Process

2009 Mar 01

A process is a running program and consists of the executable code and memory associated with the program (data, stack, heap). The unix utility ps -a will show running processess and information about them.

process 1	process 2	- - -	process n
kernel
hardware (disks, network, etc.)

During system boot the kernel activates a daemon called init, which is the parent of all other user processes running on the machine. The job of init is to finish the bootstrap process by executing start-up scripts to finalize the configuration of the machine and to start system processes. These scripts in /etc/init.d and /etc/rc.d as common locations. These tasks start system logging, scheduling tasks for the machine, and initiating network interfaces. Some of the most common network service daemons started by init include:

httpd : web server handling HTTP or HTTPS requests (listen to TCP port 80)
sendmail : email server (listen to TCP port 25)
NFS : Network File System used to share file between systems

To improve performance, some unix network services are not started by init and don't just sit around and wait for packets. Instead, another process inetd (internet daemon) is started by init waits for them. Once activated, inetd consults its configuration file (usually: /etc/services which contains: a service name, port number and type {TCP or UDP}). When packets arrive at the machine for one of these services identified in /etc/inetd.conf, inetd activates the program associated with the service. Such activated processes handle the traffic and stop running when it is finished (to free up resources), while inetd continues to monitor the net. Such services include:

Example inetd.conf file
# Lines atrting with # are comments
ftp     stream tcp nowait root /usr/sbin/in.ftpd     in.ftpd
telnet  stream tcp nowait root /usr/sbin/in.telnetd  in.telnetd
#
shell   stream tcp nowait root /usr/sbin/in.rshd     in.rshd
login   stream tcp nowait root /usr/sbin/in.rlogind  in.rlogind
#exec   stream tcp nowait root /usr/sbin/in.rexecd   in.rexecd
# above line commented out hence is disabled

The fields of inetd.conf are:

Service Name : Refers to services defined in the /etc/services file
Socket Type : Connection type such as stream, dgram (datagram),
raw, rdm (for reliably delivered message), or seqpacket (for sequenced packet sockets
Protocol : Usually tcp or udp, also rpc/tcp or rpc/udp for Remote Procedure Call service
Wait Status : Indicates whether a single srever process can handle multiple requests in parallel.
If so then this fiels is set to wait, preventing inetd from creating a process for each request.
Otherwise the field is set to nowait.
User name : The login name that the network service should run as (and hence permissions).
Server Program : The program to run for the specified service.
Server Program Arguments : Lists the arguments and configuartion flags to be passed to the
network service when it starts.

echo : a service that echoes back the characters sent to it - used to troubleshoot network connectivity problems.
chargen : a service that generates a repeating list of characters, sometimes used to measure performance.
ftpd : the File Transfer Protocol daemon, used to move files between machines.
telnetd : a server for remote command line access.
shell, login : For unix "r-commands" rsh, rlogin, etc.
tftpd : the Trivial File Transfer Protocol, a bare bones file transfer service.

Another way to automatically start processes is through the cron daemon. It is used to schedule the running of specified commands or programs at particular times. This is specified in a file named crontab which resides typically either in directory /etc/ or in /usr/lib/ in most variants of the os. This file must be checked for security purposes!

The danger of including "." in your path (especially first) is that an attacker can put a malicious program with a common name in your home directory and it will be executed when you attempt to execue that common program (e.g. ls).

Every process has a unique process ID (called the pid. To see details about all running processes on BSD unix use the command:

   ps -aux

and on at&t unix use the command:

   ps -edf

A signal can be sent to a process with the kill program. A signal is a special message telling the process (identified by its pid) to do something. For example, the hangup signal (HUP) will cause many processes (such as inetd) to reread their configuration file(s).

   kill -HUP 462

2005-2009