Перейти к содержанию

Process Management

In this chapter, you will learn how to work with processes.


Objectives: In this chapter, future Linux administrators will learn how to:

✔ Recognize the PID and PPID of a process;
✔ View and search for processes;
✔ Manage processes.

🏁 process, linux

Knowledge: ⭐ ⭐
Complexity: ⭐

Reading time: 20 minutes


Generalities

An operating system consists of processes. These processes are executed in a specific order and are related. There are two categories of processes, those focused on the user environment and those focused on the hardware environment.

When a program runs, the system will create a process by placing the program data and code in memory and creating a runtime stack. A process is an instance of a program with an associated processor environment (ordinal counter, registers, etc...) and memory environment.

Each process has:

  • a PID: Process IDentifier, a unique process identifier
  • a PPID: Parent Process IDentifier, unique identifier of parent process

By successive filiations, the init process is the father of all processes.

  • A parent process always creates a process
  • A parent process can have multiple child processes

There is a parent/child relationship between processes. A child process results from the parent calling the fork() primitive and duplicating its code to create a child. The PID of the child is returned to the parent process so that it can talk to it. Each child has its parent's identifier, the PPID.

The PID number represents the process at the time of execution. When the process finishes, the number is available again for another process. Running the same command several times will produce a different PID each time.

Note

Processes are not to be confused with threads. Each process has its memory context (resources and address space), while threads from the same process share this context.

Viewing processes

The ps command displays the status of running processes.

ps [-e] [-f] [-u login]

Example:

# ps -fu root
OptionDescription
-eDisplays all processes.
-fDisplays full format list.
-u loginDisplays the user's processes.

Some additional options:

OptionDescription
-gDisplays the processes in the group.
-t ttyDisplays the processes running from the terminal.
-p PIDDisplays the process information.
-HDisplays the information in a tree structure.
-lDisplays in long format.
--sort COLSort the result according to a column.
--headersDisplays the header on each terminal page.
--format "%a %b %c"Customize the output display format.

Without an option specified, the ps command only displays processes running from the current terminal.

The result is displayed in the following columns:

# ps -ef
UID  PID PPID C STIME  TTY TIME      CMD
root 1   0    0 Jan01  ?   00:00/03  /sbin/init
ColumnDescription
UIDOwner user.
PIDProcess identifier.
PPIDParent process identifier.
CPriority of the process.
STIMEDate and time of execution.
TTYExecution terminal.
TIMEProcessing duration.
CMDCommand executed.

The behavior of the control can be fully customized:

# ps -e --format "%P %p %c %n" --sort ppid --headers
 PPID   PID COMMAND          NI
    0     1 systemd           0
    0     2 kthreadd          0
    1   516 systemd-journal   0
    1   538 systemd-udevd     0
    1   598 lvmetad           0
    1   643 auditd           -4
    1   668 rtkit-daemon      1
    1   670 sssd              0

Types of processes

The user process:

  • is started from a terminal associated with a user
  • accesses resources via requests or daemons

The system process (daemon):

  • is started by the system
  • is not associated with any terminal and is owned by a system user (often root)
  • is loaded at boot time, resides in memory, and is waiting for a call
  • is usually identified by the letter d associated with the process name

System processes are therefore called daemons (D*isk And Execution MON*itor).

Permissions and rights

The user's credentials are passed to the created process when a command is executed.

By default, the process's actual UID and GID (of the process) are identical to the actual UID and GID (the UID and GID of the user who executed the command).

When a SUID (and/or SGID) is set on a command, the actual UID (and/or GID) becomes that of the owner (and/or owner group) of the command and no longer that of the user or user group that issued the command. Effective and real UIDs are therefore different.

Each time a file is accessed, the system checks the rights of the process according to its effective identifiers.

Process management

A process cannot be run indefinitely, as this would be to the detriment of other running processes and would prevent multitasking.

Therefore, the total processing time available is divided into small ranges, and each process (with a priority) accesses the processor sequentially. The process will take several states during its life among the states:

  • ready: waiting for the availability of the process
  • in execution: accesses the processor
  • suspended: waiting for an I/O (input/output)
  • stopped: waiting for a signal from another process
  • zombie: request for destruction
  • dead: the parent process ends the child process

The end-of-process sequencing is as follows:

  1. Closing of the open files
  2. Release of the used memory
  3. Sending a signal to the parent and child processes

When a parent process dies, their children are said to be orphans. They are then adopted by the init process, which will destroy them.

The priority of a process

GNU/Linux belongs to the family of time-sharing operating systems. Processors work in a time-sharing manner, and each process takes up some processor time. Processes are classified by priority:

  • Real-time process: the process with priority of 0-99 is scheduled by real-time scheduling algorithm.
  • Ordinary processes: processes with dynamic priorities of 100-139 are scheduled using a fully fair scheduling algorithm.
  • Nice value: a parameter used to adjust the priority of an ordinary process. The range is -20-19.

The default priority of a process is 0.

Modes of operation

Processes can run in two ways:

  • synchronous: the user loses access to the shell during command execution. The command prompt reappears at the end of the process execution.
  • asynchronous: the process is processed in the background. The command prompt is displayed again immediately.

The constraints of the asynchronous mode:

  • the command or script must not wait for keyboard input
  • the command or script must not return any result on the screen
  • quitting the shell ends the process

Process management controls

kill command

The kill command sends a stop signal to a process.

kill [-signal] PID

Example:

kill -9 1664
CodeSignalDescription
2SIGINTImmediate termination of the process
9SIGKILLInterrupts the process (Ctrl+d)
15SIGTERMClean termination of the process
18SIGCONTResumes the process. Processes that use the SIGSTOP signal can use it to continue running
19SIGSTOPSuspends the process (Stops process). The effect of this signal is equivalent to Ctrl+z

Signals are the means of communication between processes. The kill command sends a signal to a process.

Tip

The complete list of signals taken into account by the kill command is available by typing the command:

$ man 7 signal

nohup command

nohup allows the launching of a process independently of a connection.

nohup command

Example:

nohup myprogram.sh 0</dev/null &

nohup ignores the SIGHUP signal sent when a user logs out.

Note

nohup handles standard output and error but not standard input, hence the redirection of this input to /dev/null.

[Ctrl] + [z]

The synchronous process is temporarily suspended by pressing the Ctrl+z keys simultaneously. Access to the prompt is restored after displaying the number of the process that has just been suspended.

& instruction

The & statement executes the command asynchronously (the command is then called job) and displays the number of job. Access to the prompt is then returned.

Example:

$ time ls -lR / > list.ls 2> /dev/null &
[1] 15430
$

The job number is obtained during background processing and is displayed in square brackets, followed by the PID number.

fg and bg commands

The fg command puts the process in the foreground:

$ time ls -lR / > list.ls 2>/dev/null &
$ fg 1
time ls -lR / > list.ls 2/dev/null

while the command bg places it in the background:

[CTRL]+[Z]
^Z
[1]+ Stopped
$ bg 1
[1] 15430
$

Whether it was put in the background when it was created with the & argument or later with the Ctrl+z keys, a process can be brought back to the foreground with the fg command and its job number.

jobs command

The jobs command displays the list of processes running in the background and specifies their job number.

Example:

$ jobs
[1]- Running    sleep 1000
[2]+ Running    find / > arbo.txt

The columns represent:

  1. job number
  2. the order that the processes run:

  3. a + : The process selected by default for the fg and bg commands when no job number is specified

  4. a - : This process is the next process to take the +

  5. Running (running process) or Stopped (suspended process)

  6. the command

nice and renice commands

The command nice allows the execution of a command by specifying its priority.

nice priority command

Usage example:

nice --adjustment=-5 find / -name "file"

nice -n -5 find / -name "file"

nice --5 find / -name "file"

nice -n 5 find / -name "file"

nice find / -name "file"

Unlike root, a standard user can only reduce the priority of a process and only values between 0 and 19 will be accepted.

As shown in the example above, the first three commands indicate setting the Nice value to "-5", while the second command is our recommended usage. The fourth command indicates setting the Nice value to "5". For the fifth command, not typing any options means that the Nice value is set to "10".

Tip

"Nice" is the abbreviation for "niceness".

Directly typing the nice command will return the Nice value of the current shell.

You can lift the Nice value limit for each user or group by modifying the /etc/security/limits.conf file.

The renice command allows you to change the priority of a running process.

renice priority [-g GID] [-p PID] [-u UID]

Example:

renice -n 15 -p 1664
OptionDescription
-gGID of the process owner group.
-pPID of the process.
-uUID of the process owner.

The renice command acts on existing processes. Therefore, it is possible to change the priority of a specific process and several processes belonging to a user or a group.

Tip

The pidof command, coupled with the xargs command (see the Advanced Commands course), allows a new priority to be applied in a single command:

$ pidof sleep | xargs renice -n 20

To adapt to different distributions, you should try to use command forms such as nice -n 5 or renice -n 6 as much as possible.

top command

The top command displays the processes and their resource consumption.

$ top
PID  USER PR NI ... %CPU %MEM  TIME+    COMMAND
2514 root 20 0       15    5.5 0:01.14   top
ColumnDescription
PIDProcess identifier.
USEROwner user.
PRProcess priority.
NINice value.
%CPUProcessor load.
%MEMMemory load.
TIME+Processor usage time.
COMMANDCommand executed.

The top command allows control of the processes in real-time and in interactive mode.

pgrep and pkill commands

The pgrep command searches the running processes for a process name and displays the PID matching the selection criteria on the standard output.

The pkill command will send each process the specified signal (by default SIGTERM).

pgrep process
pkill [option] [-signal] process

Examples:

  • Get the process number from sshd:
pgrep -u root sshd
  • Kill all tomcat processes:
pkill tomcat

Note

Before you kill a process, it's best to know exactly what it is for; otherwise, it can lead to system crashes or other unpredictable problems.

In addition to sending signals to the relevant processes, the pkill command can also end the user's connection session according to the terminal number, such as:

pkill -t pts/1

killall command

This command's function is roughly the same as that of the pkill command. The usage is —killall [option] [ -s SIGNAL | -SIGNAL ] NAME. The default signal is SIGTERM.

OptionsDescription
-llists all known signal names
-iasks for confirmation before killing
-Icase insensitive process name match

Example:

killall tomcat

pstree command

This command displays the progress in a tree style, and its usage is - pstree [option].

OptionDescription
-pDisplays the PID of the process
-nsorts output by PID
-hhighlights the current process and its ancestors
-ushows uid transitions
$ pstree -pnhu
systemd(1)─┬─systemd-journal(595)
           ├─systemd-udevd(625)
           ├─auditd(671)───{auditd}(672)
           ├─dbus-daemon(714,dbus)
           ├─NetworkManager(715)─┬─{NetworkManager}(756)
                                └─{NetworkManager}(757)
           ├─systemd-logind(721)
           ├─chronyd(737,chrony)
           ├─sshd(758)───sshd(1398)───sshd(1410)───bash(1411)───pstree(1500)
           ├─tuned(759)─┬─{tuned}(1376)
                       ├─{tuned}(1381)
                       ├─{tuned}(1382)
                       └─{tuned}(1384)
           ├─agetty(763)
           ├─crond(768)
           ├─polkitd(1375,polkitd)─┬─{polkitd}(1387)
                                  ├─{polkitd}(1388)
                                  ├─{polkitd}(1389)
                                  ├─{polkitd}(1390)
                                  └─{polkitd}(1392)
           └─systemd(1401)───(sd-pam)(1404)

Orphan process and zombie process

orphan process: When a parent process dies, their children are said to be orphans. The init process adopts these special state processes, and status collection is completed until they are destroyed. Conceptually speaking, the orphanage process does not pose any harm.

zombie process: After a child process completes its work and is terminated, its parent process needs to call the signal processing function wait() or waitpid() to obtain the termination status of the child process. If the parent process does not do so, although the child process has already exited, it still retains some exit status information in the system process table. Because the parent process cannot obtain the status information of the child process, these processes will continue to occupy resources in the process table. We refer to processes in this state as zombies.

Hazard:

  • They are occupying system resources and causing a decrease in machine performance.
  • Unable to generate new child processes.

How can we check for any zombie processes in the current system?

ps -lef | awk '{print $2}' | grep Z

These characters may appear in this column:

  • D - uninterruptible sleep (usually IO)
  • I - Idle kernel thread
  • R - running or runnable (on run queue)
  • S - interruptible sleep (waiting for an event to complete)
  • T - stopped by job control signal
  • t - stopped by debugger during the tracing
  • W - paging (not valid since the 2.6.xx kernel)
  • X - dead (should never be seen)
  • Z - defunct ("zombie") process, terminated but not reaped by its parent