What is a process in Linux

Last updated: November 8, 2022 | Bobbin Zachariah

When it comes to Linux administration, one important task is to understand processes and how to manage it. In this guide, we learn about processes in Linux in detail.

Process in Linux

A Process in Linux is a running instance of a program i.e. when a user enters a command, a process is initiated.

A program in execution is called a Process. When you enter a command, the Linux system creates an environment that typically has everything needed for the system to execute that command. The OS tracks the processes with a 5-digit number called process ID or PID.

A process can do concurrent work by creating a lightweight process called a thread. This could be a single-threaded or multi-threaded process.

Every process has its own unique PID which is created by a parent process (except for PID 1).

Types of processes in Linux

Linux supports two kinds of processes, namely

  • Foreground process
  • Background process

Let us understand them in detail in this section.

Foreground process

In Linux, by default, any process that the user starts will run in the foreground which means that it takes the input from the user and displays the output on the screen or terminal.

Whenever the process is running in the foreground, it is time-consuming since the user has to wait until the process stops else he cannot run any other command during that time period.

Example:

ls
Foreground process listing files

Background process

This process runs in the background without showing the output in the terminal. This enables the user to run any other command from the terminal without having to wait for the other process to get completed.


You need to use the “&” character at the end of the command to enable the process to run in the background.

Example:

ls & 
enable ls command to run in background

Process states

The following tables list the important process states:

Process stateDescription
RunningThis state means that the process is running or it is ready to run the process
SleepingThe process when in this state is waiting for the resources to be available
Interruptible sleepThe process will be able to handle signals when received
Uninterruptible sleepThe process will never be able to handle any signals when in uninterruptable sleep state
StoppedThis process will enter stopped state after completion of the execution and receives stop signal
ZombieIn this state, the process is dead but the entry is maintained in the process table

Process management Commands

There are a lot of commands in Linux to track the running processes. In this section let us understand in detail those commands with examples. Let us get started!!

PS

PS means process state. This command is used to list all the currently running processes.

This utility helps to vide the information related to processes running on the system. It reads the process information from virtual files and displays the output.

Syntax

ps [options]

Example

Let us check the ps command with an example.

In this example let us see all the processes that are running in the current shell. In the output, you will see the processes running in a shell along with their PID, terminal type, time since the command has been running, and the name of the command that is running in the shell.

PID - The process ID which tracks every process in the Linux system.

TTY - Terminal associated with the process.

TIME - The amount of CPU time used by the process which is the runtime of the process

CMD - The name of the command that the process is running.

list running processes using ps command
ps aux command

This command is used to monitor the processes running on the Linux system. ps command supports several options out of which aux is one among them. The ps aux command displays the most amount of information related to the current state of the system's running processes. Let us take a look at this command with an example.

ps aux 

In the output below, you can see it displays information related to the user who has run the command, the percentage of CPU and memory that the respective process is using, the date and time when the process started along with the process ID i.e. PID.

output of ps aux

Top

The top command is an alternative to the ps command in Linux. The difference is that the ps command doesn't show the values and statistics in real-time whereas the top command shows the real-time values.

The top command shows the summary information of the system and also it lists the processes which are running in the Linux kernel. Let us take a look at this with an example.

You can see in the output that it opens an interactive command mode where at the top it displays the statistics of the processes along with resource usage and at the end, it shows the list of currently active and running processes in Linux.

You have to press 'q' to exit from the command mode.

PID - Displays the unique process ID

PR - The process priority which indicates that if the number is low, it is of higher priority.

VIRT - Displays the virtual memory usage by the task

% CPU - Shows the amount of CPU usage by the process

% MEM - Shows the memory usage by the process

Kill

In order to stop a process, you can use the kill command. This is a built-in command which can be used by the user to terminate a process manually in Linux. The command will send the signal to a process and in turn terminate the process itself.

Syntax

kill -l

In case, the user does not specify any signal to be sent with the kill command, the system will use the default TERM signal to terminate the process.

In the output below, you can see the various signals available for the user to choose with which he can terminate the process.

You can specify the PID of the command along with kill in order to terminate a specific process. Let us take an example to understand this.

First, let us list all the running processes.

ps
find the process

In order to kill a process that is running a bash command, let us use the kill command with PID as shown below.

Syntax

kill pid
kill -9 pid

Example

Let us kill the process with PID 24540 which kills the docker process.

kill 24540

Alternatively, let us also use the command with the "SIGKILL" signal.

kill -9 24540
kill command followed signal and process

Nice

In order to change the priority of the processes you can use the nice command in Linux. The value set as the priority for a process is called the Niceness value. This value can be in the range of -20 to 19.0. The default is 19.0

You can use the ps -l command to check the command's nice value. The value in the 8th column i.e. NI shows the nice value of the processes.

get nice value of the processes

Syntax

nice -n [value] [process name]

Example

Let us change the priority of the bash command to 15 and see the results

nice -15 bash

fg and bg

The fg command in Linux is used to put the background job in foreground processes.

Syntax

fg <job_spec>

where job_spec can be one of the following

%n: job number

%-: refer to the previous job

Example

Consider you create a custom job that starts the process in the background and lets it sleep for 500 seconds.

start process and sleep for 500 seconds

We can start the same process in the foreground using the fg command as shown below.

fg %1
start the process in foreground

The bg command in Linux is used to place the foreground jobs in the background.

Syntax

bg <job_spec>

where job_spec can be one of the following

%n: job number

%-: refer to the previous job

Example

Let us take a look at the bg command with an example.

Let us create a process using the sleep command and put it in the background using & character. In the output, you can see that the process has been sent to the background.

pgrep

pgrep is a command line utility in Linux which allows the user to find the process IDs of a running program based on a certain pattern.

Syntax

pgrep [options] <pattern>

The command returns 0 if it finds a process and is successful and returns exit code 1 if there is an error.

Example

Let us take an example where we want to find a process that is running a bash process or command.

pgrep bash

As a result of the command execution, it displays the PIDs of the bash process.

You can have different criteria along with the pgrep command to find the PIDs of the running process.

Let us use an option -u to display the process being run by a given user.

Syntax

pgrep -u <user-name> <process-name>

Example

Let us get the PID of the processes running docker as the root user with the below command

pgrep -u root docker
get pid of a process using pgrep

pstree

Display the running process in a tree-shaped manner. This helps to easily identify the processes parent-child relationship.

Syntax

pstree [options] [pid or username]

Example

pstree
listing the running process in a tree-shaped manner

/proc/$PID Folder

You can use /proc/$PID folder to learn more information about a process. Instead of using the inbuilt tools mentioned above, this as an alternative method.

Use ps auxf or pstree to find the PID of the process. Then cat /proc/$PID/<filename> to display information about that specific process.

For example to see the command line arguments:

cat /proc/2957/cmdline
display information about a process under /proc folder

Process Signals

A signal is an event that occurs in response to a specific condition. Whenever a process receives a signal, it takes appropriate action. In Linux, the signal can be sent to a process when the system identifies an event.

Whenever the process receives a signal, it can either execute or block the signal. Linx supports a lot of signals. You can look at different signals available on your system using the below command wherein it displays 64 different signals.

kill -l

Next, let us take a look at different signals and understand them in detail.

Signal NameSignal NumberDescription
SIGHUP1Hangup 
SIGINT2Terminal interrupt 
SIGQUIT3Terminal quit 
SIGILL4Illegal instruction 
SIGTRAP5Trace trap 
SIGIOT6IOT Trap 
SIGBUS7BUS error 
SIGFPE8Floating point exception 
SIGKILL9Kill
SIGUSR110User defined signal 1 
SIGSEGV11Invalid memory segment access 
SIGUSR212User defined signal 2 
SIGPIPE13Write on a pipe with no reader, Broken pipe 
SIGALRM14Alarm clock 
SIGTERM15Termination 
SIGSTKFLT16Stack fault
SIGCHLD17Child process has stopped or exited, changed 
SIGCONTv18Continue executing if stopped 
SIGSTOP19Stop executing
SIGTSTP20Terminal stop signal 
SIGTTIN21Background process trying to read, from TTY 
SIGTTOU22Background process trying to write, to TTY 
SIGURG23Urgent condition on socket 
SIGXCPU24CPU limit exceeded 
SIGXFSZ25File size limit exceeded 
SIGVTALRM26Virtual alarm clock 
SIGPROF27Profiling alarm clock 
SIGWINCH28Window size change 
SIGIO29I/O now possible 
SIGPWR30Power failure restart 

How a new process starts in Linux

A new process in Linux can be started by using the fork() system call. The fork() creates a new process from an existing process. In Linux, the existing process is called a parent process and the process that is newly created is called the child process.

The child process will have the same environment as its parent except for the PID number. The process is called forking.

You can get the process ID of both the parent and child processes using getppid() and getpid() system calls respectively.

Let us understand this with an example by creating a child process using the fork() system call

#include <unistd.h>
#include <sys/types.h>
#include <stdio.h>
int main( ){
   pid_t child_pid;
   child_pid = fork (); // Create a new child process;
   if (child_pid < 0) {
      printf("fork failed");
      return 1;
   } else if (child_pid == 0) {
      printf ("child process successfully created!");
      printf ("child_PID = %d,parent_PID = %d", getpid(), getppid( ) );
   } else {
      wait(NULL);
      printf ("parent process successfully created!");
      printf ("child_PID = %d, parent_PID = %d", getpid( ), getppid( ) );
   }
   return 0;
}

pid_t is a data type that indicates the process ID which is a unique number. We invoke the system call fork() which creates a new process from the calling process. In this case, the calling process is called as parent process and the new process is the child process.

The fork() system call is located in <sys/types.h> library which returns a negative value if the process is not created and returns zero if the child process is created.

Save the code, compile, run the code and see the results. You can see that the child process has been created successfully with PID 29951 and the parent process has PID 29950.

start a new process

Conclusion

Understanding applications and its process are vital for system administrators and developers. Generally comes helpful to list, kill, or move between the background/foreground of the processes.

Thanks for reading so far, please add your feedback and suggestions in the comment section.

SHARE

Comments

Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment