2009 Mar 01

A process is a running program and consists of the executable code and memory associated with the program (data, stack, heap). The unix utility ps -a will show running processess and information about them.

process 1 process 2 - - - process n
(disks, network, etc.)

During system boot the kernel activates a daemon called init, which is the parent of all other user processes running on the machine. The job of init is to finish the bootstrap process by executing start-up scripts to finalize the configuration of the machine and to start system processes. These scripts in /etc/init.d and /etc/rc.d as common locations. These tasks start system logging, scheduling tasks for the machine, and initiating network interfaces. Some of the most common network service daemons started by init include:

To improve performance, some unix network services are not started by init and don't just sit around and wait for packets. Instead, another process inetd (internet daemon) is started by init waits for them. Once activated, inetd consults its configuration file (usually: /etc/services which contains: a service name, port number and type {TCP or UDP}). When packets arrive at the machine for one of these services identified in /etc/inetd.conf, inetd activates the program associated with the service. Such activated processes handle the traffic and stop running when it is finished (to free up resources), while inetd continues to monitor the net. Such services include:

Example inetd.conf file
# Lines atrting with # are comments ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd # shell stream tcp nowait root /usr/sbin/in.rshd in.rshd login stream tcp nowait root /usr/sbin/in.rlogind in.rlogind #exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd # above line commented out hence is disabled
The fields of inetd.conf are:
  • Service Name : Refers to services defined in the /etc/services file
  • Socket Type : Connection type such as stream, dgram (datagram),
    raw, rdm (for reliably delivered message), or seqpacket (for sequenced packet sockets
  • Protocol : Usually tcp or udp, also rpc/tcp or rpc/udp for Remote Procedure Call service
  • Wait Status : Indicates whether a single srever process can handle multiple requests in parallel.
    If so then this fiels is set to wait, preventing inetd from creating a process for each request.
    Otherwise the field is set to nowait.
  • User name : The login name that the network service should run as (and hence permissions).
  • Server Program : The program to run for the specified service.
  • Server Program Arguments : Lists the arguments and configuartion flags to be passed to the
    network service when it starts.

Another way to automatically start processes is through the cron daemon. It is used to schedule the running of specified commands or programs at particular times. This is specified in a file named crontab which resides typically either in directory /etc/ or in /usr/lib/ in most variants of the os. This file must be checked for security purposes!

The danger of including "." in your path (especially first) is that an attacker can put a malicious program with a common name in your home directory and it will be executed when you attempt to execue that common program (e.g. ls).

Every process has a unique process ID (called the pid. To see details about all running processes on BSD unix use the command:

   ps -aux

and on at&t unix use the command:

   ps -edf

A signal can be sent to a process with the kill program. A signal is a special message telling the process (identified by its pid) to do something. For example, the hangup signal (HUP) will cause many processes (such as inetd) to reread their configuration file(s).

   kill -HUP 462