FSU

Daemons: Printing

lpd — the ``standard'' BSD print spooling daemon.

Daemons: Printing: LPD

Daemons: Printing: lpsched

lpsched -- the ``standard'' ATT version of lpd; it is more complex to administer and, while it was less likely to wander off the reservation once it is in operation, configuration can be much more interesting and problem-laden than lpd. lpsched uses the same RFC 1179 protocol, which it inherited from BSD.

Daemons: Printing: CUPS

cups — a very popular open source replacement which disposes of the problematic RFC 1179 protocol, replacing it with IPP (RFC2567 (good explanation of the overall view of the protocol's design), RFC2568, RFC2569, RFC2639, RFC2910, RFC2911, RFC3196, RFC3239, RFC3380, RFC3381, RFC3382, RFC3391, RFC3510, RFC3712, RFC3995, RFC3996, RFC3997, RFC3998)

See chapter 23 in LAH for lots more about CUPS.

Daemons: MTAs/MSAs

Mail Transfer Agents (MTAs, see for instance RFC2821) and Mail Submission Agents (MSAs, RFC2476)

Daemons: MTAs/MSAs: SENDMAIL

Routes local and network mail. Acts as MTA on port 25 (and can act as an MSA on port 587), sendmail is one of the Internet email backbone workhorse programs.

Daemons: MTAs/MSAs: SENDMAIL

Daemons: MTAs/MSAs: SENDMAIL

The file /etc/mail/sendmail.cf is a set of rewriting rules for modifying addresses; luckily tools exist to automate creation of this file.

Daemons: MTAs/MSAs: SENDMAIL

Normally, you would use a ``makefile'' that rewrites a ``.mc'' file into a ``.cf'' file. Check http://www.sendmail.org for lots more information -- the op.ps manual is the canonical reading material, although the O'Reilly book is easier. Unfortunately, some distributions have bizarrely taken this makefile and turned into a simple invocation to a very complex shell script.

Daemons: MTAs/MSAs: SENDMAIL

sendmail is covered in LAH (pp. 557-620), plus there is an entire O'Reilly & Associates book dedicated to sendmail.

Daemons: MTAs/MSAs: SENDMAIL

Current, sendmail 8.14 is quite popular as an MTA. The ability to use a bolt-on ``milter'' (mail filter) was added (see http://www.milter.org), and now sendmail is probably the most flexible MTA when dealing with working at a message level; milters can detect and reject spam, they can check for legitimate users even for just forwarding MTAs, they can be implemented in C/C++, Perl, and Python. (Any language that can handle calls into libmilter and has a reasonable run time with respect to threads should be able to use libmilter.)

Daemons: MTAs/MSAs: POSTFIX

Daemons: Other MTAs/MSAs

  • qmail - Dan Bernstein's MTA (http://www.qmail.org).
  • smail - an older, less popular MTA from GNU; however, it has been very stable
  • exim - an MTA from Cambridge, gaining in popularity, now found in many Linux distributions such as RedHat (CentOS) and Debian (where it is now the default MTA)
  • Exchange - the enterprise Windows email server from Microsoft
  • Daemons: MTAs/MSAs

    SA relevance:

    Daemons: MTAs/MSAs

    Configuring and tuning sendmail can take a lot of SA time, although generally using the m4 files allow deployment with just a little bit of effort --- for a GUI approach, look at webmin at http://www.webmin.com, for instance

    Daemons: MTAs and SPAM

    Very important these days in both server and client support is anti-spam and anti-virus protection. From a server perspective, the biggest tools are

    NFS - Network File Service

    NFS - Network File Service

    Yellow pages (NIS and NIS+)

    Yellow pages (NIS and NIS+)

    Yellow pages (NIS and NIS+)

    SA RELEVANCE: You might still scome across the use of NIS or NIS+ in future jobs. The idea was a good one, but the implementation is now quite dated and insecure. Systems have mostly left NIS/NIS+ and gone into more versatile directory services, such as the Lightweight Directory Access Protocol (LDAP). More on generalized directory services and LDAP later.

    ftpd

    ftpd is the File Transfer Protocol daemon. This is the ademon that is contacted via TCP by FTP client software to transfer files. As with sendmail, keeping up with security patches is critical in ftp implementations (the complex command set generally gives hackers plenty of places to look for flaws). On UNIX/Linux systems, a popular FTP implementation has been wu-ftpd (which has had many security flaws.)

    There are also many clients, such as lftp and wget in addition to the traditional ftp.

    ftpd

    ftpd is now being widely replaced by programs running over SSH/SSL, which gives a ftp-like capability over SSH (we will talk later more about sshd). While the client commands for ftp and sftp are similar, the underlying protocol is quite different (see http://tools.ietf.org/html/draft-ietf-secsh-filexfer-10.txt for more details.) Security is much better since plaintext passwords are not sent over IP as they were for the old protocol.

    ftpd

    Remote execution daemons

    They were a number of commands that existed to permit a closer coupling between servers that support them. First there was telnet and ftp, then came the ``r'' commands.

    Examples include: rsh (remote shell) and rlogin (remote login). A number of inetd-managed daemons exist to handle these services; you are strongly advised to disable all the ``r'' daemons.

    Remote execution daemons (the ``r'' commands)

    named (and djbdns)

    named is a common name for the popular Domain Name Server daemon and it comes as part of the BIND package, originally from UC Berkeley. We will discuss DNS later, but in short named provides:

    named (and djbdns)

    named (and djbdns)

    DNS is a major SA task, if you control your own domain(s). Both UNIX/Linux and 2003/2008 can act as a DNS server (as well as other operating systems).

    named (and djbdns, and MaraDNS, and others)

    Note that there are many competitors with BIND; djbdns has been very secure and robust despite many years of essentially non-development of the code. MaraDNS is another easy to configure competitor. There are also integration tools, such as DNSmasque, which like Windows, can make it very easy to merge your DNS and DHCP operations.

    fingerd

    The finger protocol is an older method for getting information about users. As with the ``r'' commands, most consider fingerd (and the finger command) to be too problematic and remote finger should be disabled.

    HyperText Transport

    Many web servers exist, both in the public domain and commercially. One of the most popular, Apache, uses the daemon name of httpd. It offers a great variety of services and enhancements. See http://httpd.apache.org.

    httpd

    httpd

    There are lightweight servers also, such as thttpd (http://www.acme.com/software/thttpd) and specialized ones such that allow development in SOAP-like manner (see Perl's excellent repository at http://www.cpan.org. (JOAP, HTTP-Server-Simple, etc.))

    Probably the two most popular general purpose lightweight daemons are nginx and lighttpd. (I have used nginx since it seems to me to be more stable than lighttpd, but many very large websites use lighttpd successfully.) One challenge with nginx is that it requires CGI processes to the FastCGI protocol. While that has some excellent security and performance benefits, many CGI applications are not natively FastCGI and may take some work to become useful with FastCGI.

    The Wiki page on nginx

    The Wiki page on lighttpd

    Databases: LDAP servers

    The main open source choice for UNIX/Linux-based LDAP service has been OpenLDAP (http://www.openldap.org) The daemon process is called slapd, and it supports replication (via slurpd or more recently, syncrepl), a wide variety of backends (including relational databases such as MySQL and PostgreSQL.)

    Databases: LDAP servers

    However, Netscape has partnered with Red Hat (December 2005) to provide its Directory Server (http://www.redhat.com/directory_server/) as an open source LDAP server. It's technically somewhat interesting; its ability to handle very arbitrary backends (such as MySQL and Postgres) is more flexible than the openldap approach of ``metadata''.

    Databases: relational

    MySQL -- fast, became much more featureful in version 5; the company itself was recently bought out by Sun (which in turn is being bought out by Oracle.) Expect to find the daemon mysqld in the process table. The client is mysql. Only a small amount of text file configuration in the poorly named file /etc/my.cnf; the rest is resident in the database. (Also, see Drizzle, an interesting fork from MySQL.)

    Databases: relational

    PostgreSQL -- very featureful, (ironically, it was supported by Sun well before Sun's acquisition of MySQL). Grep for ``post'' when you are looking for its daemons, which typically have ``postmaster'' and other keywords with ``post'' in them. The client is psql. Surprising amount of text configuration files, such as hba.conf. Generally not as fast as MySQL.

    Databases: relational (not a daemon, but alternative worth knowing)

    Sqlite -- fast and lean, SQLite is quite popular. However, it's not daemon-based, like postgresql and mysql; instead, like the dbm family, it's just a single flat file.

    Time: ntpd

    Since the 1990s, we have had a Network Time Protocol (NTP) and a structure of servers to propagate it. (Work goes back to the 1980s, but the first popular daemon implementation popped up in the 1990s.) It keeps our machines with a few milliseconds with a simple network of servers. (Also note that older versions of NTP actually suffer from a ``year 2036'' problem, like Unix suffers from a ``year 2038'' problem.)

    Miscellaneous UNIX/Linux daemons

    A number of other UNIX/Linux daemons have been around for years to provide more specialized services. Examples include such daemons as dhcpd, dhclient, bootparamd, tftpd, rarpd and others.