The Linux terminal has a number of useful commands that can display running processes, kill them, and change their priority level.

Parent and Child Processes

Each unix process has two ID numbers assigned to it: The Process ID (pid) and the Parent process ID (ppid). Each user process in the system has a parent process.

Starting a Process

When you start a process (run a command), there are two ways you can run it −

  • Foreground Processes
  • Background Processes

1. Foreground Processes

By default, every process that you start runs in the foreground. If the command is like “ls” it will print the output, and, exit the command, most likely when a persistent program runs it stays and the terminal actively shows that running, events are displayed in the screen, in other words, the terminal becomes exclusively part of the program.

  • cherrytree

  • ls

2. Background Processes

A background process runs without being connected to your keyboard. If the background process requires any keyboard input, it waits.

The advantage of running a process in the background is that you can run other commands; you do not have to wait until it completes to start another. Meaning the terminal is no longer exclusive to that newprocess.

& = send program to background

  • cherrytree &

Sending a program to foreground or background

fg = send to foreground

bg = send to background

use jobs to list the programs running for that terminal.

  • jobs

As we can see the program is running in the foreground

  • fg %1

To send it to the background stop it (Ctrl + z) , and then run bg command

  • Ctrl + z
  • jobs
  • bg %1
  • jobs

Listing Running processes


1. To show processes use ‘ps’, run in bash

  • ps

-f = Do full-format listing.

  • ps -f

  • UID = User ID that this process belongs to (the person running it)
  • PID = Process ID
  • PPID = Parent process ID (the ID of the process that started it)
  • C = CPU utilization of process
  • STIME = Process start time
  • TTY = Terminal type associated with the process
  • TIME = CPU time taken by the process
  • CMD = The command that started this process

2. Show all information of all processes running

-e = Select all processes. Identical to -A

  • ps -ef

An alternative is

  • ps -aux

3. Display process tree

  • ps -ef --forest

4. List processes dynamically

watch -n 2 = running the ps command every 2 seconds

  • watch -n 2 ‘ps -ef'


Display a tree of processes

  • pstree

Print the tree with PID

  • pstree -p

Sorting the output

-n = Sort processes with the same ancestor by PID instead of by name

  • pstree -pn

Filter by processes also

-s = Show parent processes of the specified process.

  • pstree -s 3528

Filter process by users

  • pstree vry4n


top command is used to show the Linux processes. It provides a dynamic real-time view of the running system.

  • top

  • PID: Shows task’s unique process id.
  • USER: User name of owner of task.
  • PR: Stands for priority of the task.
  • NI: Represents a Nice Value of task. A Negative nice value implies higher priority, and positive Nice value means lower priority.
  • VIRT: Total virtual memory used by the task.
  • SHR: Represents the amount of shared memory used by a task.
  • %CPU: Represents the CPU usage.
  • %MEM: Shows the Memory usage of task.
  • TIME+: CPU Time, the same as ‘TIME’, but reflecting more granularity through hundredths of a second.
  • Command: Shows the command used to run the process

Display processes by user

  • top -u vry4n

Show absolute path

  • top -c

Top commands

While running to you can run commands

Use ‘h’ to display help menu

z = color output

k = kill a process

In this example we will kill Firefox, PID 4758

  • k 4758

Choose the signal to send the kill

  • <enter>


pgrep returns the process IDs that match it.

  • pgrep firefox
  • ps -ef | grep -i firefox

Count matches

-c = Suppress normal output; instead print a count of matching processes.

  • pgrep -c firefox

Print full PID and child PID

-f = The pattern is normally only matched against the process name. When -f is set, the full command line is used.

  • pgrep -f firefox

Ignore case

-i = Match processes case-insensitively.

  • pgrep -i FireFOX

Print command line and PID

-a = List the full command line as well as the process ID.

  • pgrep -a firefox

Change process priority

Nice is a command in Unix and Linux operating systems that allows for the adjustment of the “Niceness” value of processes. Adjusting the “niceness” value of processes allows for setting an advised CPU priority that the kernel's scheduler will use to determine which processes get more or less CPU time.

Different OS distributions can have different default values for new processes. The simplest method to determine the default value is to simply run the nice command with no arguments.

Nice value is a user-space and priority PR is the process's actual priority that use by Linux kernel

System priorities are 0 to 139 in which 0 to 99 for real time and 100 to 139 for users

Nice value range is -20 to +19 where -20 is highest, 0 default and +19 is lowest.

  • nice

Checking current nice value of a running process

  • ps -ef | grep firefox
  • ps -lp 5014

Changing the nice value of a new process

The nice command itself will run the supplied command with the desired niceness value. This time the value is one, overwriting the default 0

  • nice -n 1 cherrytree &

Changing the nice value of a running process

To change the niceness value of a running process we will utilize the renice command.

  • renice -n 2 -p 5461

Killing a process

Zombie and Orphan Processes

Normally, when a child process is killed, the parent process is updated via a SIGCHLD signal. Then the parent can do some other task or restart a new child as needed.

Daemon Processes

Daemons are system-related background processes that often run with the permissions of root and services requests from other processes.

A daemon has no controlling terminal. It cannot open /dev/tty. If you do a "ps -ef" and look at the tty field, all daemons will have a ? for the tty.


Send a signal to a process. The default signal for kill is TERM. Use -l or -L to list available signals. Particularly useful signals include HUP, INT, KILL, STOP, CONT, and 0. Alternate signals may be specified in three ways: -9, -SIGKILL or -KILL.

  • Kill -L

Kill a process

  • pgrep cherrytree
  • kill 5461

Send SIGKILL (powerful)

  • pgrep firefox
  • kill -9 5014
  • pgrep firefox

Killing a job

  • firefox &
  • jobs
  • kill %1
  • jobs


pkill kills processes based on name and other attributes

  • pkill firefox


kill processes by name

List the signal

  • killall -l

Kill a process by name

  • pgrep cherrytree
  • killall cherrytree
  • pgrep cherrytree

Kill using a signal

  • pgrep cherrytree
  • killall -s TERM cherrytree
  • pgrep cherrytree

Be verbose

  • pgrep cherrytree
  • killall -v -s TERM cherrytree

Kill processes by user

  • sudo killall -v -s TERM --user www-data

Keeping a process running


A process may not continue to run when you log out or close your terminal. This special case can be avoided by preceding the command you want to run with the nohup command.

  • nohup firefox &
  • jobs

/proc Linux folder

Proc file system (procfs) is virtual file system built at run time. It contains the useful information about the processes that are currently running, it is regarded as control and information centre for kernel.

The proc file system also provides communication medium between kernel space and user space.

  • cd /proc
  • ls -la

Examining a process using /proc as an example

  • pgrep cherrytree
  • ps -ef | grep 6832
  • ls -l 6832

We now know that cherrytree has the pid of 6832, there is also a directory with that name within /proc.

Change to the pid folder

  • cd 6832
  • ls -la

Below you have a summary of the most important files and directories within each process directory.


  • /proc/PID/cmdline Command line arguments.
  • /proc/PID/cpu Current and last cpu in which it was executed.
  • /proc/PID/cwd Link to the current working directory.
  • /proc/PID/environ Values of environment variables.
  • /proc/PID/exe Link to the executable of this process.
  • /proc/PID/fd Directory, which contains all file descriptors.
  • /proc/PID/maps Memory maps to executables and library files.
  • /proc/PID/mem Memory held by this process.
  • /proc/PID/root Link to the root directory of this process.
  • /proc/PID/stat Process status.
  • /proc/PID/statm Process memory status information.
  • /proc/PID/status Process status in human readable form.


  • /proc/crypto list of available cryptographic modules
  • /proc/diskstats information (including device numbers) for each of the logical disk devices
  • /proc/filesystems list of the file systems supported by the kernel at the time of listing
  • /proc/kmsg holding messages output by the kernel
  • /proc/meminfo summary of how the kernel is managing its memory.
  • /proc/scsi information about any devices connected via a SCSI or RAID controller
  • /proc/tty information about the current terminals
  • /proc/version containing the Linux kernel version, distribution number, gcc version number (used to build the kernel) and any other pertinent information relating to the version of the kernel currently running

Important files with /proc besides the process specific directories

  • /proc/apm: Provides information on Advanced Power Management, if it’s installed.
  • /proc/acpi: A similar directory that offers plenty of data on the more modern Advanced Configuration and Power Interface.
  • /proc/cmdline: Shows the parameters that were passed to the kernel at boot time.
  • /proc/cpuinfo: Provides data on the processor of your box.
  • /proc/loadavg: A related file that shows the average load on the processor; its information includes CPU usage in the last minute, last five minutes, and last 10 minutes, as well as the number of currently running processes.
  • /proc/stat: Also gives statistics, but goes back to the last boot.
  • /proc/uptime: A short file that has only two numbers: how many seconds your box has been up, and how many seconds it has been idle.
  • /proc/devices: Displays all currently configured and loaded character and block devices.
  • /proc/ide and /proc/scsi: Provide data on IDE and SCSI devices.
  • /proc/ioports: Shows you information about the regions used for I/O communication with those devices.
  • /proc/dma: Shows the Direct Memory Access channels in use.
  • /proc/filesystems: Shows which filesystem types are supported by your kernel.
  • /proc/mounts: Shows all the mounts used by your machine (its output looks much like /etc/mtab). Similarly,
  • /proc/partitions: show all partitions
  • /proc/swaps: show all swap space.
  • /proc/fs: If you’re exporting filesystems with NFS, this directory has among its many subdirectories and files /proc/fs/nfsd/exports, which shows the file system that are being shared and their permissions.
  • /proc/net: it includes /dev (each network device), several iptables (firewall) related files, net and socket statistics, wireless information, and more.
  • /proc/meminfo: RAM-related files. I’ve already mentioned but you’ve also got
  • /proc/iomem, which shows you how RAM memory is used in your box
  • /proc/kcore, which represents the physical RAM of your box.
  • /proc/kcore shows a size that’s equal to your RAM plus a small overhead. (Don’t try to cat this file, because its contents are binary and will mess up your screen.)
  • Hardware-related files and directories, such as /proc/interrupts and /proc/irq, /proc/pci (all PCI devices), /proc/bus, and so on, but they include very specific information, which most users won’t need.

Within /proc/sys

  • debug: Has debugging information. This is good if you’re into kernel development.
  • dev: Provides parameters for specific devices on your system; for example, check the /dev/cdrom directory.
  • fs: Offers data on every possible aspect of the filesystem.
  • kernel: Lets you affect the kernel configuration and operation directly.
  • net: Lets you control network-related matters. Be careful, because messing with this can make you lose connectivity!
  • vm: Deals with the VM subsystem.