Linux Process Management

Linux Process Management

A Linux process is an instance of a program in execution. When you open an application or run a command on your Linux system, a process is created to carry out that specific task. Each process operates independently with its own set of resources, including memory, CPU time, and open files.


TermDescription
PIDProcess ID, a unique identifier for each process.
PPIDParent Process ID, identifying the process that started a given process.
TTYTerminal type associated with the user.
TIMECPU time (minutes and seconds) that a process has been running.
CMDName of the command that launched the process.

  • Each process has a PID (Process ID).

  • Every process has a parent process (PPID).

    The init process (e.g., systemd, runit, openrc, s6, dinit) has a PID of 1 as it is the first process to boot your Linux system. If unsure, your system likely uses systemd.

    • When you want a process to die you can kill it.

    • Process that starts at system startup and keeps on running forever are called daemon. The daemon never dies

    • When a process is killed but it is still showing up in the system then that process is known as zombie. You can't kill zombie coz they are already dead Zombie processes never occupy the resources like CPU or RAM, only an entry remains in the process but these process are already killed.


ps

Example Output:

We will can see two processes one is current shell and another one is the ps command itself that we just entered.

ColumnDescription
PIDProcess ID.
TTYTerminal type.
TIMECPU time in minutes and seconds.
CMDName of the command that launched the process.

echo $$

echo $PPID

Prints PID with the process name

ps -C bash

echo $$ $PPID

first id is current and second id is parent id


echo $SHLVL

Example Output:

The parent will always have less number as PID, coz parent came first. (parent will start the child process, so always the PID of parent is less in number.)


Find the process ID of a running program

pidof bash

Remember, we discussed about init process that PID is 1 as it is the first process executes when we power on the machine, in my case i am running runit as my init , in your case it will be systemd

pidof runit


When a process starts another process in two phases First the process create a fork of itself then a identical copy, then the fork process executes and exec to replace fork process with the target child process.

echo $$
echo $$ $PPID

Switch to zsh or any other shell

echo $$
echo $$ $PPID
exec bash
echo $$ $PPID


ps fx

ColumnDescription
PIDProcess ID.
TTYTerminal from where the process has started
STATState and Signals (High/Low priorities,Stop/Idle conditions)
TIMECPU time in minutes and seconds.
COMMANDThe command for which process has started

To check a particular process (filter specific process)

ps fx | grep bash

With other options

ps -ef

We will see output in different format


Get the process id

Directly grep the process

pgrep bash

pstree    # Process there child along with how many processes in tree format
pstree -p   # Show PID with tree format
pstree -p -u username   # Show PID and user

sleep process will run on background

sleep 200 &
  • -p option means PID

  • -s option means process and the number is the PID of sleep which is running on background

pstree -p -s 8379
ps -C sleep

To kill the process

kill 8379

Now, if we check the state of that process

ps fx | grep 8379

State CodeMeaning
DUninterruptible sleep (usually I/O).
RRunning or runnable (on run queue).
SInterruptible sleep (waiting for an event to complete).
TStopped (by a job control signal or being traced).
WPaging (not valid since kernel 2.6.x).
XDead (should never be seen).
ZZombie (terminated but not reaped by parent).
IIdle state.

Additional Flags(For BSD formats & when the state keyword is used,additional characters may display):

FlagDescription
<High priority (not nice to other users).
NLow priority (nice to other users).
LPages locked into memory (for real-time I/O).
sSession leader.
lMulti-threaded (e.g., NPTL threads).
+Foreground process group.

Here are the different values that the s, stat and state output specifies (header "STAT" or "S") will display to describe the state of process


kill -15 <PID>
kill -9 <PID>
pkill <process_name>
killall <process_name>


kill -l
SignalNameDescription
1SIGHUPReload configuration file.
9SIGKILLForcefully kill a process.
15SIGTERMTerminate a process gracefully.
18SIGCONTResume a stopped process.
19SIGSTOPStop a process (can be resumed).

By default kill means kill -15

Let, us see the most used signals one by one

1 SIGHUP : The process should re-read it's configuration file.

kill -1 1

This command will re-read init (runit in my case) conf. file

15 SIGTERM : When we run kill command that means kill -15 (standard kill)

sleep 100 &
kill -15 10386

or kill 10386

ps -C sleep

When we kill some process normally, few process did't got killed. So, we kill them from kernel itself.

9 SIGKILL : To kill the process from kernel (sure kill)
The kernel will shoot down the process and as a developer you have no means to intercept a kill -9 signal

sleep 120 &
kill -9 10572
ps -C sleep

In TTY we can see Killed , Terminate and Killed are not same

Now, it's not so much in use but in case you have to see the system calls

It, may not installed by default in some distros


  • Monitor system calls of a process.
strace -p <PID>

sleep 120 &
strace -p 7430
kill -9 7430
strace -p 7430

18 SIGCONT : To start any process
19 SIGSTOP : To stop the process (we can resume it later)

sleep 280 &

process stopped

kill -19 10744

process started

kill -18 10744
ps -C sleep


Kill a process it's name (pkill)

sleep 160 &
sleep 280 &
pkill sleep
jobs
ps -C sleep

No sleep processes running all sleep process are killed


sleep 120 &
sleep 200 &

In new terminal

top
killall sleep top


These commands and tools enable efficient management of Linux processes, from viewing and monitoring to killing and signaling processes. Use them to optimize your workflow and troubleshoot effectively.