Linux Process Commands

Managing Processes with Linux

What are processes?

Any program that is executing is called a process. A process includes working storage, administrative information such as what files are in use, an environment for variable information and a Process Number. These process numbers are known as a "PID. It is the job of the operating system's kernel to create processes, assign CPU time and storage and also to clean up after tasks have completed. Processes can make calls to the operating system kernel to access files, devices or network resources. Process can be classed as a parent process or a child process. A parent process is the name given to a process that spawns a another process known as a child process.

The first process on the system has a PID of "1". This signifies that this was the process created at boot time. This program is also called the "init process". The "init" process is responsible for booting the system.

Linux provides us with some very good tools for monitoring processes. The first command we are going to look at is the "ps". This command reports a snapshot of the current system, displaying information about active processes. In its simplest form:

john@john-desktop:~/test_examples$ ps
  PID TTY          TIME CMD
 4701 pts/0    00:00:00 bash
 6635 pts/0    00:00:00 ps

In the above, we can see that I have a "bash" shell that is running and a single "ps" command. The columns "PID" identify the process number. The "TTY" gives the name of the terminal. The "TIME" is the amount of CPU time used by the process. The "CMS" is the name of the executing process. As with many Linux commands, there are lots of other parameters and flags that can be specified with the "ps" command to display specific information in a certain format.

Processes on a Linux system generally fall into one of the following categories:

Runnable (R) - This process may be assigned CPU.

Sleeping (S) - Sleeping, the process is waiting for an event.

Deep Sleep (D) - The process is waiting for an event that can not be disturbed.

Zombie (Z) - This is a process that has finished, however, its exit code has not been picked up by its parent. This means the process can not "die" it remains "undead".

Basic use of the "ps" command

Passing the PID to the process will display basic information:

john@john-desktop:~/test_examples$ ps 1
    1 ?        Ss     0:00 /sbin/init

A simply way to display the current process information from your current shell:

john@john-desktop:~/test_examples$ ps
  PID TTY          TIME CMD
 4701 pts/0    00:00:00 bash
 6939 pts/0    00:00:00 ps
john@john-desktop:~/test_examples$ ps 4701
 4701 pts/0    Ss     0:00 bash
john@john-desktop:~/test_examples$ ps $$
 4701 pts/0    Ss     0:00 bash
john@john-desktop:~/test_examples$ ps l $$
0  1000  4701  4692  20   0   7808  3936 wait   Ss   pts/0      0:00 bash

"$$" is a shell variable that displays the PID of your current shell.

In the above example, the UID represents the numerical "id" of the process owner. PPID is the Parent Process ID. PRI is the Priority of the process. The higher the number, the lower the process. VSZ is the processes size in memory (KiB). RSS is the processes current size in RAM (KiB). All process information is stored within the /proc filesystem. Many programs including "ps" use the information from here to display.

ps --help

By issuing the standard help command for "ps" we are able to see some of the many options that can be passed to the "ps" command:

john@john-desktop:/proc/4701$ ps --help
********* simple selection *********  ********* selection by list *********
-A all processes                      -C by command name
-N negate selection                   -G by real group ID (supports names)
-a all w/ tty except session leaders  -U by real user ID (supports names)
-d all except session leaders         -g by session OR by effective group name
-e all processes                      -p by process ID
T  all processes on this terminal     -s processes in the sessions given
a  all w/ tty, including other users  -t by tty
g  OBSOLETE -- DO NOT USE             -u by effective user ID (supports names)
r  only running processes             U  processes for specified users
x  processes w/o controlling ttys     t  by tty
*********** output format **********  *********** long options ***********
-o,o user-defined  -f full            --Group --User --pid --cols --ppid
-j,j job control   s  signal          --group --user --sid --rows --info
-O,O preloaded -o  v  virtual memory  --cumulative --format --deselect
-l,l long          u  user-oriented   --sort --tty --forest --version
-F   extra full    X  registers       --heading --no-heading --context
                    ********* misc options *********
-V,V  show version      L  list format codes  f  ASCII art forest
-m,m,-L,-T,H  threads   S  children in sum    -y change -l format
-M,Z  security data     c  true command name  -c scheduling class
-w,w  wide output       n  numeric WCHAN,UID  -H process hierarchy

Common "ps" command examples

ps -ef Displays all processes running on the current system.

ps -eF Displays all processes running in an extended format.

ps -elF Displays all processes with additional thread information.

Customising the "ps" command

An option exists for the "ps" commands output to be customised.

ps -eo uname,pid,ppid,nlwp,pcpu,pmem,psr,start_time,tty,time,args

Example of custom Output

root         1     0    1  0.0  0.0   0 07:44 ?        00:00:00 /sbin/init
root         2     0    1  0.0  0.0   0 07:44 ?        00:00:00 [kthreadd]
root         3     2    1  0.0  0.0   0 07:44 ?        00:00:01 [ksoftirqd/0]
root         6     2    1  0.0  0.0   0 07:44 ?        00:00:00 [migration/0]
root         7     2    1  0.0  0.0   0 07:44 ?        00:00:00 [watchdog/0]
root         8     2    1  0.0  0.0   0 07:44 ?        00:00:00 [cpuset]
root         9     2    1  0.0  0.0   0 07:44 ?        00:00:00 [khelper]
root        10     2    1  0.0  0.0   0 07:44 ?        00:00:00 [kdevtmpfs]
root        11     2    1  0.0  0.0   0 07:44 ?        00:00:00 [netns]
root        12     2    1  0.0  0.0   0 07:44 ?        00:00:00 [sync_supers]
root        13     2    1  0.0  0.0   0 07:44 ?        00:00:00 [bdi-default]
root        14     2    1  0.0  0.0   0 07:44 ?        00:00:00 [kintegrityd]
root        15     2    1  0.0  0.0   0 07:44 ?        00:00:00 [kblockd]

"ps --forest"

Using the "--forest" option to display the process hierarchy:

john@john-desktop:~$ ps --forest
  PID TTY          TIME CMD
 4701 pts/0    00:00:00 bash
 7301 pts/0    00:00:00  \_ ps

Nice and Renice commands

Nice command

Every Linux process has an associated priority that is used to determine how CPU time slices are shared amongst other processes. The higher the value of the "nice" number, the lower the priority. By default processes are started with a nice value of "0". These nice settings can be seen when issuing the "ps" command.

To start a process nicely, we could issue a command similar to nice -n 10 program
By specifying a value of "10", our program would allow other processes to have a higher access to CPU.

Renice command

As we have seen, the "nice" command is only used when starting a program. To change the nice value of a running process, we have to use a command called "renice". To "renice" a process, issue the renice command followed by its new nice value and then its PID. renice 10 3317.
In the example below, the program "openshot" was initially started with a default nice value of "0". One the program was running, the "renice" command was then issued:

john@john-desktop:~$ ps l 3317
0  1000  3317  3229  20   0 379336 61960 poll_s Sl   pts/1      0:04 /usr/bin/python /usr/bin/openshot
john@john-desktop:~$ renice 10 3317
3317 (process ID) old priority 0, new priority 10
john@john-desktop:~$ ps l 3317
0  1000  3317  3229  30  10 379336 61960 poll_s SNl  pts/1      0:06 /usr/bin/python /usr/bin/openshot

Linux "fg" and "bg" command


When you start a program under Linux, the program as a rule is started in the foreground. Normally this means that your console then becomes reserved for communication with that particular program. An easy way to demonstrate this would be to run the "xeyes" program.
As you can see from the screenshot image, the program is running in the foreground.

To run the same program this time in the background, we would have to start xeyes with the "&" ampersand parameter which signifies to run as a background process.

xeyes &

Now control has been passwd back to the console. We can use the "jobs" command to display the associated jobnumber and process information for the backgrounded process.

john@john-desktop:~$ jobs
[1]+  Running                 xeyes &

If you do start a program from your terminal and forget to pass the "&" ampersand parameter, you can easily interrupt the program and send it into the background. To accomplish this we would perform a "CTRL + Z" on the keyboard to signal the program to stop.
Now we can type "bg" to place the stopped process back into the background. Now issue the "jobs" command to display our program:

john@john-desktop:~$ xeyes
[1]+  Stopped                 xeyes
john@john-desktop:~$ bg
[1]+ xeyes &
john@john-desktop:~$ jobs
[1]+  Running                 xeyes &

If we have more than one process running, we can refer to it by its jobnumber. This is the number in the square brackets.
To bring a process from running in the background, we could specify its jobnumber: fg %1 where "%1" corresponds to the jobnumber. Jobs can also be killed by issuing the command kill %1. Again the you will need to change the job number after the "%" to match that of your job:

john@john-desktop:~$ jobs
[1]-  Running                 xeyes &
[2]+  Running                 xeyes &
john@john-desktop:~$ kill %2
john@john-desktop:~$ jobs
[1]-  Running                 xeyes &
[2]+  Terminated              xeyes
john@john-desktop:~$ fg %1
[1]+  Stopped                 xeyes
john@john-desktop:~$ bg 
[1]+ xeyes &
john@john-desktop:~$ jobs
[1]+  Running                 xeyes &
john@john-desktop:~$ kill %1
john@john-desktop:~$ jobs
[1]+  Terminated              xeyes
john@john-desktop:~$ jobs


The top command is a great tool that comes with virtually all distributions of Linux. The top command allows a user or administrator to look at running processes on a system and also identify how much resource is being used by a process. From this tool you can also "kill" processes or renice a process.

top command

The first line of the "top" screen shows the current system time and also the length of time that the system has been up (time since system was started). In this example, the system has been up for 1 hour and 28 minutes. Two users are logged onto the system. System load averages are displayed to the immediate right: The load average times indicate the number of runnable processes averaged over the last minute, five minute and fifteen minute intervals. These figures can be used as an indicator to how well your system is handling jobs/processes. If the Load average is high for the last minute and the Load average for the fifteen minute interval is low, then this is an indication that your system is currently handling more work. It doesn't always mean there is an issue. However, if the Load averages are all higher than the number of CPU cores on your system, then you may have a CPU bottleneck. Basically, this means that you may have processes/jobs that are waiting to be processed.

The second line displays information relating to the number of running/sleeping tasks. These can either be running, sleeping, stopped or zombie. The third line is an indicator of CPU utilisation. These are categorised by "us" for code executing outside of the kernel, "sy" for code executing within the kernel. Although not strictly true, I remember these by "us=user" and "sy"=sytem. The other headings of "ni" are for processes that have been started with a reduced priority or had the priority changed. The other heading of relevance is "wa. This means processes waiting for I/O. If this value is high, then this can be an indication of a lot of disk activity taking place (reads/writes).

The next two lines are an indication of current memory and its utilisation along with swap file information. These lines provide the same output as the "free" command. The remaining lines are a display of the currently running processes.. The "id" of the user running the process and the associated resources used are also displayed. Whilst this screen is running, you can press "h" for a help screen indicating other options that are available.

Help for Interactive Commands - procps version 3.2.8
Window 1:Def: Cumulative mode Off.  System: Delay 3.0 secs; Secure mode Off.

  Z,B       Global: 'Z' change color mappings; 'B' disable/enable bold
  l,t,m     Toggle Summaries: 'l' load avg; 't' task/cpu stats; 'm' mem info
  1,I       Toggle SMP view: '1' single/separate states; 'I' Irix/Solaris mode

  f,o     . Fields/Columns: 'f' add or remove; 'o' change display order
  F or O  . Select sort field
  <,>     . Move sort field: '<' next col left; '>' next col right
  R,H     . Toggle: 'R' normal/reverse sort; 'H' show threads
  c,i,S   . Toggle: 'c' cmd name/line; 'i' idle tasks; 'S' cumulative time
  x,y     . Toggle highlights: 'x' sort field; 'y' running tasks
  z,b     . Toggle: 'z' color/mono; 'b' bold/reverse (only if 'x' or 'y')
  u       . Show specific user only
  n or #  . Set maximum tasks displayed

  k,r       Manipulate tasks: 'k' kill; 'r' renice
  d or s    Set update interval
  W         Write configuration file
  q         Quit
          ( commands shown with '.' require a visible task display window )
Press 'h' or '?' for help with Windows,
any other key to continue 

Although the "top" process tool is very useful, there are alternative tools which can provide more information.
These are nmon and htop. You can find a tutorial for nmon and htop here: htop monitoring and nmon monitoring