ;;
    ==================================

  4. Jovonnie Chesney says:
    March 13th, 2007 at 3:28 am

    I agree with Ashish-this is an excellent and well written! Len, thank you for consolidating information from multiple sources into a single, easy to digest article that is both practical and a great study resource.

  5. Wolf says:
    March 14th, 2007 at 3:26 pm

    /sbin/service –status-all should be /sbin/service -–status-all

  6. hermouche says:
    March 18th, 2007 at 8:36 pm

    Great job.
    Agree with Wolf.
    thanks

  7. Len DiMaggio says:
    March 19th, 2007 at 1:50 am

    Wolf is correct – the syntax is: /sbin/service -–status-all

    Good catch!

  8. Swapnil says:
    March 21st, 2007 at 11:27 pm

    Thanks a lot for this article.
    I was looking for this for quite some time.

  9. Dean Gibson says:
    April 4th, 2007 at 2:39 pm

    I don't agree that "If you run a mail program such as Thunderbird or Evolution, you don't need to run sendmail." The two programs perform different tasks.

    If your system generates mail messages (eg, the daily logwatch), then you probably need to run sendmail or postfix.

  10. Fred New says:
    April 5th, 2007 at 2:23 am

    This is a useful list of services. Well done. If this isn't already available in the online Red Hat documentation, it would probably find more readers there. It would also be useful to know how to configure IP tables ports for various services, like for CUPS, NFS and Samba. And speaking of Samba, maybe nmb and smb should be in this list.

  11. Vladimir says:
    April 10th, 2007 at 10:01 pm

    It's a good tutorial for beginners
    Best Regards!

  12. Patrick Wolfe says:
    September 9th, 2007 at 10:45 am

    rpcgssd, rpcsvcgssd and rpcidmapd are only used by version 4 of the NFS protocol. Since most NFS clients use version 3, not version 4, these daemons are quite often safe to disable.

    The easy way to tell which version you use is by checking your /etc/fstab and /etc/auto.* files. If you use the fstype "nfs", you're using protocol version 3. If you see "nfs4″, then you're using protocol version 4, and require these daemons.

  13. http film says:
    February 1st, 2008 at 3:55 pm

    http film

    cool site

  14. Vitaly says:
    March 31st, 2008 at 4:40 am

    Regarding HAL daemon – is it used only by "desktop" application? I.e., may I stop hald for runlevel 3?

  15. Tux Training " Blog Archive " A step-by-step guide to building a new SELinux policy module says:
    May 12th, 2008 at 4:46 pm

    [...] Since simple daemon applications usually have security goals close to what the application is designed to do,a good place to begin writing policy is for daemons started during the system startup routines or CGI scripts. Avoid writing policy for user applications until you thoroughly understand SELinux and your security goals for that application. [...]

  16. Amr Hamdy says:
    January 28th, 2009 at 7:32 pm

    Thanks a lot,
    Very useful article … It's the only article I found to mention the real need or no-need to run mcstrans service



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019