What Are All Those Processes?
Mac OS X: What Are All Those Processes?
A short list of background processes and daemons
By Gordon Davisson
Copyright (c) 2005, Westwind Computing inc.
Mac OS X (like any unixish OS) always has a number of things going on in the background -- processes that take care of business behind the scenes. Normally, you won't even notice them, unless you use something like Activity Monitor (ProcessViewer under 10.2 or before) or the ps or top commands to look at the process list. If you do notice them, you may wonder what on earth they're all there for. This list is here to answer that question.
Note: this list is far from complete. If you see processes on your Mac that aren't on this list, it doesn't mean there's something wrong or that you've been hacked; just that I'm not as dilligent as I could be in maintaining the list.System Processes (mostly owned by root):
Process | Its function |
---|---|
AppleFileServer | The personal file sharing (AFP over IP) server. It should only be present if file sharing is enabled (in the System Preferences' Sharing pane). |
autodiskmount | Responsible for mounting removable disks and media. |
automount | Automatically mounts and unmounts network (NFS and AFP) file systems as they are accessed / left idle. |
configd | Maintains dynamic configuration information about the computer and its environment (mainly the network). |
CrashReporter | Logs information about program crashes. It can be configured (via editing /etc/hostconfig in OS X 10.0, and the Console utility's preferences on OS X 10.1) to log crashes in ~/Library/Logs. |
cron | Runs various scheduled programs and scripts, mostly to perform perodic maintenance on the computer. Note: in Mac OS X, this is set to run system maintenance late at night; if the computer is turned off every night, the maintenance may never get done. Either leave the computer on overnight occasionally, or use something like Brian R. Hill's program MacJanitor to perform maintenance manually. In Mac OS X 10.4 it was mostly replaced by launchd, but is kept around for compatibility. |
DirectoryService | This process acts as a central clearinghouse for "Directory" information -- mainly users/groups/authentication, and service location (e.g. file servers, printers, etc). It gathers information from a variety of plugins (NetInfo, LDAP, Active Directory, NIS, Bonjour/Rendesvous/, AppleTalk, SMB) and hands it out to whatever program requested it. |
DesktopDB | Keeps track of information on currently known applications and their document types. Used by the Finder to associate documents with the appropriate application. |
distnoted | Provides distributed notifications services. |
dynamic_pager | Assists the kernel with managing swap files for virtual memory. |
ftpd | Handles incoming FTP (File Transfer Protocol) connections. This process is created dynamically by xinetd (or inetd in earlier versions of OS X), so it should only appear when someone is actually connected to your computer. |
httpd | This is Apache, the web server that ships with OS X. It should only be present if web sharing is enabled (in the System Preferences' Sharing pane). It is normal for there to be several of these running, one owned by root, the rest by www. |
init | (10.0-10.3 only) The master of the computer from the BSD/unix point of view. This is responsible for creating (via the /etc/rc* scripts and StartupItems) and looking after many of the other background processes. In Mac OS X 10.4 it was replaced by launchd. |
inetd | (10.0-10.3 only) Responsible for starting and looking after some internet services (mainly FTP and telnet) provided by this computer. As of version 10.2 this was functionally replaced by xinetd (which was then replaced by launchd), but was kept around through Mac OS X 10.3 for compatibility. |
ipconfigd | (10.0-10.1.1 only) Automatically configures the network. Now merged into configd (since OS X 10.1.2, if I'm reading right). |
KernelEventAgent | Handles notifications about file system status (e.g. "A server you are using is no longer available. Do you want to continue trying to contact it?" and "Your startup disk is almost full. You need to make more space available on your startup disk by deleting files.") |
kextd | Responsible for loading and unloading kernel extensions (e.g. device drivers) as they are needed. |
launchd | (v10.4 and later) This process replaces init and mach_init, and takes over most of the functions of cron and xinetd. |
lookupd | Handles looking up information from network information services such as NetInfo and DNS, and acts as a bridge to allow unix/BSD/posix programs to get information from DirectoryService. |
mach_init | (10.0-10.3 only) The Mach kernel's bootstrap port server. This is the first process created during bootup, and creates the BSD init process (which then creates everything else). In Mac OS X 10.3, it's also used to create several daemons that used to be created via StartupItems. In Mac OS X 10.4, it's replaced by launchd. |
mDNSResponder | The multicast DNS (a component of Bonjour/Rendezvous) responder; this advertises network services (such as AFP file sharing) provided by this computer, as well as the computer's self-chosen ".local" name. Note: this runs under the pseudo-user "nobody" (presumably for security reasons). |
netinfod | Serves out NetInfo data. There will be one of these processes for each NetInfo domain served from the computer (normally just one, for the local domain). ProcessViewer/Activity Monitor won't tell you which daemon process serves which NetInfo domain, but the ps command will. |
nfsiod | Services asynchronous requests to an NFS server. It is normal for there to be several of these. |
nibindd | Finds, creates, and destroys NetInfo servers (i.e. netinfod). This process will only exist if you have something beyond the standard local NetInfo domain set up. |
notifyd | Passes event notifications between processes. |
ntpd | Synchronizes the Mac's clock with network time servers. |
pitond | The Retrospect backup client (only present if you've installed Retrospect Client). |
pmTool | This is actually a user process that happens to run as root. Activity Monitor uses it to collect information on running processes. |
portmap | Dynamically assigns RPC (network Remote Procedure Call) services (such as NetInfo and NFS) to TCP/UDP ports. |
slpd | The Service Location Protocol (SLP) responder; this advertises network services (such as AFP file sharing) provided by this computer. SLP has been functionally replaced by Bonjour/Rendezvous, but is kept active for compatibility with older computers on the network. |
slpdLoad | This process frequently shows up as a Zombie in ProcessViewer's listing (with semirandom owner, parent, and statistics) under early versions of OS X. Don't worry, it's harmless, just a little confused. (More technically: a zombie process is one that has finished (i.e. died), but whose parent process has not received notification of its death. In order to keep process information around until the parent process is notified, the zombie's entry is left in the process table even though the process itself is gone. A bit morbid, perhaps, but since it doesn't consume resources, it's not really a problem.) |
sshd | The secure shell server -- listens for and handles incoming SSH (encrypted remote login) connections. It was added in version 10.0.1 and should only be present if "Allow remote login" is enabled (in the System Preferences' Sharing pane). Note: In 10.3, sshd no longer runs continuously to listen for incoming ssh connections. Instead, xinetd (v10.3) or launchd (v10.4) does the listening, and only starts sshd when it's actually needed. |
syslogd | Logs and/or dispatches system status and error messages. |
telnetd | Handles incoming telnet (remote login) connections. It's enabled by the "Allow remote login" option in the System Preferences' Sharing pane of Mac OS X 10.0; in later versions it's disbled, and SSH is used instead (although telnetd can be reenabled manually by editing the /etc/inetd.conf file). This process is created dynamically by inetd, so it should only appear when someone is actually telnetted into your computer. |
update | Responsible for keeping disks synchronized with the file system cache, to keep data loss to a minimum in case of a crash. |
xinetd | Responsible for starting and looking after some internet services (mainly ssh, FTP and telnet) provided by this computer. This is essentially an extended version of inetd. In Mac OS X 10.4 it was mostly replaced by launchd, but is kept around for compatibility. |
User processes (generally owned by the current user):
Process | Its function |
---|---|
ATSServer | The Apple Type Solution Server; responsible for managing the available fonts and making them available to applications. |
Dock | Maintains and displays the Dock. |
DocklingServer | Keeps docklings' status and displays up to date. |
Finder | The Finder. |
hdid | Handles mounted disk image (.img and .dmg) files. |
LaunchCFMApp | Applications in the old-style Macintosh format (Code Fragment Manager format, aka CFM, aka PEF) will show up in Process Viewer under this name. LaunchCFMApp is actually a wrapper program provided for compatibility with this old application format; Process Viewer just can't see through the wrapper to the actual application inside. (Note: the distinction between the old (CFM) and new (mach-o) formats is not the same as the distinction betweem the old (Carbon) and new (Cocoa) application environments. Many of the Carbon apps you're likely to run into on OS X are in mach-o format.) |
loginwindow | This is only partly a user process -- it starts before anyone logs into the computer, and is responsible for displaying the login screen (or not, if autologin is set), validating login attempts, and setting up the user environment (launching the Finder, Dock, any login apps, etc) at login. It also acts as a process monitor for user processes, restarts the Finder or Dock if they crash, and implements the Force Quit Applications window. Finally, it handles the logout, restart, and shutdown procedures. |
pbs | The pasteboard server; analogous to the clipboard under Mac OS 9. |
pmTool | a background process that Activity Monitor uses to collect information on running processes. Note that this process runs as root (despite being part of a user-level program). |
SystemUIServer | (OS X 10.1 and later) Maintains the Menu Items in the right end of the menu bar. |
TruBlueEnvironment or "(null)" | The Classic (OS 9 compatibility) environment. This single process includes OS 9 and all running classic applications. The name derives from an early Apple code-name for the Classic environment: "the Blue Box". For some reason, Activity Monitor (under Mac OS X v10.3) has trouble reading this process's name, and tends to display it as "(null)". |
WindowServer (aka Window Manager) | Responsible for managing the computer's display and mediating between the various Applications and other processes that want to display information on it. It also does the grunt work of launching new user applications, so most user processes are actually its children in the process hierarchy. |
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home