Linux process basics
A running instance of a program is called a process. A program stored in the hard disk or pen drive is not a process. When that stored program starts executing, then we say that process has been created and is running.
Let’s very briefly understand the Linux operating system boot-up sequence:
- In PCs, initially, the BIOS chip initializes system hardware, such as PCI bus, and display device drivers.
- Then the BIOS executes the boot loader program.
- The boot loader program then copies the kernel in the memory and, after basic checks, it calls a kernel function
start_kernel(). - The kernel then initializes the OS and creates the first process called
init. - You can check the presence of this process with the following command:
$ ps -ef- Every process in the OS has one numerical identification associated with it. It is called a
process ID. The process ID of theinitprocess is1. This process is the parent process of all user space processes. - In the Linux OS, every new process is created by a system call called
fork(). - Therefore, every process has a process ID, as well as the parent process ID.
- We can see the complete process tree using the following command:
$ pstreeYou can see the very first process as init, as well as all other processes with a complete parent and child relation between them. If we use the $ps -ef command, then we can see that the init process is owned by the root and its parent process ID is 0. This means that there is no parent for init:
root@app:/home/satish$ pstree
systemd─┬─accounts-daemon─┬─{gdbus}
│ └─{gmain}
├─acpid
├─agetty
├─apache2─┬─44*[apache2]
│ └─2*[apache2───2*[sh───php]]
├─atd
├─cron───cron───sh───php───sh───php7.1
├─dbus-daemon
├─filebeat───36*[{filebeat}]
├─irqbalance
├─2*[iscsid]
├─lvmetad
├─lxcfs───10*[{lxcfs}]
├─mdadm
├─php-fpm7.1───2*[php-fpm7.1]
├─polkitd─┬─{gdbus}
│ └─{gmain}
├─rsyslogd─┬─{in:imklog}
│ ├─{in:imuxsock}
│ └─{rs:main Q:Reg}
├─snapd───23*[{snapd}]
├─sshd─┬─sshd───sshd───bash───sudo───su───bash───pstree
│ └─sshd───sshd
├─3*[systemd───(sd-pam)]
├─systemd-journal
├─systemd-logind
├─systemd-timesyn───{sd-resolve}
├─systemd-udevd
├─top
└─vmtoolsd
Therefore, with the exception of the init process, all other processes are created by some other process. The init process is created by the kernel itself.
The following are the different types of processes:
Orphan process: If, by some chance, the parentprocessis terminated, then the childprocessbecomes an orphan process. The process that created the parent process, such as the grandparent process, becomes the parent of the orphan child process. As a last resort, theinitprocess becomes the parent of the orphan process.
Zombie process: Everyprocesshas one data structure called the process control table. This is maintained in the operating system. This table contains information about all the child processes created by the parent process. If, by chance, the parentprocessis sleeping or is suspended due to some reason or other and the child process is terminated, then the parent process cannot receive the information about the child process termination. In such cases, the child process that has been terminated is called the zombie process. When the parent process awakes, it will receive a signal regarding the child process termination and the process control block data structure will be updated. The child process termination is then completed.
Daemon process: Until now, we have started every newprocessin a Bash Terminal. Therefore, if we print any text with the$ echocommand, it will be printed in the Terminal itself. There are certain processes that are not associated with any Terminal. Such aprocessis called a daemon process. These processes are running in the background. An advantage of the daemon process is that it is immune to the changes happening to the Bash shell that has created it. When we want to run certain background processes, such as a DHCP server, then the daemon process is very useful.
Monitoring processes using ps
To list the processes associatedwithour current Bash shell Terminal, enter the following command:
$ psroot@app:/home/satish$ ps
PID TTY TIME CMD
27872 pts/0 00:00:00 sudo
27882 pts/0 00:00:00 su
27883 pts/0 00:00:00 bash
29692 pts/0 00:00:00 psTo list processes, along with the parent process ID associated with the current Terminal, enter the following command:
$ ps -froot@app:/home/satish$ ps -f
UID PID PPID C STIME TTY TIME CMD
root 27872 27856 0 13:34 pts/0 00:00:00 sudo su
root 27882 27872 0 13:34 pts/0 00:00:00 su
root 27883 27882 0 13:34 pts/0 00:00:00 bash
root 30132 27883 0 13:41 pts/0 00:00:00 ps -fWe can see the process ID in thePIDcolumn and the parent process ID, in thePPIDcolumn in the preceding output.
To list processeswiththe parent process ID alongwiththe process state, enter the following command:
$ ps -lfroot@app:/home/satish$ ps -lf
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
4 S root 27872 27856 0 80 0 - 12915 poll_s 13:34 pts/0 00:00:00 sudo su
4 S root 27882 27872 0 80 0 - 12753 wait 13:34 pts/0 00:00:00 su
4 S root 27883 27882 0 80 0 - 5030 wait 13:34 pts/0 00:00:00 bash
0 R root 30543 27883 0 80 0 - 9023 - 13:43 pts/0 00:00:00 ps -lf
root@app:/home/satish#In the preceding output, the column withS(state) shows the current state of a process, such asRfor running andSfor suspended state.
To list all the processes running in the operating system, including the system processes, enter the following command:
$ ps -efroot@app:/home/satish$ ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 2020 ? 08:02:11 /sbin/init
root 2 0 0 2020 ? 00:01:07 [kthreadd]
root 3 2 0 2020 ? 01:48:35 [ksoftirqd/0]
root 5 2 0 2020 ? 00:00:00 [kworker/0:0H]
root 8 2 0 2020 ? 1-01:15:35 [rcu_sched]
root 9 2 0 2020 ? 00:00:00 [rcu_bh]
root 10 2 0 2020 ? 00:31:08 [migration/0]
root 11 2 0 2020 ? 00:02:28 [watchdog/0]
root 12 2 0 2020 ? 00:02:09 [watchdog/1]
root 13 2 0 2020 ? 00:31:34 [migration/1]
root 14 2 0 2020 ? 02:48:58 [ksoftirqd/1]
root 16 2 0 2020 ? 00:00:00 [kworker/1:0H]
root 17 2 0 2020 ? 00:02:11 [watchdog/2]
root 18 2 0 2020 ? 00:28:09 [migration/2]
root 19 2 0 2020 ? 02:28:51 [ksoftirqd/2]
root 21 2 0 2020 ? 00:00:00 [kworker/2:0H]
root 22 2 0 2020 ? 00:02:05 [watchdog/3]
root 23 2 0 2020 ? 00:27:19 [migration/3]
root 24 2 0 2020 ? 02:20:00 [ksoftirqd/3]
root 26 2 0 2020 ? 00:00:00 [kworker/3:0H]
root 27 2 0 2020 ? 00:02:08 [watchdog/4]
root 28 2 0 2020 ? 00:26:36 [migration/4]
root 29 2 0 2020 ? 02:32:19 [ksoftirqd/4]
root 31 2 0 2020 ? 00:00:00 [kworker/4:0H]
root 32 2 0 2020 ? 00:02:06 [watchdog/5]
root 33 2 0 2020 ? 00:26:50 [migration/5]
root 34 2 0 2020 ? 02:27:35 [ksoftirqd/5]
root 36 2 0 2020 ? 00:00:00 [kworker/5:0H]
root 37 2 0 2020 ? 00:02:17 [watchdog/6]
root 38 2 0 2020 ? 00:37:27 [migration/6]
root 39 2 0 2020 ? 02:59:21 [ksoftirqd/6]
root 41 2 0 2020 ? 00:00:00 [kworker/6:0H]
root 43 2 0 2020 ? 00:02:06 [watchdog/7]
root 44 2 0 2020 ? 00:33:17 [migration/7]
root 45 2 0 2020 ? 02:41:40 [ksoftirqd/7]
root 47 2 0 2020 ? 00:00:00 [kworker/7:0H]
root 48 2 0 2020 ? 00:02:05 [watchdog/8]
root 49 2 0 2020 ? 00:30:08 [migration/8]
root 50 2 0 2020 ? 02:51:02 [ksoftirqd/8]
root 52 2 0 2020 ? 00:00:00 [kworker/8:0H]
root 53 2 0 2020 ? 00:01:59 [watchdog/9]
root 54 2 0 2020 ? 00:29:53 [migration/9]
root 55 2 0 2020 ? 02:46:07 [ksoftirqd/9]
root 57 2 0 2020 ? 00:00:00 [kworker/9:0H]
root 58 2 0 2020 ? 00:02:02 [watchdog/10]
root 59 2 0 2020 ? 00:29:58 [migration/10]
root 60 2 0 2020 ? 02:57:14 [ksoftirqd/10]
root 62 2 0 2020 ? 00:00:00 [kworker/10:0H]
root 63 2 0 2020 ? 00:01:59 [watchdog/11]
root 64 2 0 2020 ? 00:32:35 [migration/11]The process names in[]are kernel threads. If you are interested in more options for thepscommand, you can use the following command:
$ man psTo find a particular process, you can use the following command:
$ ps -ef | grep "process_name"The command with grep will display the process with process_name.
If we want to terminate the running process, enter the following command:
$ kill pid_of_process_to_be_killedroot@app:/home/satish$ ps
PID TTY TIME CMD
27872 pts/0 00:00:00 sudo
27882 pts/0 00:00:00 sleep
27883 pts/0 00:00:00 bash
29692 pts/0 00:00:00 ps
root@app:/home/satish$
root@app:/home/satish$
root@app:/home/satish$ kill 27882
[1]+ Terminated sleep 10000
root@app:/home/satish$
root@app:/home/satish$
root@app:/home/satish$ ps
PID TTY TIME CMD
27872 pts/0 00:00:00 sudo
27883 pts/0 00:00:00 bash
29692 pts/0 00:00:00 ps
root@app:/home/satish$Many a time, if the process is not killed by the$ killcommand, you may need to pass additional options to ensure that the required process is killed, which is shown as follows:
$ kill -9 pid_of_process_to_be_killedWe can terminate the processwiththe name of a process, instead of using the process ID, as follows:
$ pkill command_name$ pkill sleepOr:
$ pkill -9 command_nameroot@app:/home/satish$ ps
PID TTY TIME CMD
27872 pts/0 00:00:00 sudo
27882 pts/0 00:00:00 sleep
27883 pts/0 00:00:00 bash
29692 pts/0 00:00:00 ps
root@app:/home/satish$
root@app:/home/satish$
root@app:/home/satish$ pkill sleep
[1]+ Terminated sleep 10000
root@app:/home/satish$
root@app:/home/satish$
root@app:/home/satish$ ps
PID TTY TIME CMD
27872 pts/0 00:00:00 sudo
27883 pts/0 00:00:00 bash
29692 pts/0 00:00:00 ps
root@app:/home/satish$To know more about various flags ofkill, enter the following command:
$ kill -lThis displays all the signals or softwareinterruptsused by the operating system. When we enter the$ killcommand, the operating system sends theSIGTERMsignal to the process.
If the process is not killed by this command, then we enter the following command:
$ kill -9 process_nameThis sendsSIGKILLto the process to be killed.
Process management
Since we have understood the command to check processes, we will learn more about managing different processes.
In a Bash shell, when we enter any command or start any program, it starts running in the foreground. In such a situation, we cannot run more than one command in the foreground. We need to create many Terminal windows for starting many processes. If we need to start many processes or programs from the same Terminal, then we will need to start them as background processes.
If we want to start a process in the background, then we need to append the command in the Bash shell by&.
If I want to start my Hello program as the background process, then the command would be as follows:
$ Hello &If we terminate any command by&, then it starts running as the background process.
For example, we will issue a simple sleep command, which creates a new process. This process sleeps for the duration, which is mentioned in the integer value next to the sleep command:
- The following command will make the process sleep for 10,000 seconds. This means we will not be able to run any other command from the same Terminal:
$ sleep 10000- Now, you can press theCtrl+Ckey combination to terminate the process created by the
sleepcommand.
root@app:/home/satish$ ps
PID TTY TIME CMD
27883 pts/0 00:00:00 bash
29692 pts/0 00:00:00 ps
root@app:/home/satish$
root@app:/home/satish$ sleep 10000
^C
root@app:/home/satish$- Now, use the following command:
$ sleep 10000 &The preceding command will create a new process, which will be put to sleep for 10000 seconds; but this time, it will start running in the background. Therefore, we will be able to enter the next command in the Bash Terminal.
- Since the newly createdprocessis running in the background, we can enter new commands very easily in the same Terminal window:
$ sleep 20000 &$ sleep 30000 &$ sleep 40000 &- To check the presence of all the processes, enter the following command:
$ jobsIt will gives you output similar to below:
root@app:/home/satish$ sleep 10000 &
[1] 26007
root@app:/home/satish$ sleep 20000 &
[2] 26009
root@app:/home/satish$ sleep 30000 &
[3] 26011
root@app:/home/satish$ sleep 40000 &
[4] 26013
root@app:/home/satish$ jobs
[1] Running sleep 10000 &
[2] Running sleep 20000 &
[3] Running sleep 30000 &
[4] Running sleep 40000 &
root@app:/home/satish$ The jobs command lists all the processes running in the Terminal, including foreground and background processes. You can clearly see their status as running, suspended, or stopped. The numbers in [] show the job ID. The + sign indicates which command will receive fg and bg commands by default. We will study them in the following topics.
- If you want to make any existing backgroundprocessrun in the foreground, then use the following command:
$ fg 3The preceding command will make the job number3run in the foreground instead of the background.
If we want to make the process stop executing and get it suspended, then pressCtrl+Z. This key combination makes the foreground process stop executing. Please note that the process has stopped, but is not terminated.
root@app:/home/satish$ fg 2
sleep 20000
^Z
[2]+ Stopped sleep 20000
root@app:/home/satish$ jobs
[1] Running sleep 10000 &
[2]+ Stopped sleep 20000
[3] Running sleep 30000 &
[4] Running sleep 40000 &
root@app:/home/satish$ - To make the stoppedprocesscontinue running in the background, use the following command:
$ bg job_number
$ bg 3The preceding command will make suspended job process number 3 run in the background.
- If you wish to terminate the process, you can use the job ID or process ID as follows:
$ jobs -l // This will list jobs with pid$ kill pid // or$ kill %job_id // This will kill job$ kill %3
