The Linux terminal has a number of useful commands that can display running processes, kill them, and change their priority level.
Parent and Child Processes
Each unix process has two ID numbers assigned to it: The Process ID (pid) and the Parent process ID (ppid). Each user process in the system has a parent process.
Starting a Process
When you start a process (run a command), there are two ways you can run it −
- Foreground Processes
- Background Processes
1. Foreground Processes
By default, every process that you start runs in the foreground. If the command is like “ls” it will print the output, and, exit the command, most likely when a persistent program runs it stays and the terminal actively shows that running, events are displayed in the screen, in other words, the terminal becomes exclusively part of the program.
- cherrytree
- ls
2. Background Processes
A background process runs without being connected to your keyboard. If the background process requires any keyboard input, it waits.
The advantage of running a process in the background is that you can run other commands; you do not have to wait until it completes to start another. Meaning the terminal is no longer exclusive to that newprocess.
& = send program to background
- cherrytree &
Sending a program to foreground or background
fg = send to foreground
bg = send to background
use jobs to list the programs running for that terminal.
- jobs
As we can see the program is running in the foreground
- fg %1
To send it to the background stop it (Ctrl + z) , and then run bg command
- Ctrl + z
- jobs
- bg %1
- jobs
Listing Running processes
PS
1. To show processes use ‘ps’, run in bash
- ps
-f = Do full-format listing.
- ps -f
- UID = User ID that this process belongs to (the person running it)
- PID = Process ID
- PPID = Parent process ID (the ID of the process that started it)
- C = CPU utilization of process
- STIME = Process start time
- TTY = Terminal type associated with the process
- TIME = CPU time taken by the process
- CMD = The command that started this process
2. Show all information of all processes running
-e = Select all processes. Identical to -A
- ps -ef
An alternative is
- ps -aux
3. Display process tree
- ps -ef –forest
4. List processes dynamically
watch -n 2 = running the ps command every 2 seconds
- watch -n 2 ‘ps -ef’
PSTREE
Display a tree of processes
- pstree
Print the tree with PID
- pstree -p
Sorting the output
-n = Sort processes with the same ancestor by PID instead of by name
- pstree -pn
Filter by processes also
-s = Show parent processes of the specified process.
- pstree -s 3528
Filter process by users
- pstree vry4n
TOP
top command is used to show the Linux processes. It provides a dynamic real-time view of the running system.
- top
- PID: Shows task’s unique process id.
- USER: User name of owner of task.
- PR: Stands for priority of the task.
- NI: Represents a Nice Value of task. A Negative nice value implies higher priority, and positive Nice value means lower priority.
- VIRT: Total virtual memory used by the task.
- SHR: Represents the amount of shared memory used by a task.
- %CPU: Represents the CPU usage.
- %MEM: Shows the Memory usage of task.
- TIME+: CPU Time, the same as ‘TIME’, but reflecting more granularity through hundredths of a second.
- Command: Shows the command used to run the process
Display processes by user
- top -u vry4n
Show absolute path
- top -c
Top commands
While running to you can run commands
Use ‘h’ to display help menu
z = color output
k = kill a process
In this example we will kill Firefox, PID 4758
- k 4758
Choose the signal to send the kill
- <enter>
pgrep
pgrep returns the process IDs that match it.
- pgrep firefox
- ps -ef | grep -i firefox
Count matches
-c = Suppress normal output; instead print a count of matching processes.
- pgrep -c firefox
Print full PID and child PID
-f = The pattern is normally only matched against the process name. When -f is set, the full command line is used.
- pgrep -f firefox
Ignore case
-i = Match processes case-insensitively.
- pgrep -i FireFOX
Print command line and PID
-a = List the full command line as well as the process ID.
- pgrep -a firefox
Change process priority
Nice is a command in Unix and Linux operating systems that allows for the adjustment of the “Niceness” value of processes. Adjusting the “niceness” value of processes allows for setting an advised CPU priority that the kernel’s scheduler will use to determine which processes get more or less CPU time.
Different OS distributions can have different default values for new processes. The simplest method to determine the default value is to simply run the nice command with no arguments.
Nice value is a user-space and priority PR is the process’s actual priority that use by Linux kernel
System priorities are 0 to 139 in which 0 to 99 for real time and 100 to 139 for users
Nice value range is -20 to +19 where -20 is highest, 0 default and +19 is lowest.
- nice
Checking current nice value of a running process
- ps -ef | grep firefox
- ps -lp 5014
Changing the nice value of a new process
The nice command itself will run the supplied command with the desired niceness value. This time the value is one, overwriting the default 0
- nice -n 1 cherrytree &
Changing the nice value of a running process
To change the niceness value of a running process we will utilize the renice command.
- renice -n 2 -p 5461
Killing a process
Zombie and Orphan Processes
Normally, when a child process is killed, the parent process is updated via a SIGCHLD signal. Then the parent can do some other task or restart a new child as needed.
Daemon Processes
Daemons are system-related background processes that often run with the permissions of root and services requests from other processes.
A daemon has no controlling terminal. It cannot open /dev/tty. If you do a “ps -ef” and look at the tty field, all daemons will have a ? for the tty.
kill
Send a signal to a process. The default signal for kill is TERM. Use -l or -L to list available signals. Particularly useful signals include HUP, INT, KILL, STOP, CONT, and 0. Alternate signals may be specified in three ways: -9, -SIGKILL or -KILL.
- Kill -L
Kill a process
- pgrep cherrytree
- kill 5461
Send SIGKILL (powerful)
- pgrep firefox
- kill -9 5014
- pgrep firefox
Killing a job
- firefox &
- jobs
- kill %1
- jobs
pkill
pkill kills processes based on name and other attributes
- pkill firefox
killall
kill processes by name
List the signal
- killall -l
Kill a process by name
- pgrep cherrytree
- killall cherrytree
- pgrep cherrytree
Kill using a signal
- pgrep cherrytree
- killall -s TERM cherrytree
- pgrep cherrytree
Be verbose
- pgrep cherrytree
- killall -v -s TERM cherrytree
Kill processes by user
- sudo killall -v -s TERM –user www-data
Keeping a process running
NOHUP
A process may not continue to run when you log out or close your terminal. This special case can be avoided by preceding the command you want to run with the nohup command.
- nohup firefox &
- jobs
/proc Linux folder
Proc file system (procfs) is virtual file system built at run time. It contains the useful information about the processes that are currently running, it is regarded as control and information centre for kernel.
The proc file system also provides communication medium between kernel space and user space.
- cd /proc
- ls -la
Examining a process using /proc as an example
- pgrep cherrytree
- ps -ef | grep 6832
- ls -l 6832
We now know that cherrytree has the pid of 6832, there is also a directory with that name within /proc.
Change to the pid folder
- cd 6832
- ls -la
Below you have a summary of the most important files and directories within each process directory.
Directories
- /proc/PID/cmdline Command line arguments.
- /proc/PID/cpu Current and last cpu in which it was executed.
- /proc/PID/cwd Link to the current working directory.
- /proc/PID/environ Values of environment variables.
- /proc/PID/exe Link to the executable of this process.
- /proc/PID/fd Directory, which contains all file descriptors.
- /proc/PID/maps Memory maps to executables and library files.
- /proc/PID/mem Memory held by this process.
- /proc/PID/root Link to the root directory of this process.
- /proc/PID/stat Process status.
- /proc/PID/statm Process memory status information.
- /proc/PID/status Process status in human readable form.
Files
- /proc/crypto list of available cryptographic modules
- /proc/diskstats information (including device numbers) for each of the logical disk devices
- /proc/filesystems list of the file systems supported by the kernel at the time of listing
- /proc/kmsg holding messages output by the kernel
- /proc/meminfo summary of how the kernel is managing its memory.
- /proc/scsi information about any devices connected via a SCSI or RAID controller
- /proc/tty information about the current terminals
- /proc/version containing the Linux kernel version, distribution number, gcc version number (used to build the kernel) and any other pertinent information relating to the version of the kernel currently running
Important files with /proc besides the process specific directories
- /proc/apm: Provides information on Advanced Power Management, if it’s installed.
- /proc/acpi: A similar directory that offers plenty of data on the more modern Advanced Configuration and Power Interface.
- /proc/cmdline: Shows the parameters that were passed to the kernel at boot time.
- /proc/cpuinfo: Provides data on the processor of your box.
- /proc/loadavg: A related file that shows the average load on the processor; its information includes CPU usage in the last minute, last five minutes, and last 10 minutes, as well as the number of currently running processes.
- /proc/stat: Also gives statistics, but goes back to the last boot.
- /proc/uptime: A short file that has only two numbers: how many seconds your box has been up, and how many seconds it has been idle.
- /proc/devices: Displays all currently configured and loaded character and block devices.
- /proc/ide and /proc/scsi: Provide data on IDE and SCSI devices.
- /proc/ioports: Shows you information about the regions used for I/O communication with those devices.
- /proc/dma: Shows the Direct Memory Access channels in use.
- /proc/filesystems: Shows which filesystem types are supported by your kernel.
- /proc/mounts: Shows all the mounts used by your machine (its output looks much like /etc/mtab). Similarly,
- /proc/partitions: show all partitions
- /proc/swaps: show all swap space.
- /proc/fs: If you’re exporting filesystems with NFS, this directory has among its many subdirectories and files /proc/fs/nfsd/exports, which shows the file system that are being shared and their permissions.
- /proc/net: it includes /dev (each network device), several iptables (firewall) related files, net and socket statistics, wireless information, and more.
- /proc/meminfo: RAM-related files. I’ve already mentioned but you’ve also got
- /proc/iomem, which shows you how RAM memory is used in your box
- /proc/kcore, which represents the physical RAM of your box.
- /proc/kcore shows a size that’s equal to your RAM plus a small overhead. (Don’t try to cat this file, because its contents are binary and will mess up your screen.)
- Hardware-related files and directories, such as /proc/interrupts and /proc/irq, /proc/pci (all PCI devices), /proc/bus, and so on, but they include very specific information, which most users won’t need.
Within /proc/sys
- debug: Has debugging information. This is good if you’re into kernel development.
- dev: Provides parameters for specific devices on your system; for example, check the /dev/cdrom directory.
- fs: Offers data on every possible aspect of the filesystem.
- kernel: Lets you affect the kernel configuration and operation directly.
- net: Lets you control network-related matters. Be careful, because messing with this can make you lose connectivity!
- vm: Deals with the VM subsystem.