Table of contents
- Key Terminology
- Parent and Child Processes
- Common Commands
- Display Current Processes
- Check PID of your Current Shell
- Display PID of Parent Process
- Display Both Current and Parent PIDs
- Determine Shell Level
- pidof command
- To see all the processes in system
- View Processes in Tree Format
- Process States (Check details of particular process)
- Killing Processes
- Standard Kill
- Force Kill
- Kill by Name
- Kill Multiple Processes
- Signals in kill Command
- Additional Tools
- strace
- Kill a process it's name (pkill)
A Linux process is an instance of a program in execution. When you open an application or run a command on your Linux system, a process is created to carry out that specific task. Each process operates independently with its own set of resources, including memory, CPU time, and open files.
Key Terminology
Term | Description |
PID | Process ID, a unique identifier for each process. |
PPID | Parent Process ID, identifying the process that started a given process. |
TTY | Terminal type associated with the user. |
TIME | CPU time (minutes and seconds) that a process has been running. |
CMD | Name of the command that launched the process. |
Parent and Child Processes
Each process has a PID (Process ID).
Every process has a parent process (PPID).
The init process (e.g., systemd, runit, openrc, s6, dinit) has a PID of
1
as it is the first process to boot your Linux system. If unsure, your system likely uses systemd.When you want a process to die you can kill it.
Process that starts at system startup and keeps on running forever are called daemon. The daemon never dies
When a process is killed but it is still showing up in the system then that process is known as zombie. You can't kill zombie coz they are already dead Zombie processes never occupy the resources like CPU or RAM, only an entry remains in the process but these process are already killed.
Common Commands
Display Current Processes
ps
Example Output:
We will can see two processes one is current shell and another one is the ps command itself that we just entered.
Column | Description |
PID | Process ID. |
TTY | Terminal type. |
TIME | CPU time in minutes and seconds. |
CMD | Name of the command that launched the process. |
Check PID of your Current Shell
echo $$
Display PID of Parent Process
echo $PPID
Prints PID with the process name
ps -C bash
Display Both Current and Parent PIDs
echo $$ $PPID
first id is current and second id is parent id
Determine Shell Level
echo $SHLVL
Example Output:
The parent will always have less number as PID, coz parent came first. (parent will start the child process, so always the PID of parent is less in number.)
pidof command
Find the process ID of a running program
pidof bash
Remember, we discussed about init process that PID is 1 as it is the first process executes when we power on the machine, in my case i am running runit as my init , in your case it will be systemd
pidof runit
When a process starts another process in two phases First the process create a fork of itself then a identical copy, then the fork process executes and exec to replace fork process with the target child process.
echo $$
echo $$ $PPID
Switch to zsh or any other shell
echo $$
echo $$ $PPID
exec bash
echo $$ $PPID
To see all the processes in system
ps fx
Column | Description |
PID | Process ID. |
TTY | Terminal from where the process has started |
STAT | State and Signals (High/Low priorities,Stop/Idle conditions) |
TIME | CPU time in minutes and seconds. |
COMMAND | The command for which process has started |
To check a particular process (filter specific process)
ps fx | grep bash
With other options
ps -ef
We will see output in different format
Get the process id
Directly grep the process
pgrep bash
View Processes in Tree Format
pstree # Process there child along with how many processes in tree format
pstree -p # Show PID with tree format
pstree -p -u username # Show PID and user
Process States (Check details of particular process)
sleep process will run on background
sleep 200 &
-p option means PID
-s option means process and the number is the PID of sleep which is running on background
pstree -p -s 8379
ps -C sleep
To kill the process
kill 8379
Now, if we check the state of that process
ps fx | grep 8379
State Code | Meaning |
D | Uninterruptible sleep (usually I/O). |
R | Running or runnable (on run queue). |
S | Interruptible sleep (waiting for an event to complete). |
T | Stopped (by a job control signal or being traced). |
W | Paging (not valid since kernel 2.6.x). |
X | Dead (should never be seen). |
Z | Zombie (terminated but not reaped by parent). |
I | Idle state. |
Additional Flags(For BSD formats & when the state keyword is used,additional characters may display):
Flag | Description |
< | High priority (not nice to other users). |
N | Low priority (nice to other users). |
L | Pages locked into memory (for real-time I/O). |
s | Session leader. |
l | Multi-threaded (e.g., NPTL threads). |
+ | Foreground process group. |
Here are the different values that the s, stat and state output specifies (header "STAT" or "S") will display to describe the state of process
Killing Processes
Standard Kill
kill -15 <PID>
Force Kill
kill -9 <PID>
Kill by Name
pkill <process_name>
Kill Multiple Processes
killall <process_name>
Signals in kill
Command
kill -l
Signal | Name | Description |
1 | SIGHUP | Reload configuration file. |
9 | SIGKILL | Forcefully kill a process. |
15 | SIGTERM | Terminate a process gracefully. |
18 | SIGCONT | Resume a stopped process. |
19 | SIGSTOP | Stop a process (can be resumed). |
By default kill means kill -15
Let, us see the most used signals one by one
1 SIGHUP : The process should re-read it's configuration file.
kill -1 1
This command will re-read init (runit in my case) conf. file
15 SIGTERM : When we run kill command that means kill -15 (standard kill)
sleep 100 &
kill -15 10386
or kill 10386
ps -C sleep
When we kill some process normally, few process did't got killed. So, we kill them from kernel itself.
9 SIGKILL : To kill the process from kernel (sure kill)
The kernel will shoot down the process and as a developer you have no means to intercept a kill -9 signal
sleep 120 &
kill -9 10572
ps -C sleep
In TTY we can see Killed , Terminate and Killed are not same
Now, it's not so much in use but in case you have to see the system calls
It, may not installed by default in some distros
Additional Tools
strace
- Monitor system calls of a process.
strace -p <PID>
sleep 120 &
strace -p 7430
kill -9 7430
strace -p 7430
18 SIGCONT : To start any process
19 SIGSTOP : To stop the process (we can resume it later)
sleep 280 &
process stopped
kill -19 10744
process started
kill -18 10744
ps -C sleep
Kill a process it's name (pkill)
sleep 160 &
sleep 280 &
pkill sleep
jobs
ps -C sleep
No sleep processes running all sleep process are killed
Kill Multiple processes (killall)
sleep 120 &
sleep 200 &
In new terminal
top
killall sleep top
Summary
These commands and tools enable efficient management of Linux processes, from viewing and monitoring to killing and signaling processes. Use them to optimize your workflow and troubleshoot effectively.