In this tutorial, you will learn everything about processes in Linux and how to manage them.
UNDERSTANDING THE SUBJECT MATTER
Everything in Linux runs as a process, I mean everything, including services and a shell command that is running on a terminal. As a matter of fact, the opened terminal it’s self is a process.
Therefore, a process in Linux is a running program. A process can either run as a shell, a job or in the background.
As we go on in this subject matter, you will understand what a job in Linux is, but have it at the back of your mind that a job, as far as it is a running program is also a process as well.
As soon as the Linux OS is turned on, background programs and services starts to run, this programs can also be called background processes and they all have a unique process ID.
Managing process in Linux many times requires you manage them via their process ID’s and every processes in Linux have a process ID.
The command used to view all the current processes running on Linux system is “ps“, which means (print snapshot) of the current processes. ps will show the running process of the particular user, but of course you would need to pass the command with options many times.
The root user will be able to see all processes running on the system and alter them while the other users will only be able to see, most of the time their processes and can’t alter any other processes apart from theirs.
To view all the current processes running on the system, use the command,
ps -ef (using standard syntax)
OR
ps aux (using BSD syntax)
To know the total number of processes running on the system, use the command,
[root@lab02 ~]# ps aux |wc
143 1655 13871
On my system, there are 143 processes running. Yours may be different.
Moving forward, just as we humans have attributes, processes also have attributes as well. From the screen-shot above, i.e, with the command (ps aux), you can see the attributes of a process, let’s understand what these attributes means.
- The “USER” field represents the user that is running the process
- The “PID” field represents the process ID and it is unique.
- The “%CPU” field represents the amount of the CPU the process is using in %
- The “%MEM” represents the amount of the memory the process is using in %.
- The “VSZ” field represents the virtual memory size. The virtual memory size is the memory size the process has reserved and has access to but not currently using it.
- The “RSS” field represents the resident memory size or resident set size. The resident memory is the memory size that has been allocated to the process in RAM. (i.e, physical RAM size the process is using). The RSS field is also represented as “RES” if the top command is used.
- The “TTY” field represents the terminal the process is running on. For a process that is running in the background, you will see “?” but for a process that is not running in the background, you will see the terminal, the terminal can be in the form of “pts/0”
- The “STAT” field represents current process states. The process states are as follow:
“S” means the process is in interruptible sleep state (waiting for an event to complete),
“R” means it is in a running state or on a run queue, (i.e, queued waiting to be run)
“I” means Idle kernel thread
“<” represents high-priority (not nice to other users)
“s” represents session leader
“z” represents a zombie process (which is a child process that always informs the parent process. it releases all its resources except its process ID)
“T” represents a stopped or suspended process. More so, a stopped or suspended process is not a terminated process. A stopped process can be started while a terminated process can’t
To see more of the alphabets representation of the process state, you can use the man page.
man ps
- The “START” field represents the start time of the process.
- The “TIME” field represents the total number of time the process has been running.
- The “COMMAND” field represents the command associated with the process.
Just as we humans give birth, a process also gives birth, but not to a boy or a girl. lol. A process can run as one process or also spawn or initiates other processes. i.e(gives birth to other processes).
The other spawned processes that are sequel to the parent process are child processes, while the processes that spawns or initiate the other processes are parent processes.
Parent processes too usually have a parent process ID (PPID). The PPID field was what we saw when the standard syntax (ps -ef) was used to check all the running processes on the system.
Let’s see what a parent and child processes looks like.
Using the command,
ps fax
you can see the process tree as shown in the screen shot. If you kill a parent process, all the child processes will be terminated as well. But you can kill child processes and the parent process will not be terminated.
A good command to get the parent process ID (PPID) of a process is by using the command,
ps -o ppid=<pid>
For example, to get the PPID of the PID,69403, which was from the command “ps fax”, use the command,
[root@lab02 ~]# ps -o ppid=69403
69403
69342
69343
[root@lab02 ~]#
If you kill the process 69342 or 69343, which is a parent process to the command “ps fax” with PID 69403, you will loose connection to the bash session.
If you are logged in via ssh, you will be kicked out. As a matter of fact, you may need to restart ssh before you can login with ssh again.
Also, if you are logged in via the console and you kill the bash parent process, you will be logged out. you will have to log in again to be able to continue your session.
In real sense, the command will only display the PID of the shell session as PPID.
There are other commands that are used and very effective to get the PPID. One of them is
ps -l <PID> |grep -v grep
Now, let’s use it on the ps fax process (69403) again,
[root@lab02 ~]# ps -l 69403 | grep -v grep
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
What did you see? you can see that the command did not display the PPID as it did when we used the first command.
If you remember correctly, in the beginning of this subject matter, I mentioned the word “job” and I also said it is a process, though not a background daemon process.
The command, “ps fax” is a job that is not running in the background and the command doesn’t display the PPID of a job that is not running in the background.
As we go on, you will understand what a job is and how it can be run in the background.
If you use the same command on httpd process, which is a service and runs as a daemon process, the output of the PPID will be displayed. Lets try it.
Get the PID of httpd first,
[root@lab02 ~]# ps -ef |grep httpd
root 5151 4931 0 20:43 pts/0 00:00:00 grep --color=auto httpd
root 73272 1 0 Feb13 ? 00:00:11 /usr/sbin/httpd -DFOREGROUND
apache 89292 73272 0 03:51 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 89293 73272 0 03:51 ? 00:00:15 /usr/sbin/httpd -DFOREGROUND
apache 89294 73272 0 03:51 ? 00:00:15 /usr/sbin/httpd -DFOREGROUND
apache 89295 73272 0 03:51 ? 00:00:14 /usr/sbin/httpd -DFOREGROUND
[root@lab02 ~]#
Now , let’s use the command on httpd process. I hope you can as well see the child processes of httpd.
[root@lab02 ~]# ps -l 73272 | grep -v grep
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 73272 1 0 80 0 - 66440 core_s ? 0:11 /usr/sbin/httpd -DFOREGROUND
[root@lab02 ~]#
you can now see the PPID of the httpd process. it is 1
Again, let’s use our first command on the httpd process,
[root@lab02 ~]# ps -o ppid=73277
73277
70321
70322
[root@lab02 ~]#
what did you see? you did not see 1, right? you can see that when you use the latter command to get the PPID, it will only display the shell PID as the PPID.
If you kill 70321 and 70322, you will only be logged out of the shell but the process will keep running.
In Summary, the command, “ps -o ppid=73277” can only be used to get the PPID of a cureent shell process while the command, “ps -l 73272 | grep -v grep” is used to get the PPID of a background process which the the real PPID.
Hence, when you really want to get and kill a PPID of a process, for example, to get the PPID of the PID, 73272, use the command,
[root@lab02 ~]# ps -l 73272 | grep -v grep
A process tree can also be viewed with the command,
[root@lab02 ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─agetty
├─atd
├─chronyd
├─crond
├─dbus-daemon───{dbus-daemon}
├─firewalld───{firewalld}
├─hypervkvpd
├─hypervvssd
├─irqbalance───{irqbalance}
├─login───bash
├─mcelog
├─polkitd───5*[{polkitd}]
├─python3.6───python3.6───2*[{python3.6}]
├─rngd
├─rsyslogd───2*[{rsyslogd}]
├─smartd
├─sshd─┬─sshd───sshd───bash
│ ├─sshd───sshd───bash───pstree
│ └─4*[sshd]
├─sssd─┬─sssd_be
│ └─sssd_nss
├─systemd───(sd-pam)
├─systemd-journal
├─systemd-logind
├─systemd-resolve
├─systemd-udevd
├─tuned───3*[{tuned}]
└─vsftpd
If you don’t want to see all the running processes, you can also view or see a specific running process
To see a specific running process, you can pipe the command to the grep utility.
One thing you must know is that every processes have a process ID as I have always said, so if a process is running, a process ID is also associated to the process automatically.
For example, to see the vsftpd process ID, use the command,
[root@lab02 ~]# ps -ef |grep vsftpd
root 81592 1 0 16:56 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
root 87579 87010 0 18:47 pts/0 00:00:00 grep --color=auto vsftpd
To see the process ID of the httpd process, use the command,
[root@lab02 ~]# ps -ef |grep httpd
root 8484 8074 0 21:57 pts/0 00:00:00 grep --color=auto httpd
root 73272 1 0 Feb13 ? 00:00:11 /usr/sbin/httpd -DFOREGROUND
apache 89292 73272 0 03:51 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 89293 73272 0 03:51 ? 00:00:16 /usr/sbin/httpd -DFOREGROUND
apache 89294 73272 0 03:51 ? 00:00:16 /usr/sbin/httpd -DFOREGROUND
apache 89295 73272 0 03:51 ? 00:00:16 /usr/sbin/httpd -DFOREGROUND
you can as well see the child processes of the PID, 73272.
Again, let’s use the PPID command to get the PPID of one of the child processes,
[root@lab02 ~]# ps -l 89293 | grep -v grep
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
5 S 48 89293 73272 0 80 0 - 448628 - ? 0:16 /usr/sbin/httpd -DFOREGROUND
Going forward, other utilities that can be used to view the processes and process ID running on the system. One of the utilities I love so much is “pidof”.
To view the process ID of vsftpd using the “pidof” utility, use the command,
[root@lab02 ~]# pidof vsftpd
2187
[root@lab02 ~]#
To see the process ID of httpd using the “pidof” utility, use the command,
[root@lab02 ~]# pidof httpd
89295 89294 89293 89292 73272
[root@lab02 ~]#
Other interesting command I also use is
ps -ef | grep -i <process>| grep -v grep
OR
ps -ef | grep -i <process> | awk ‘$8!=”grep” {print $0}’
For example, to see the process ID of the vsftpd process, use the command,
[root@lab02 ~]# ps -ef | grep -i vsftpd | grep -v grep
root 36460 1 0 21:10 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
[root@lab02 ~]# pidof vsftpd
OR
[root@lab02 ~]# ps -ef | grep -i vsftpd | awk '$8!="grep" {print $0}'
root 36460 1 0 21:10 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
[root@lab02 ~]#
To find a process name with a process ID, use the command,
ps -ef |grep <PID>
For example, to find the process name of the PID 36805, use the command,
[root@lab02 ~]# ps -ef | grep 36805
root 36805 1 0 Feb20 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 36806 36805 0 Feb20 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 36807 36805 0 Feb20 ? 00:00:09 /usr/sbin/httpd -DFOREGROUND
apache 36808 36805 0 Feb20 ? 00:00:09 /usr/sbin/httpd -DFOREGROUND
apache 36809 36805 0 Feb20 ? 00:00:09 /usr/sbin/httpd -DFOREGROUND
apache 70239 36805 0 07:26 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
root 74400 74317 0 08:46 pts/0 00:00:00 grep --color=auto 36805
[root@lab02 ~]#
To see the tree of the httpd process for example, use the command,
[root@lab02 ~]# pstree |grep httpd
|-httpd-+-httpd
| |-2*[httpd---64*[{httpd}]]
| `-httpd---80*[{httpd}]
[root@lab02 ~]#
Going forward, let’s understand what a job is in Linux and how to manage them.
Due to the conventional way of article writing on this site, especially on the Linux category, and the broad nature of this topic, jobs in Linux will be treated as part 2 of this subject matter.
More so, part 2 will have the “ACTION TIME” section and may also include how to manage priority in Linux.
Cheers!!!
Your comment is appreciated.
Your feedback is welcomed. If you love others, you will share with others.
Leave a Reply