\begin{slide}{}

\begin{center}
{\bf\Large What runs on your workstation?}

{\large Jonathan Kamens}

{\large MIT Student Information Processing Board (SIPB ($\Sigma\Pi{}\mbox{B}$))}

January 24, 1992
\end{center}

\end{slide}

\begin{slide}{}

Why should you want to know?
\begin{itemize}
\small
\item Verifying workstation security.

\item Learning more about UNIX\tm{}.

\item Learning more about Athena.

\item Customizing your environment.

\end{itemize}

\end{slide}

\begin{slide}{}

Some definitions:

\begin{description}
\small

\item[process] One particular task running on the workstation.  Most
processes correspond to executable files residing on disk somewhere,
but there are a few ``special'' processes that are created by the
kernel and do not have associated executables.

\item[kernel] The program that controls the workstation, handling such
underlying tasks as file access for running processes.

\item[root] (from {\em The New Hacker's Dictionary}) ``The superuser
account that ignores permission bits, user number 0 on a UNIX system.
This account has the user name 'root'.  The term avatar is also
used.''  Most background processes running on the workstation are
owned by root.

\item[daemon] (ibid) ``[from the mythological meaning,
later rationalized as the acronym 'Disk And Execution MONitor'] A
program that is not invoked explicitly, but lies dormant waiting for
some condition(s) to occur.''  Also, the username of an unprivileged
user that owns some daemon processes.

\end{description}

\end{slide}

\begin{slide}{}

How do daemons get started?

Two different ways:
\begin{enumerate}
\small
\item Started during the workstation reboot procedure.  Processes
started in this way are usually intended to stay alive as long as the
workstation is running, although some of them can be killed and
restarted safely.

\item Started by daemons of the above type.

\end{enumerate}

In fact, {\em all} processes fall in one of the two categories above.

\end{slide}

\begin{slide}{}

What exactly happens when a workstation reboots?

VAX, RT (BSD 4.3) or DECstation (Ultrix\tm{} 4.2):
\begin{enumerate}
\small
\item Small boot program loads kernel into memory and hands control
over to it.

\item Kernel initializes itself, and then invokes {\tt /etc/init} with
appropriate arguments.

\item {\tt Init} runs {\tt /etc/rc}, which starts up pretty much
everything, and then starts up processes listed in its configuration
file, {\tt /etc/ttys}.
\end{enumerate}

\end{slide}

\begin{slide}{}

RS/6000 (AIX 3.1):
\begin{enumerate}
\small
\item Kernel, boot filesystem and previous device configuration are
loaded into a RAM disk.

\item Basic configuration is done in order to be able to access disk
volumes; paging device is located and root filesystem disk is
checked.

\item Root filesystem is mounted and control passes to it.

\item Shells scripts that are executed are {\tt rc.boot3}, {\tt
rc.boot4}, {\tt brc} and {\tt rc}.

\item {\tt Init} is quite different -- it's System V-like, rather than
BSD-like.  For example, it uses {\tt /etc/inittab} instead of {tt
/etc/ttys}.  See the man page for more information.
\end{enumerate}
See Section 6 in the file {\tt /usr/lpp/bos/bsdadm} on an RS/6000 for
details about the RS/6000 boot procedure, which is rather complex.

\end{slide}

\begin{slide}{}

How do you find out what processes are running?

Use the {\tt ps} command.  For example, {\tt ps aux} for a complete
listing.  See the man page for more information.

\end{slide}

\com{afsd}
\process%
{{\bf AFS} {\bf d}aemon}% stands for
{{\tt /etc/athena/afsd}}% path
{all}% platforms
{{\tt rc.athena} on RS/6000, {\tt rc} otherwise}% started by
{Handles client access to AFS, e.g. cache management, getting files
from AFS servers, writing files to AFS servers}% purpose
{Started at boot time, cannot be killed.}% life cycle
{none on-line}% documentation
{restricted}% source code
{(1) On the VAX and RT, {\tt afsd} processes have no name in {\tt ps}
listings.  On the DECstation, they are identified simply as {\tt
afsd}.  On the RS/6000, the full command line is given.  (2) There
should be six {\tt afsd} processes running on a 
normal workstation.  There are multiple processes so that multiple AFS
requests can be handled simultaneously.  (3) After starting up, the
{\tt afsd} processes call a system call that hangs forever.}% notes

\com{biod}
\process%
{{\bf b}lock {\bf i}nput/{\bf o}utput {\bf d}aemon}% stands for
{{\tt /usr/etc/biod} on the RS/6000, {\tt /etc/biod} otherwise}% path
{all}% platforms
{{\tt rc.nfs} on RS/6000, {\tt rc} otherwise}% started by
{Handles NFS client requests.}% purpose
{One or more can be killed and restarted.  An argument specifies how
many should be started by the one you're running.}% life cycle
{man page}% documentation
{restricted}% source code
{(1) Just like {\tt afsd}, there are multiple invocations (6 on the
RS/6000, 4 everywhere else) so that
multiple requests can be handled simultaneously.  (2) Also just like
{\tt afsd} the processes actually just start up and hang a system
call.  (3) Starting more than four {\tt biod}s doesn't do any good on
the VAX or RT.}%notes

\com{console}
\process%
{just what it says}% stands for
{{\tt /etc/athena/console}}% path
{all}% platforms
{{\tt dm}}% started by
{Displays output of workstation console and user X session.}% purpose
{If killed, restarted by {\tt dm} -- that's how {\tt config\_console}
works.}% life cycle
{man page}% documentation
{{\tt /source/athena/athena.etc/xdm/console}}% source code
{Runs as daemon because it doesn't have to run as root.}% notes

\com{cron}
\process%
{Possibly named after ``cron,'' the Greek word/root for ``time.''}% stands for
{{\tt /etc/cron}}% path
{all}% platforms
{{\tt init} on the RS/6000, {\tt rc} otherwise}% started by
{Executes processes at specified times/dates based on configuration
files.}% purpose
{Can be killed and restarted safely.  On the RS/6000, will restart
automatically; on other platforms, must be restarted by hand.}% life cycle
{man page}% documentation
{restricted}% source code
{}% notes

\com{dm}
\process%
{{\bf d}isplay {\bf m}anager}% stands for
{{\tt /etc/athena/dm}}% path
{all}% platforms
{{\tt inittab} on RS/6000, {\tt ttys} otherwise}% started by
{Handles X login sessions.  Starts the X server, the console, and the
xlogin program.}% purpose
{Can be killed and will restart automatically.  However, if you kill
it when you're logged in, you'll probably get logged out!}% life cycle
{man page}% documentation
{{\tt /source/athena/athena.etc/xdm/dm}}% source code
{}% notes

\com{inetd}
\process%
{{\bf I}nter{\bf net} {\bf d}aemon}% stands for
{{\tt /etc/inetd}}% path
{all}% platforms
{{\tt rc.tcpip} on the RS/6000, {\tt rc} otherwise}% started by
{Controls daemons for network protocols, such as telnet, rlogin, talk,
etc.}% purpose
{Can be killed and restarted safely.  Network processes running when
you kill it {\em shouldn't} die, but new connections can't be
initiated until you restart it.}% life cycle
{man page}% documentation
{restricted, but see {\tt /mit/jik/src/inetd} for something sort of like the
Athena version, or {\tt
/afs/athena/astaff/reference/bsd-network-2/usr.sbin/inetd} for
something like the RS/6000 version.}% source code
{The version running on the VAX, RT and DECstation workstations has
Athena hacks to allow {\tt access\_on} and {\tt access\_off} to work.  The RS/6000
version doesn't support that yet, which is why remote access to
RS/6000's is disabled in 7.3}% notes

\com{init}
\process%
{Probably ``{\bf init}ializing process'' or something like that.
Possibly from ``{\bf Init}ializer.SysDaemon'' from Multics.}% stands for
{{\tt /etc/init}}% path
{all}% platforms
{kernel}% started by
{Runs startup script, then runs login processes and (on the RS/6000
and other System V-like systems) certain daemons.}% purpose
{Sending it certain signals will cause it to reread its configuration
file, go into single-user mode, or do other special things.  If it
dies, the system will
reboot.}% life cycle
{man page}% documentation
{restricted}% source code
{}% notes

\com{named}
\process%
{{\bf name} {\bf d}aemon}% stands for
{{\tt /etc/athena/named} on RS/6000, {\tt /etc/named} otherwise}% path
{all}% platforms
{{\tt rc.athena} on RS/6000, {\tt rc} otherwise}% started by
{Internet domain name server.  Host name resolution, hesiod lookups,
etc.}% purpose
{Can be killed and restarted, but don't leave it dead for long or
you'll probably run into trouble (e.g. ``attach'' will have trouble)}% life cycle
{man page}% documentation
{{\tt /afs/athen/astaff/reference/bsd-network-2/usr.sbin/named}}% source code
{The version in {\tt /etc/named} on the RS/6000 is the IBM version,
which we don't use.}% notes

\com{snmpd}
\process%
{{\bf s}imple {\bf n}etwork {\bf m}anagement {\bf p}rotocol {\bf
d}aemon}% stands for
{{\tt /etc/snmpd} on the RS/6000, {\tt /etc/athena/snmpd} otherwise}% path
{all}% platforms
{{\tt rc.tcpip} on the RS/6000, {\tt rc} otherwise}% started by
{Allows remote queries of the workstation to determine
information such as disk sizes and space used,
workstation type, workstation load, workstation version.  Example:
{\tt cview} uses SNMP to check for free workstations.}% purpose
{Can be killed and restarted safely}% life cycle
{man page}% documentation
{restricted}% source code
{The version running on the RS/6000 is the IBM version, which does not
support all of the queries that the Athena version supports.}% notes

\com{syslogd}
\process%
{{\bf syslog} {\bf d}aemon}% stands for
{{\tt /etc/athena/syslogd} on VAX and RT, {\tt /etc/syslogd} on RS/6000}% path
{Athena-specific version on VAX and RT, BSD 4.3 version on RS/6000,
none on DECstation (which uses {\tt syslog} instead).}% platforms
{{\tt rc.tcpip} on RS/6000, {\tt rc} otherwise}% started by
{Handles logging of messages from various other daemons and processes.}% purpose
{Can be killed and restarted safely.}% life cycle
{man page}% documentation
{{\tt /source/athena/athena.lib/zephyr/clients/syslogd for the Athena
version, /afs/athena/astaff/reference/bsd-network-2/usr.sbin/syslogd
for the BSD version.}}% source code
{The Athena version is special because it knows how to do logging over
Zephyr, to individuals or to instances of class ``syslog.''}% notes

\com{timed}
\process%
{{\bf time} {\bf d}aemon}% stands for
{{\tt /etc/athena/timed}}% path
{all}% platforms
{{\tt rc.athena} on the RS/6000, {\tt rc} otherwise}% started by
{Time synchronization daemon.  Time is occasionally updated by the
master time daemon for the subnet.}% purpose
{Can be killed and restarted safely.  If you leave it dead for too
long, your clock may drift too far and you will have trouble using
Kerberos and other things.}% life cycle
{man page}% documentation
{Restricted, but {\tt attach aeneas:ftp} and see {\tt
/aeneas/ftp/pub/misc/timed.tar.Z}.}% source code
{This daemon is what causes the ``this machine is a slave'' and ``time
set by'' messages in workstation logs.}% notes

\com{update}
\process%
{just what it says}% stands for
{{\tt /etc/update}}% path
{all except RS/6000}% platforms
{{\tt rc}}% started by
{Periodically does a {\tt sync} system call to force dirty disk
buffers to disk.  Also, on the VAX and RT, opens certain directories
and keeps them open so that they will remain in the directory cache
for faster access.}% purpose
{Can be killed and restarted safely.  Not a good idea to kill it and
leave it dead, because if your workstation crashes you might lose more
work.}% life cycle
{man page}% documentation
{restricted, but trivial}% source code
{The RS/6000 has an update shell script, but we appear to actually use
{\tt syncd} instead.}% notes

\com{X}
\process%
{X server}% stands for
{{\tt /usr/bin/X11/X} on the RS/6000, {\tt /etc/X} otherwise}% path
{all}% platforms
{{\tt dm}}% started by
{X server.}% purpose
{Restarted each login cycle.}% life cycle
{man page, in the x11r4 or x11r5 locker if nowhere else}% documentation
{x111r4 locker}% source code
{The RS/6000 server is based on X11R3 rather than X11R4, and we don't
have source for it.}% notes

\com{zhm}
\process%
{{\bf Z}ephyr {\bf h}ost{\bf m}anager}% stands for
{{\tt /etc/athena/zhm}}% path
{all}% platforms
{{\tt rc.athena} on RS/6000, {\tt rc} otherwise}% started by
{Handles communication between workstation Zephyr clients and the
zephyr servers.}% purpose
{Can be killed and restarted, but doing so will confuse running Zephyr
clients, including {\tt zwgc} losing subscriptions.}% life cycle
{man page}% documentation
{{\tt /source/athena/athena.lib/zephyr/zhm}}% source code
{}% notes

\begin{slide}{}

Special processes created by the kernel:
\begin{itemize}

\item {\tt pagedaemon} (not on the RS/6000)

\item {\tt swapper}

\item {\tt idleproc} (DECstation only)

\item {\tt kproc} (RS/6000 only)

\end{itemize}

\end{slide}

\begin{slide}{}

DECstation-specific processes:
\begin{itemize}
\item {\tt syslog}

\item {\tt elcsd}
\end{itemize}
\end{slide}

\begin{slide}{}

RS/6000-specific processes:
\begin{itemize}

\item {\tt qdaemon}

\item {\tt srcmstr}

\item {\tt syncd}

\item {\tt writesrv}

\item {\tt portmap}

\item {\tt rpc.lockd}, {\tt rpc.statd}

\item {\tt errdaemon}
\end{itemize}

\end{slide}