Basic process management in Linux

What is a Process in Unix/Linux?

One of the notable features of Unix/Linux is the ability to run multiple programs simultaneously. The Operating System sees each executable entity it controls as a process. A program can consist of multiple processes combined. For the Operating System, processes work together to share the CPU processing speed, and use shared memory, and other system resources. Processes are scheduled in a round-robin manner by the Operating System.

As a system programmer, system administrator, or DevOps, most of your time will be spent working on Unix/Linux systems. Commands are used to interact with the operating system when working on Unix/Linux. Each command on Unix/Linux when executed will run a process or a group of processes. Therefore, understanding processes and the skills to manage and use processes on Unix/Linux systems is essential. In this article, I will introduce you to the basic knowledge and skills to manage processes on Unix/Linux systems.

Basic Terminologies

• PID

Each process has a unique PID (Process Identify) throughout the system at the time the process is running.

• PPID

Each process has a parent process with the identification of PPID (Parent process ID). Child processes are usually started by parent processes. A parent process can have multiple child processes, but a child process can have only one parent process.

• init

The init process is the first process started after you select the Operating System in the boot loader. In the process tree, the init process is the parent process of other processes. The init process has the following characteristics: + PID = 1 + Cannot kill the init process.

• kill

When a process stops running, it dies. When you want to kill a process, you need to kill it.

• daemon

A daemon process is a background process. These processes are started when the system is booted up and will continue to run indefinitely.

• zombie

A zombie is a leftover part of a process that has stopped working but has not been cleaned up. And, yes, zombie means zombie, meaning that process has died and you cannot "kill" it again. Programs that leave zombie processes after exiting mean that the program was poorly programmed.

Basic process management in Linux

=====================================

• $$ và $PPID

Some shell environment variables contain information about processes. The variable $$ holds your current process ID and $PPID holds the PID of the parent process. In fact, $$ is a shell parameter and not a variable, you cannot assign a value to it. Below, I use the echo command to display the values of $$ and $PPID.

> $ echo $$ $PPID
2024173 1946762

• pidof

With the pidof command, you can search for all process IDs by name.

> $ pidof nginx
1978170 1978169 1978168 1978167 538

• parent and child

Processes have parent-child relationships. Every process has a parent process. When starting a new shell, you can use echo to verify that the previous pid is the ppid of the new shell. The above child process has become the parent process.

 > $ bash
 > $ echo $$ $PPID
2041129 2024173

Enter exit to end the current process and see the values of $$ and $PPID

 > $ bash
 > $ echo $$ $PPID
2045905 1946762
 > $ exit
 > $ echo $$ $PPID
2046134 1946762

• fork và exec

A process starts another process in two stages. First, the process creates a copy (fork) of itself, exactly like it. Then, the forked process performs an execution (exec) to replace the forked process with the child process.

 > $ echo $$
2046315
 > $ bash
 > $ echo $$ $PPID
2046471 2046315
 > $

• exec

With the exec command, you can execute a process without creating a new process. In the example below, the Korn shell (ksh) is launched and being replaced by a bash shell using the exec command. The PID of the bash shell is also the same as the PID of the Korn shell. Exiting the child bash shell will bring me back to the parent bash shell, not back to the Korn shell (no longer exists).

 > $ echo $$
2024173 # PID of bash
 > $ ksh
$ echo $$ $PPID
2040691 2024173
 > $ exit
exit
 > $ echo $$
2024173

• ps

One of the most common tools on Linux to view processes is ps. The following example shows the parent-child relationship between three bash processes.

 > $ echo $$ $PPID
2047247 2047214
 > $ bash
 > $ echo $$ $PPID
2047837 2047247
 > $ bash
 > $ echo $$ $PPID
2047904 2047837
 > $ ps -fx
    PID     TTY      STAT   TIME COMMAND
    2047214 ?        Ss     0:00  \_ sshd: root@pts/44
    2047247 pts/44   Ss     0:00  |   \_ -bash
    2047837 pts/44   S      0:00  |       \_ bash
    2047904 pts/44   S      0:00  |           \_ bash
    2047977 pts/44   R+     0:00  |               \_ ps -fx
 > $ exit
exit
 > $ ps -fx
    PID     TTY      STAT   TIME COMMAND
    2047214 ?        Ss     0:00  \_ sshd: root@pts/44
    2047247 pts/44   Ss     0:00  |   \_ -bash
    2047837 pts/44   S      0:00  |       \_ bash
    2048248 pts/44   R+     0:00  |           \_ ps -fx
 > $ exit
exit
 > $ ps -fx
    PID     TTY      STAT   TIME COMMAND
    2047214 ?        Ss     0:00  \_ sshd: root@pts/44
    2047247 pts/44   Ss     0:00  |   \_ -bash
    2048522 pts/44   R+     0:00  |       \_ ps -fx
 > $

On Linux, ps -fax is a commonly used command. On Solaris, ps -ef (which also works on Linux) is more popular. Here is a sample output from the ps -fax command:

 > $ ps -fax
PID TTY STAT TIME COMMAND
1 ? S 0:00 init [5]
...
2046788 ?        Ss     0:00  \_ sshd: [accepted]
2046789 ?        S      0:00  |   \_ sshd: [net]
2047214 ?        Ss     0:00  \_ sshd: root@pts/44
2047247 pts/44   Ss     0:00      \_ -bash
2047273 pts/44   R+     0:00          \_ ps -fax

• pgrep

Just like ps -C, you can utilize pgrep to find a process by its command name.

 > $ sleep 1000 &
[1] 2048730
 > $ pgrep sleep
2048730
 > $ ps -C sleep
    PID TTY          TIME CMD
2048730 pts/44   00:00:00 sleep

You can also list the command name of a process with pgrep.

 > $ pgrep -l sleep
2048730 sleep

• top

A popular and perhaps familiar tool for Linux users is top. The tool can show a table of currently running processes in real-time, as well as the CPU and memory usage of the system. it also provides many different options that allow you to sort processes by CPU, usage, or other attributes. Additionally, you can kill processes with top. Overall, I think this is an important tool that is both intuitive and easy to use for Linux system administrators in general.

The main parameters for the top command are:

• -h - Display the current version
• -c - This parameter toggles the command column state from showing command names to program names and vice versa
• -d - Specify the delay time when refreshing the screen
• -o - Sort by a named field
• -p - Display only processes with specified IDs
• -u - Display only processes of a specified user
• -i - Do not display idle tasks

Additionally, while top is running, you can enable and disable many features, change the display by pressing relevant keys. The top command has some additional parameters, you can learn more about them by using the man top command on the command line.

Conclusion

Above, I have just shared some basic skills and frequently used commands to manage processes on Unix/Linux operating systems.

Thank you for reading!