Linux Process Management

Linux Process Management

A Linux process is an instance of a program in execution. When you open an application or run a command on your Linux system, a process is created to carry out that specific task. Each process operates independently with its own set of resources, including memory, CPU time, and open files.


Key Terminology

TermDescription
PIDProcess ID, a unique identifier for each process.
PPIDParent Process ID, identifying the process that started a given process.
TTYTerminal type associated with the user.
TIMECPU time (minutes and seconds) that a process has been running.
CMDName of the command that launched the process.

Parent and Child Processes

  • Each process has a PID (Process ID).

  • Every process has a parent process (PPID).

    The init process (e.g., systemd, runit, openrc, s6, dinit) has a PID of 1 as it is the first process to boot your Linux system. If unsure, your system likely uses systemd.

    • When you want a process to die you can kill it.

    • Process that starts at system startup and keeps on running forever are called daemon. The daemon never dies

    • When a process is killed but it is still showing up in the system then that process is known as zombie. You can't kill zombie coz they are already dead Zombie processes never occupy the resources like CPU or RAM, only an entry remains in the process but these process are already killed.


Common Commands

Display Current Processes

ps

Example Output:

We will can see two processes one is current shell and another one is the ps command itself that we just entered.

ColumnDescription
PIDProcess ID.
TTYTerminal type.
TIMECPU time in minutes and seconds.
CMDName of the command that launched the process.

Check PID of your Current Shell

echo $$

Display PID of Parent Process

echo $PPID

Prints PID with the process name

ps -C bash

Display Both Current and Parent PIDs

echo $$ $PPID

first id is current and second id is parent id


Determine Shell Level

echo $SHLVL

Example Output:

The parent will always have less number as PID, coz parent came first. (parent will start the child process, so always the PID of parent is less in number.)


pidof command

Find the process ID of a running program

pidof bash

Remember, we discussed about init process that PID is 1 as it is the first process executes when we power on the machine, in my case i am running runit as my init , in your case it will be systemd

pidof runit


When a process starts another process in two phases First the process create a fork of itself then a identical copy, then the fork process executes and exec to replace fork process with the target child process.

echo $$
echo $$ $PPID

Switch to zsh or any other shell

echo $$
echo $$ $PPID
exec bash
echo $$ $PPID


To see all the processes in system

ps fx

ColumnDescription
PIDProcess ID.
TTYTerminal from where the process has started
STATState and Signals (High/Low priorities,Stop/Idle conditions)
TIMECPU time in minutes and seconds.
COMMANDThe command for which process has started

To check a particular process (filter specific process)

ps fx | grep bash

With other options

ps -ef

We will see output in different format


Get the process id

Directly grep the process

pgrep bash

View Processes in Tree Format

pstree    # Process there child along with how many processes in tree format
pstree -p   # Show PID with tree format
pstree -p -u username   # Show PID and user

Process States (Check details of particular process)

sleep process will run on background

sleep 200 &
  • -p option means PID

  • -s option means process and the number is the PID of sleep which is running on background

pstree -p -s 8379
ps -C sleep

To kill the process

kill 8379

Now, if we check the state of that process

ps fx | grep 8379

State CodeMeaning
DUninterruptible sleep (usually I/O).
RRunning or runnable (on run queue).
SInterruptible sleep (waiting for an event to complete).
TStopped (by a job control signal or being traced).
WPaging (not valid since kernel 2.6.x).
XDead (should never be seen).
ZZombie (terminated but not reaped by parent).
IIdle state.

Additional Flags(For BSD formats & when the state keyword is used,additional characters may display):

FlagDescription
<High priority (not nice to other users).
NLow priority (nice to other users).
LPages locked into memory (for real-time I/O).
sSession leader.
lMulti-threaded (e.g., NPTL threads).
+Foreground process group.

Here are the different values that the s, stat and state output specifies (header "STAT" or "S") will display to describe the state of process


Killing Processes

Standard Kill

kill -15 <PID>

Force Kill

kill -9 <PID>

Kill by Name

pkill <process_name>

Kill Multiple Processes

killall <process_name>


Signals in kill Command

kill -l
SignalNameDescription
1SIGHUPReload configuration file.
9SIGKILLForcefully kill a process.
15SIGTERMTerminate a process gracefully.
18SIGCONTResume a stopped process.
19SIGSTOPStop a process (can be resumed).

By default kill means kill -15

Let, us see the most used signals one by one

1 SIGHUP : The process should re-read it's configuration file.

kill -1 1

This command will re-read init (runit in my case) conf. file

15 SIGTERM : When we run kill command that means kill -15 (standard kill)

sleep 100 &
kill -15 10386

or kill 10386

ps -C sleep

When we kill some process normally, few process did't got killed. So, we kill them from kernel itself.

9 SIGKILL : To kill the process from kernel (sure kill)
The kernel will shoot down the process and as a developer you have no means to intercept a kill -9 signal

sleep 120 &
kill -9 10572
ps -C sleep

In TTY we can see Killed , Terminate and Killed are not same

Now, it's not so much in use but in case you have to see the system calls

It, may not installed by default in some distros


Additional Tools

strace

  • Monitor system calls of a process.
strace -p <PID>

sleep 120 &
strace -p 7430
kill -9 7430
strace -p 7430

18 SIGCONT : To start any process
19 SIGSTOP : To stop the process (we can resume it later)

sleep 280 &

process stopped

kill -19 10744

process started

kill -18 10744
ps -C sleep


Kill a process it's name (pkill)

sleep 160 &
sleep 280 &
pkill sleep
jobs
ps -C sleep

No sleep processes running all sleep process are killed


Kill Multiple processes (killall)

sleep 120 &
sleep 200 &

In new terminal

top
killall sleep top


Summary

These commands and tools enable efficient management of Linux processes, from viewing and monitoring to killing and signaling processes. Use them to optimize your workflow and troubleshoot effectively.