When it comes to Linux administration, one important task is to understand processes and how to manage it. In this guide, we learn about processes in Linux in detail.
Process in Linux
A Process in Linux is a running instance of a program i.e. when a user enters a command, a process is initiated.
A program in execution is called a Process. When you enter a command, the Linux system creates an environment that typically has everything needed for the system to execute that command. The OS tracks the processes with a 5-digit number called process ID or PID.
A process can do concurrent work by creating a lightweight process called a thread. This could be a single-threaded or multi-threaded process.
Every process has its own unique PID which is created by a parent process (except for PID 1).
Types of processes in Linux
Linux supports two kinds of processes, namely
- Foreground process
- Background process
Let us understand them in detail in this section.
Foreground process
In Linux, by default, any process that the user starts will run in the foreground which means that it takes the input from the user and displays the output on the screen or terminal.
Whenever the process is running in the foreground, it is time-consuming since the user has to wait until the process stops else he cannot run any other command during that time period.
Example:
ls
Background process
This process runs in the background without showing the output in the terminal. This enables the user to run any other command from the terminal without having to wait for the other process to get completed.
You need to use the “&” character at the end of the command to enable the process to run in the background.
Example:
ls & 
Process states
The following tables list the important process states:
| Process state | Description |
|---|---|
| Running | This state means that the process is running or it is ready to run the process |
| Sleeping | The process when in this state is waiting for the resources to be available |
| Interruptible sleep | The process will be able to handle signals when received |
| Uninterruptible sleep | The process will never be able to handle any signals when in uninterruptable sleep state |
| Stopped | This process will enter stopped state after completion of the execution and receives stop signal |
| Zombie | In this state, the process is dead but the entry is maintained in the process table |
Process management Commands
There are a lot of commands in Linux to track the running processes. In this section let us understand in detail those commands with examples. Let us get started!!
PS
PS means process state. This command is used to list all the currently running processes.
This utility helps to vide the information related to processes running on the system. It reads the process information from virtual files and displays the output.
Syntax
ps [options]Example
Let us check the ps command with an example.
In this example let us see all the processes that are running in the current shell. In the output, you will see the processes running in a shell along with their PID, terminal type, time since the command has been running, and the name of the command that is running in the shell.
PID - The process ID which tracks every process in the Linux system.
TTY - Terminal associated with the process.
TIME - The amount of CPU time used by the process which is the runtime of the process
CMD - The name of the command that the process is running.
ps aux commandThis command is used to monitor the processes running on the Linux system. ps command supports several options out of which aux is one among them. The ps aux command displays the most amount of information related to the current state of the system's running processes. Let us take a look at this command with an example.
ps aux In the output below, you can see it displays information related to the user who has run the command, the percentage of CPU and memory that the respective process is using, the date and time when the process started along with the process ID i.e. PID.
Top
The top command is an alternative to the ps command in Linux. The difference is that the ps command doesn't show the values and statistics in real-time whereas the top command shows the real-time values.
The top command shows the summary information of the system and also it lists the processes which are running in the Linux kernel. Let us take a look at this with an example.
You can see in the output that it opens an interactive command mode where at the top it displays the statistics of the processes along with resource usage and at the end, it shows the list of currently active and running processes in Linux.
You have to press 'q' to exit from the command mode.
PID - Displays the unique process ID
PR - The process priority which indicates that if the number is low, it is of higher priority.
VIRT - Displays the virtual memory usage by the task
% CPU - Shows the amount of CPU usage by the process
% MEM - Shows the memory usage by the process
Kill
In order to stop a process, you can use the kill command. This is a built-in command which can be used by the user to terminate a process manually in Linux. The command will send the signal to a process and in turn terminate the process itself.
Syntax
kill -lIn case, the user does not specify any signal to be sent with the kill command, the system will use the default TERM signal to terminate the process.
In the output below, you can see the various signals available for the user to choose with which he can terminate the process.
You can specify the PID of the command along with kill in order to terminate a specific process. Let us take an example to understand this.
First, let us list all the running processes.
ps
In order to kill a process that is running a bash command, let us use the kill command with PID as shown below.
Syntax
kill pid
kill -9 pidExample
Let us kill the process with PID 24540 which kills the docker process.
kill 24540Alternatively, let us also use the command with the "SIGKILL" signal.
kill -9 24540
Nice
In order to change the priority of the processes you can use the nice command in Linux. The value set as the priority for a process is called the Niceness value. This value can be in the range of -20 to 19.0. The default is 19.0
You can use the ps -l command to check the command's nice value. The value in the 8th column i.e. NI shows the nice value of the processes.
Syntax
nice -n [value] [process name]Example
Let us change the priority of the bash command to 15 and see the results
nice -15 bash
fg and bg
The fg command in Linux is used to put the background job in foreground processes.
Syntax
fg <job_spec>where job_spec can be one of the following
%n: job number
%-: refer to the previous job
Example
Consider you create a custom job that starts the process in the background and lets it sleep for 500 seconds.
We can start the same process in the foreground using the fg command as shown below.
fg %1
The bg command in Linux is used to place the foreground jobs in the background.
Syntax
bg <job_spec>where job_spec can be one of the following
%n: job number
%-: refer to the previous job
Example
Let us take a look at the bg command with an example.
Let us create a process using the sleep command and put it in the background using & character. In the output, you can see that the process has been sent to the background.
pgrep
pgrep is a command line utility in Linux which allows the user to find the process IDs of a running program based on a certain pattern.
Syntax
pgrep [options] <pattern>The command returns 0 if it finds a process and is successful and returns exit code 1 if there is an error.
Example
Let us take an example where we want to find a process that is running a bash process or command.
pgrep bashAs a result of the command execution, it displays the PIDs of the bash process.
You can have different criteria along with the pgrep command to find the PIDs of the running process.
Let us use an option -u to display the process being run by a given user.
Syntax
pgrep -u <user-name> <process-name>Example
Let us get the PID of the processes running docker as the root user with the below command
pgrep -u root docker
pstree
Display the running process in a tree-shaped manner. This helps to easily identify the processes parent-child relationship.
Syntax
pstree [options] [pid or username]Example
pstree
/proc/$PID Folder
You can use /proc/$PID folder to learn more information about a process. Instead of using the inbuilt tools mentioned above, this as an alternative method.
Use ps auxf or pstree to find the PID of the process. Then cat /proc/$PID/<filename> to display information about that specific process.
For example to see the command line arguments:
cat /proc/2957/cmdline
Process Signals
A signal is an event that occurs in response to a specific condition. Whenever a process receives a signal, it takes appropriate action. In Linux, the signal can be sent to a process when the system identifies an event.
Whenever the process receives a signal, it can either execute or block the signal. Linx supports a lot of signals. You can look at different signals available on your system using the below command wherein it displays 64 different signals.
kill -lNext, let us take a look at different signals and understand them in detail.
| Signal Name | Signal Number | Description |
| SIGHUP | 1 | Hangup |
| SIGINT | 2 | Terminal interrupt |
| SIGQUIT | 3 | Terminal quit |
| SIGILL | 4 | Illegal instruction |
| SIGTRAP | 5 | Trace trap |
| SIGIOT | 6 | IOT Trap |
| SIGBUS | 7 | BUS error |
| SIGFPE | 8 | Floating point exception |
| SIGKILL | 9 | Kill |
| SIGUSR1 | 10 | User defined signal 1 |
| SIGSEGV | 11 | Invalid memory segment access |
| SIGUSR2 | 12 | User defined signal 2 |
| SIGPIPE | 13 | Write on a pipe with no reader, Broken pipe |
| SIGALRM | 14 | Alarm clock |
| SIGTERM | 15 | Termination |
| SIGSTKFLT | 16 | Stack fault |
| SIGCHLD | 17 | Child process has stopped or exited, changed |
| SIGCONTv | 18 | Continue executing if stopped |
| SIGSTOP | 19 | Stop executing |
| SIGTSTP | 20 | Terminal stop signal |
| SIGTTIN | 21 | Background process trying to read, from TTY |
| SIGTTOU | 22 | Background process trying to write, to TTY |
| SIGURG | 23 | Urgent condition on socket |
| SIGXCPU | 24 | CPU limit exceeded |
| SIGXFSZ | 25 | File size limit exceeded |
| SIGVTALRM | 26 | Virtual alarm clock |
| SIGPROF | 27 | Profiling alarm clock |
| SIGWINCH | 28 | Window size change |
| SIGIO | 29 | I/O now possible |
| SIGPWR | 30 | Power failure restart |
How a new process starts in Linux
A new process in Linux can be started by using the fork() system call. The fork() creates a new process from an existing process. In Linux, the existing process is called a parent process and the process that is newly created is called the child process.
The child process will have the same environment as its parent except for the PID number. The process is called forking.
You can get the process ID of both the parent and child processes using getppid() and getpid() system calls respectively.
Let us understand this with an example by creating a child process using the fork() system call
#include <unistd.h>
#include <sys/types.h>
#include <stdio.h>
int main( ){
pid_t child_pid;
child_pid = fork (); // Create a new child process;
if (child_pid < 0) {
printf("fork failed");
return 1;
} else if (child_pid == 0) {
printf ("child process successfully created!");
printf ("child_PID = %d,parent_PID = %d", getpid(), getppid( ) );
} else {
wait(NULL);
printf ("parent process successfully created!");
printf ("child_PID = %d, parent_PID = %d", getpid( ), getppid( ) );
}
return 0;
}pid_t is a data type that indicates the process ID which is a unique number. We invoke the system call fork() which creates a new process from the calling process. In this case, the calling process is called as parent process and the new process is the child process.
The fork() system call is located in <sys/types.h> library which returns a negative value if the process is not created and returns zero if the child process is created.
Save the code, compile, run the code and see the results. You can see that the child process has been created successfully with PID 29951 and the parent process has PID 29950.
Conclusion
Understanding applications and its process are vital for system administrators and developers. Generally comes helpful to list, kill, or move between the background/foreground of the processes.
Thanks for reading so far, please add your feedback and suggestions in the comment section.
About The Author
Bobbin Zachariah
Bobbin Zachariah is an experienced Linux engineer who has been supporting infrastructure for many companies. He specializes in Shell scripting, AWS Cloud, JavaScript, and Nodejs. He has qualified Master’s degree in computer science. He holds Red Hat Certified Engineer (RHCE) certification and RedHat Enable Sysadmin.
Comments