A Linux process is an instance of a program in execution. When you open an application or run a command on your Linux system, a process is created to carry out that specific task. Each process operates independently with its own set of resources, including memory, CPU time, and open files.
- Each process has a process id also called as PID
- Every process has a parent process called as PPID
Child process is often started by the parent process
init process (runit,systemd,openrc,s6,dinit) have PID as 1, i.e it is the first process that boot your Linux system. If you don't know about what init in your system it's systemd
When you want a process to die you can kill it.
Process that starts at system startup and keeps on running forever are called daemon. The daemon never dies
When a process is killed but it is still showing up in the system then that process is known as zombie. You can't kill zombie coz they are already dead Zombie processes never occupy the resources like CPU or RAM, only an entry remains in the process but these process are already killed.
Syntax
ps [options]
options we will check in a while. But what if we just type
ps
We will can see two processes one is current shell and another one is the ps command itself that we just entered.
- PID is the process ID (every process has unique id)
- TTY is the terminal type of user logged into.
- TIME is amount of CPU in min and sec that process has been running.
- CMD is name of the command that launch the process
To check the process id of your shell
prints the PID of your shell
echo $$
prints PID with the process name
ps -C bash
Print the process id of the parent
echo $PPID
Not only print the process id of current shell, but the process id of it's parent as well.
echo $$ $PPID
first id is current and second id is parent id
Check the level of the shell
echo $SHLVL
3 is the level of the shell
The parent will always have less number as PID, coz parent came first. (parent will start the child process, so always the PID of parent is less in number.)
pidof command
Find the process ID of a running program
pidof bash
Remember we discussed about init process that PID is 1 as it is the first process executes when we power on the machine, in my case i am running runit as my init , in your case it will be systemd
pidof runit
When a process starts another process in two phases First the process create a fork of itself then a identical copy, then the fork process executes and exec to replace fork process with the target child process.
IK, lol we will see what that even mean with that following example
In bash shell
echo $$
echo $$ $PPID
Switch to zsh or any other shell
echo $$
echo $$ $PPID
exec bash
echo $$ $PPID
To see all the processes in system
ps fx
- PID : Process ID
- TTY : Terminal from where the process has started
- STAT : State and Signals (High/Low priorities,Stop/Idle conditions)
- TIME : Time
- COMMAND : The command for which that process has started
To check a particular process
ps fx | grep bash
With some options
ps -ef
We will see output in different format
Get the process id
Directly grep the process
pgrep bash
We can even see the processes in tree format.
To check the process in tree format
Process there child along with how many processes in tree format
pstree
Now, let see with p option
pstree -p
option -p will show the PID with tree format
To check the process with respect to user
For which user,which process is running
pstree -p -u username
- -p option means the PID
- -u option means the user
Check the details of particular process
sleep process will run on background
sleep 200 &
-p option means PID, -s option means process and the number is the PID of sleep which is running on background
pstree -p -s 8379
ps -C sleep
To kill the process
kill 8379
Now, if we check the state of that process
ps fx | grep 8379
- D : uninterruptible sleep (usually IO)
- R : running or runnable (on run queue)
- S : interruption sleep (warning for an event to complete
- T : stopped, either by a job control signal or because it is being traced
- W : paging (not valid since the 2.6.X.X kernal)
- X : dead (should never be seen)
- Z : defunct (zombie) process, terminated but not repead by it parent
- I : idle state
Here are the different values that the s, stat and state output specifies (header "STAT" or "S") will display to describe the state of process
For BSD formats & when the state keyword is used,additional characters may display
- < high priority (not nice to other user)
- N low priority (nice to other users)
- L has pages locked into memory (for real-time & custom IO)
- s is a session leader
- l is multi-threaded (using CLONE_THREAD, like NPTL thread)
- is in the foreground process group
Kill process
sleep 80 &
jobs
ps -C sleep
kill 9439
jobs
Signals in kill command
There are many signals in kill, to list all
kill -l
By default kill means kill -15
Let, us see the most used signals one by one
1 SIGHUP : The process should re-read it's configuration file.
kill -1 1
This command will re-read init (runit in my case) conf. file
15 SIGTERM : When we run kill command that means kill -15 (standard kill)
sleep 100 &
kill -15 10386
or kill 10386
ps -C sleep
When we kill some process normally, few process did't got killed. So, we kill them from kernel itself.
9 SIGKILL : To kill the process from kernel (sure kill)
The kernel will shoot down the process and as a developer you have no means to intercept a kill -9 signal
sleep 120 &
kill -9 10572
ps -C sleep
In TTY we can see Killed , Terminate and Killed are not same
Now, it's not so much in use but in case you have to see the system calls
It, may not installed by default in some distros
strace
sleep 120 &
strace -p 7430
kill -9 7430
strace -p 7430
18 SIGCONT : To start any process
19 SIGSTOP : To stop the process (we can resume it later)
sleep 280 &
process stopped
kill -19 10744
process started
kill -18 10744
ps -C sleep
Kill a process it's name (pkill)
sleep 160 &
sleep 280 &
pkill sleep
jobs
ps -C sleep
No sleep processes running all sleep process are killed
Kill Multiple processes (killall)
sleep 120 &
sleep 200 &
In new terminal
top
killall sleep top
That's all you need to manage Linux processes :)
Top comments (0)