NOTE: I have also included this post in its entirety in my post about htop
I launched a Digital Ocean droplet with Ubuntu Server.
Then I installed
htop to look at the currently running processes.
I had no idea what half of them do. Do I even need them?
Here are my research notes on the processes that are run at startup on a fresh Digital Ocean droplet with Ubuntu Server 16.04.1 LTS x64.
Table of Contents
The /sbin/init program (also called init) coordinates the rest of the boot process and configures the environment for the user.
When the init command starts, it becomes the parent or grandparent of all of the processes that start up automatically on the system.
Is it systemd?
$ dpkg -S /sbin/init systemd-sysv: /sbin/init
Yes, it is.
What happens if you kill it?
systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on logging information that is received from a variety of sources.
In other words:
One of the main changes in journald was to replace simple plain text log files with a special file format optimized for log messages. This file format allows system administrators to access relevant messages more efficiently. It also brings some of the power of database-driven centralized logging implementations to individual systems.
You are supposed to use the
journalctl command to query log files.
journalctl _COMM=sshdlogs by sshd
journalctl _COMM=sshd -o json-prettylogs by sshd in JSON
journalctl --since "2015-01-10" --until "2015-01-11 03:00"
journalctl --since 09:00 --until "1 hour ago"
journalctl --since yesterday
journalctl -blogs since boot
journalctl -fto follow logs
It looks like it is not possible to remove or disable this service, you can only turn off logging.
The lvmetad daemon caches LVM metadata, so that LVM commands can read metadata without scanning disks.
Metadata caching can be an advantage because scanning disks is time consuming and may interfere with the normal work of the system and disks.
But what is LVM (Logical Volume Management)?
You can think of LVM as "dynamic partitions", meaning that you can create/resize/delete LVM "partitions" (they're called "Logical Volumes" in LVM-speak) from the command line while your Linux system is running: no need to reboot the system to make the kernel aware of the newly-created or resized partitions.
It sounds like you should keep it if you are using LVM.
$ lvscan $ sudo apt remove lvm2 -y --purge
systemd-udevd listens to kernel uevents. For every event, systemd-udevd executes matching instructions specified in udev rules.
udev is a device manager for the Linux kernel. As the successor of devfsd and hotplug, udev primarily manages device nodes in the /dev directory.
So this service manages
I am not sure if I need it running on a virtual server.
systemd-timesyncd is a system service that may be used to synchronize the local system clock with a remote Network Time Protocol server.
So this replaces
$ timedatectl status Local time: Fri 2016-08-26 11:38:21 UTC Universal time: Fri 2016-08-26 11:38:21 UTC RTC time: Fri 2016-08-26 11:38:20 Time zone: Etc/UTC (UTC, +0000) Network time on: yes NTP synchronized: yes RTC in local TZ: no
If we take a look at the open ports on this server:
$ sudo netstat -nlput Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2178/sshd tcp6 0 0 :::22 :::* LISTEN 2178/sshd
Previously on Ubuntu 14.04 it was
$ sudo apt-get install ntp -y $ sudo netstat -nlput Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1380/sshd tcp6 0 0 :::22 :::* LISTEN 1380/sshd udp 0 0 10.19.0.6:123 0.0.0.0:* 2377/ntpd udp 0 0 139.59.256.256:123 0.0.0.0:* 2377/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 2377/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 2377/ntpd udp6 0 0 fe80::601:6aff:fxxx:123 :::* 2377/ntpd udp6 0 0 ::1:123 :::* 2377/ntpd udp6 0 0 :::123 :::* 2377/ntpd
atd - run jobs queued for later execution. atd runs jobs queued by at.
at and batch read commands from standard input or a specified file which are to be executed at a later time
Unlike cron, which schedules jobs that are repeated periodically,
at runs a job at a specific time once.
$ echo "touch /tmp/yolo.txt" | at now + 1 minute job 1 at Fri Aug 26 10:44:00 2016 $ atq 1 Fri Aug 26 10:44:00 2016 a root $ sleep 60 && ls /tmp/yolo.txt /tmp/yolo.txt
I've actually never used it until now.
sudo apt remove at -y --purge
Snappy Ubuntu Core is a new rendition of Ubuntu with transactional updates - a minimal server image with the same libraries as today’s Ubuntu, but applications are provided through a simpler mechanism.
Developers from multiple Linux distributions and companies today announced collaboration on the “snap” universal Linux package format, enabling a single binary package to work perfectly and securely on any Linux desktop, server, cloud or device.
Apparently it is a simplified deb package and you're supposted to bundle all dependencies in a single snap that you can distribute.
I've never used snappy to deploy or distribute applications on servers.
sudo apt remove snapd -y --purge
In computing, D-Bus or DBus is an inter-process communication (IPC) and remote procedure call (RPC) mechanism that allows communication between multiple computer programs (that is, processes) concurrently running on the same machine
My understanding is that you need it for desktop environments but on a server to run web apps?
sudo apt remove dbus -y --purge
I wonder what time it is and whether it is being synchronized with NTP?
$ timedatectl status Failed to create bus connection: No such file or directory
Oops. Should probably keep this.
systemd-logind is a system service that manages user logins.
cron - daemon to execute scheduled commands (Vixie Cron)
-fStay in foreground mode, don't daemonize.
You can schedule tasks to run periodically with cron.
crontab -e to edit the configuration for your user
or on Ubuntu I tend to use the
/etc/cron.daily, etc. directories.
You can see the log files with
grep cron /var/log/syslogor
journalctl _COMM=cronor even
journalctl _COMM=cron --since="date" --until="date"
You'll probably want to keep cron.
But if you don't, then you should stop and disable the service:
sudo systemctl stop cron sudo systemctl disable cron
Because otherwise when trying to remove it with
apt remove cron it will try to install postfix!
Rsyslogd is a system utility providing support for message logging.
In another words, it's what populates log files in
/var/log/auth.log for authentication messages like SSH login attempts.
The configuration files are in
You can also configure rsyslogd to send log files to a remote server and implement centralized logging.
You can use the
logger command to log messages to
in background scripts such as those that are run at boot.
# NFS, get IPs, etc. logger Done doing somethinglogger Starting doing something
Right, but we already have
systemd-journald running. Do we need
rsyslogd as well?
Rsyslog and Journal, the two logging applications present on your system, have several distinctive features that make them suitable for specific use cases. In many situations it is useful to combine their capabilities, for example to create structured messages and store them in a file database. A communication interface needed for this cooperation is provided by input and output modules on the side of Rsyslog and by the Journal's communication socket.
So, maybe? I am going to keep it just in case.
acpid - Advanced Configuration and Power Interface event daemon
acpid is designed to notify user-space programs of ACPI events. acpid should be started during the system boot, and will run as a background process, by default.
In computing, the Advanced Configuration and Power Interface (ACPI) specification provides an open standard that operating systems can use to perform discovery and configuration of computer hardware components, to perform power management by, for example, putting unused components to sleep, and to do status monitoring.
But I'm on a virtual server that I don't intend to suspend/resume.
I am going to remove it for fun and see what happens.
sudo apt remove acpid -y --purge
I was able to successfully
reboot the droplet but after
halt Digital Ocean thought it was still on so I had to Power Off using the web interface.
So I should probably keep this.
Lxcfs is a fuse filesystem mainly designed for use by lxc containers. On a Ubuntu 15.04 system, it will be used by default to provide two things: first, a virtualized view of some /proc files; and secondly, filtered access to the host’s cgroup filesystems.
In summary, on a 15.04 host, you can now create a container the usual way, lxc-create ... The resulting container will have “correct” results for uptime, top, etc.
It’s basically a userspace workaround to changes which were deemed unreasonable to do in the kernel. It makes containers feel much more like separate systems than they would without it.
Not using LXC containers? You can remove it with
sudo apt remove lxcfs -y --purge
The AccountsService package provides a set of D-Bus interfaces for querying and manipulating user account information and an implementation of these interfaces based on the usermod(8), useradd(8) and userdel(8) commands.
When I removed DBus it broke
timedatectl, I wonder what removing this service will break.
sudo apt remove accountsservice -y --purge
Time will tell.
mdadm is a Linux utility used to manage and monitor software RAID devices.
The name is derived from the md (multiple device) device nodes it administers or manages, and it replaced a previous utility mdctl. The original name was "Mirror Disk", but was changed as the functionality increased.
RAID is a method of using multiple hard drives to act as one. There are two purposes of RAID: 1) Expand drive capacity: RAID 0. If you have 2 x 500 GB HDD then total space become 1 TB. 2) Prevent data loss in case of drive failure: For example RAID 1, RAID 5, RAID 6, and RAID 10.
You can remove it with
sudo apt remove mdadm -y --purge
polkitd — PolicyKit daemon
polkit - Authorization Framework
My understanding is that this is like fine-grained sudo. You can allow non privilegded users to do certain actions as root. For instance, reboot your computer when you're running Linux on a desktop computer.
But I'm running a server. You can remove it with
sudo apt remove policykit-1 -y --purge
Still wondering if this breaks something.
sshd (OpenSSH Daemon) is the daemon program for ssh.
-D When this option is specified, sshd will not detach and does not become a daemon. This allows easy monitoring of sshd.
iscsid is the daemon (system service) that runs in the background, acting on iSCSI configuration, and managing the connections. From its manpage:
The iscsid implements the control path of iSCSI protocol, plus some management facilities. For example, the daemon could be configured to automatically re-start discovery at startup, based on the contents of persistent iSCSI database.
I had never heard of iSCSI:
In computing, iSCSI (Listeni/aɪˈskʌzi/ eye-skuz-ee) is an acronym for Internet Small Computer Systems Interface, an Internet Protocol (IP)-based storage networking standard for linking data storage facilities.
By carrying SCSI commands over IP networks, iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances. iSCSI can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location-independent data storage and retrieval.
The protocol allows clients (called initiators) to send SCSI commands (CDBs) to SCSI storage devices (targets) on remote servers. It is a storage area network (SAN) protocol, allowing organizations to consolidate storage into data center storage arrays while providing hosts (such as database and web servers) with the illusion of locally attached disks.
You can remove it with
sudo apt remove open-iscsi -y --purge
/sbin/agetty --noclear tty1 linux
/sbin/agetty --noclear tty1 linux
agetty - alternative Linux getty
getty, short for "get tty", is a Unix program running on a host computer that manages physical or virtual terminals (TTYs). When it detects a connection, it prompts for a username and runs the 'login' program to authenticate the user.
Originally, on traditional Unix systems, getty handled connections to serial terminals (often Teletype machines) connected to a host computer. The tty part of the name stands for Teletype, but has come to mean any type of text terminal.
This allows you to log in when you are physically at the server.
In Digital Ocean, you can click on
Console in the droplet details
and you will be able to interact with this terminal in your browser
(it's a VNC connection I think).
In the old days, you'd see a bunch of ttys started a system boot (configured in
but nowadays they are spun up on demand by systemd.
For fun, I removed this configuration file that launches and generates
sudo rm /etc/systemd/system/getty.target.wants/[email protected] sudo rm /lib/systemd/system/getty@.service
When I rebooted the server, I could still connect to it via SSH but I was no longer able to log in from the Digital Ocean web console.
sshd: root@pts/0 &
sshd: root@pts/0 means that there has been an SSH session established for the user
at the #
0 pseudoterminal (
pts). A pseudoterminal emulates a real text terminal.
bash is the shell that I am using.
Why is there a dash at the beginning? Reddit user hirnbrot helpfully explained it:
There's a dash at the beginning because launching it as "-bash" will make it a login shell. A login shell is one whose first character of argument zero is a -, or one started with the --login option. This will then cause it to read a different set of configuration files.
htop is an interactive process viewer tool that is running in the screenshot.
sudo apt remove lvm2 -y --purge sudo apt remove at -y --purge sudo apt remove snapd -y --purge sudo apt remove lxcfs -y --purge sudo apt remove mdadm -y --purge sudo apt remove open-iscsi -y --purge sudo apt remove accountsservice -y --purge sudo apt remove policykit-1 -y --purge
sudo apt remove dbus -y --purge sudo apt remove rsyslog -y --purge sudo apt remove acpid -y --purge sudo systemctl stop cron && sudo systemctl disable cron sudo rm /etc/systemd/system/getty.target.wants/[email protected] sudo rm /lib/systemd/system/getty@.service
I followed the instructions in my blog post about unattended installation of WordPress on Ubuntu Server and it works.
Here's nginx, PHP7 and MySQL.