What is a process

A process is a running instance of a launched, executable program.A process, also

known as a task, is the running form of a program. Programs are stored on disk and
processes run in memory. Processes have a parent/child relationship. A process can
spawn one or more children. Multiple processes can run in parallel.

Listing System Processes

The process status (ps) command lists the processes that are associated with your shell.

# ps [options]

For each process, the ps command displays the PID, the terminal identifier (TTY), the
cumulative execution time (TIME), and the command name (CMD). For example, list the
currently running processes on the system using the ps command.

# ps
PID TTY TIME CMD
1442 pts/1 00:00:00 sudo
1448 pts/1 00:00:00 su
1449 pts/1 00:00:00 bash
1666 pts/1 00:00:00 ps

The ps command has several options that you can use to display additional process
information.

 -a: Prints information about all processes most frequently requested, except
process group leaders and processes not associated with a terminal
 -e: Prints information about every process currently running
 -f: Generates a full listing
 -l: Generates a long listing
 -o format: Writes information according to the format specification given in a
format. Multiple -o options can be specified. The format specification is interpreted
as the space-character-separated concatenation of all the format option
arguments.

Listing All Processes

For example, use the ‘ps -ef‘ command to list all the processes currently scheduled to
run on the system.

# ps -ef | more
Here,

 UID: The username of the owner of the process

 PID: The unique process identification number of the process
 PPID: The parent process identification number of the process
 STIME:The time the process started (hh:mm:ss)
 TTY:The controlling terminal for the process. Note that system processes
(daemons) display a question mark (?), indicating the process started without the
use of a terminal.
 C: CPU utilization
 TIME: The cumulative execution time for the process
 CMD: The command name, options, and arguments
 WCHAN : Name of the kernel function in which the process is sleeping, a "-" if the
process is running, or a "*" if the process is multi-threaded and ps is not displaying
threads.

To see the meaning of shortcut

$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
timothy 29217 0.0 0.0 11916 4560 pts/21 S+ 08:15 0:00 pine
root 29505 0.0 0.0 38196 2728 ? Ss Mar07 0:00 sshd: can [priv]
can 29529 0.0 0.0 38332 1904 ? S Mar07 0:00 sshd: can@notty

 USER = user owning the process

 PID = process ID of the process
 %CPU = It is the CPU time used divided by the time the process has been running.
 %MEM = ratio of the process’s resident set size to the physical memory on the machine
 VSZ = virtual memory usage of entire process (in KiB)
 RSS = resident set size, the non-swapped physical memory that a task has used (in KiB)
 TTY = controlling tty (terminal)
 STAT = multi-character process state
 START = starting time or date of the process
  TIME = cumulative CPU time
 COMMAND = command with all its arguments

RSS is the amount of physical memory this process is using. Note that this includes any memory that's shared
with other processes (eg if other processes are loaded from same executable or libraries) so it may over-report
memory usage. VSZ is the size of the virtual memory space - do not be mislead by this as it's not all "used"
memory. It includes memory in use (RSS), memory that's swapped, but usually the majority is just additional
addressing space that hasn't actually had any real memory allocated to it - in order to use that space, more
memory would need to be given to the process.

I tried to think of an analogy. Let's say you're eating dinner so you're sharing a limited supply of food
with other people. RSS is the amount of food currently on your plate. VSZ is the size of your plate. Not
all of your plate is food and it's not relevant to how much food you've claimed.

RSS is the Resident Set Size and is used to show how much memory is allocated to that process and
is in RAM. It does not include memory that is swapped out. It does include memory from shared
libraries as long as the pages from those libraries are actually in memory. It does include all stack and
heap memory.

VSZ is the Virtual Memory Size. It includes all memory that the process can access, including memory
that is swapped out, memory that is allocated, but not used, and memory that is from shared libraries.

So if process A has a 500K binary and is linked to 2500K of shared libraries, has 200K of stack/heap
allocations of which 100K is actually in memory (rest is swapped or unused), and it has only actually
loaded 1000K of the shared libraries and 400K of its own binary then:

Process State Codes (STAT):

 R running or runnable (on run queue)

 D uninterruptible sleep (usually IO)
 S interruptible sleep (waiting for an event to complete)
 Z defunct/zombie, terminated but not reaped by its parent
 T stopped, either by a job control signal or because it is being traced
Some extra modifiers:

 < high-priority (not nice to other users)

 N low-priority (nice to other users)
 L has pages locked into memory (for real-time and custom IO)
 s is a session leader
 l is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
 + is in the foreground process group

PROCESS FLAGS

The sum of these values is displayed in the "F" column, which is

provided by the flags output specifier:

 1 forked but didn't exec

4 used super-user privileges

https://www.computerhope.com/unix/ups.html

Linux PID, PPID, PGID

(Process Group Leader), SID
(Session Leader)
PID — Process Identifier
In Linux, kernel assigns a unique number to every process. This
unique number is called process identifier (process ID or PID).

PPID — Parent Process Identifier

This is a PID of the parent process. Child process started and work
within the space of there corresponding parent process. One
parent process can have multiple children processes.

After login to server via SSH, the first process ‘BASH SHELL
TERMINAL’ is started. And then, we run various other child
processes within the ‘BASH SHELL TERMINAL’.

PGID — Process Group Identifier (Process Group Leader)

Process status:----
1. Running process
2. Stop process
3. Sleeping process
4. Zombie process (linked process with another process)
5. R: running or runnable, it is just waiting for the CPU to process it
6. S: Interruptible sleep, waiting for an event to complete, such as input
from the terminal
7. D: Uninterruptible sleep, processes that cannot be killed or interrupted
with a signal, usually to make them go away you have to reboot or fix
the issue
8. Z: Zombie, we discussed in a previous lesson that zombies are
terminated processes that are waiting to have their statuses collected
9. T: Stopped, a process that has been suspended/stopped

Note:-- Fork (system call)

In computing, particularly in the context of the Unix operating system and
its workalikes, fork is an operation whereby a process creates a copy of itself. It is usually
a system call, implemented in the kernel. Fork is the primary (and historically, only) method
of process creation on Unix-like operating systems.
Status symbol:--

There are five types:

'D' = uninterruptible sleep (This process is also Sleeping, but unlike S

state, will not respond to delivered

signals. Used only under specific

conditions in which process interruption

may cause an unpredictable device state

'R' = running

'S' = sleeping (interruptible sleep) (The process is waiting for some

condition: a hardware request, system

resource access, or signal. When an

event or signal satisfies the condition,

the process returns to Running.

'T' = traced or stopped

'Z' = zombie

Having multiple processes for the same program is possible.

Types of Processes:--

 Foreground Processes: They run on the screen and need input from
the user. For example Office Programs
 Background Processes: They run in the background and usually do
not need user input. For example Antivirus.
Running a Foreground Process
To start a foreground process, you can either run it from the dashboard, or
you can run it from the terminal.

When using the Terminal, you will have to wait, until the foreground
process runs.

Running a Background process

If you start a foreground program/process from the terminal, then you
cannot work on the terminal, till the program is up and running.

Particular, data-intensive tasks take lots of processing power and may even
take hours to complete. You do not want your terminal to be held up for
such a long time.

To avoid such a situation, you can run the program and send it to the
background so that terminal remains available to you.

Kill job by job-id

[root@localhost ~]# jobs

[1]- Running sleep 2000 &
[2]+ Running sleep 400 &
[root@localhost ~]# kill %1
[1]- Terminated sleep 2000
Top:----
This utility tells the user about all the running processes on the Linux
machine. its displays processor activity in real time.

us: user cpu time (or) % CPU time spent in user space
sy: system cpu time (or) % CPU time spent in kernel space
ni: user nice cpu time (or) % CPU time spent on low priority
processes
id: idle cpu time (or) % CPU time spent idle
wa: io wait cpu time (or) % CPU time spent in wait (on disk)
hi: hardware irq (or) % CPU time spent servicing/handling hardware
interrupts
si: software irq (or) % CPU time spent servicing/handling software
interrupts
st: steal time - - % CPU time in involuntary wait by virtual cpu
while hypervisor is servicing another processor (or) % CPU time
stolen from a virtual machine
 Press 'q' on the keyboard to move out of the process display.

The terminology follows:

Field Description Example 1 Example 2

PID The process ID of each task 1525 961
User The username of task owner Home Root
PR Priority Can be 20(highest) or -20(lowest) 20 20
NI The nice value of a task 0 0
VIRT Virtual memory used (kb) 1775 75972
RES Physical memory used (kb) 100 51
SHR Shared memory used (kb) 28 7952
Hi Hardware interrupt
Si System interrupt

Status

There are five types:

'D' = uninterruptible sleep

S 'R' = running S R

'S' = sleeping

'T' = traced or stopped

'Z' = zombie
%CPU % of CPU time 1.7 1.0
%MEM Physical memory used 10 5.1
TIME+ Total CPU time 5:05.34 2:23.42
Comman
Command name Photoshop.exe Xorg
d

CPU’s utilization status meaning:---

Percentage of the CPU used by =3.0us
user processes
Percentage of the CPU used by =0.7sy
system process
Percentage of the CPU used by =0.0ni
setting
Percentage of the CPU in idle =96.3id
state
Percentage of the CPU waiting =0.0wa
for I/O
Percentage of the CPU used by =0.05hi
hardware interrupts

Commands Description
top –v Check the top command version
Top Display processes
Press 1 To see the number of CPU
top –u Display the processes for specific user only
username
Press shift+m Sort the process list by memory usage
Press shift+p Sort the process list by CPU
Shift +N Sort the list by process ID
Shift + T Sort by the running time
Shift +R Reverse the sorting order
Shift +A To devide process status
Press C Display the full command & path
Press I Hide the load average information from top row
Press m Hide the memory information
Press u Then type the username then see process for that
user
Press q For quit
Note :-- all press * shortcut key show output after “top” command

VIRT stands for the virtual size of a process, which is the sum of memory it is actually
using, memory it has mapped into itself (for instance the video card’s RAM for the X
server), files on disk that have been mapped into it (most notably shared libraries), and
memory shared with other processes. VIRT represents how much memory the program is
able to access at the present moment.
RES stands for the resident size, which is an accurate representation of how much actual
physical memory a process is consuming. (This also corresponds directly to the %MEM
column.) This will virtually always be less than the VIRT size, since most programs
depend on the C library.
SHR indicates how much of the VIRT size is actually sharable (memory or libraries). In the
case of libraries, it does not necessarily mean that the entire library is resident. For
example, if a program only uses a few functions in a library, the whole library is mapped
and will be counted in VIRT and SHR, but only the parts of the library file containing the
functions being used will actually be loaded in and be counted under RES.

Linux pgrep command

Many variants of Linux comes with the pgrep command to search/find process. The
syntax is:
vivek@nixcraft:~$ pgrep {process}
vivek@nixcraft:~$ sudo pgrep sshd
vivek@nixcraft:~$ pgrep vim
vivek@nixcraft:~$ pgrep firefox
vivek@nixcraft:~$ pgrep -l nginx

Terminating a Process
There might be times when you need to terminate an unwanted process. A process
might have got into an endless loop, or it might have hung. You can kill or stop any
process that you own. You can use the following two commands to terminate one or
more processes:
– kill
– pkill

The kill and pkill commands send signals to processes directing them to terminate. Each
signal has a number, name, and an associated event. Below are some of the most
commonly used signals with their functionalities.

Number Name Description

1 SIGHUP Reload Configuration File

2 SIGINT Interrupt by keyboard (ctrl+c)

 9 SIGKILL kill process

15 SIGTERM End process immediately. (Terminate a process in controlled manner so clean

18 SIGCONT Continue the process stopped with STOP

19 STOP Stop process

Note: However, there are processes that should not be terminated, such as
the init process. Killing such processes can result in a system crash. A superuser can
kill any process in the system.

Terminating a Process using kill Command

You can terminate any process by issuing the appropriate signal to the process
concerned. The kill command sends signal 15, the terminate signal, by default. This
signal causes the process to terminate in an orderly manner. The kill command sends a
termination signal to one or more processes. The syntax to use the kill command is as
follows :

# kill [-signal] PIDs

Note: The kill command terminates only those processes that you own. The root user
can use the kill command on any process.
You need to know the PID of the process before you can terminate it. You can use either
the ps or pgrep command to locate the PID of the process. Also, you can terminate
several processes at the same time by entering multiple PIDs on a single command line.
Lets see an example of kill command. We would kill the process ‘sleep 400’ as shown
below.

# ps -ef | grep sleep

root 1337 1218 0 07:33 pts/0 00:00:00 sleep 400
# kill -9 1337
# ps -ef | grep sleep
#
Terminating a Process using pkill or killall Command
Alternatively, you can use the pkill or killall command to send termination signal to
processes.

# pkill [-options] PIDs

or

# killall [-options] PIDs

The pkill/killall command requires you to specify the name instead of the PID of the
process. For example, use the pkill command to terminate the dtmail process.

# pkill dtmail
# pgrep -l mail
#

Forcefully Terminating a Process: Signal 9

Some processes ignore the default signal 15 that the kill command sends. If a process
does not respond to signal 15, you can force it to terminate by using signal 9 with the kill
or pkill command.

# kill -9 PID

or

# pkill -9 process_name
ot@localhost ~]# pkill -t pts/0 -U 0 ping

Note: Sending signal 15 does not necessarily kill a process gracefully. Only if the signal
is caught by the process, it cleans itself up in order and dies. If not, it just dies.
W command:---
NICE:----
Linux can run a lot of processes at a time, which can slow down the speed
of some high priority processes and result in poor performance. Nice
command is used for change a process priority at running process
condition.

Process priority:---
-20 ---- most favourable to the process
19 ---- least favourable to the process

How To Calculate PR or PRI Values

Total number of priorities = 140

Real time priority range(PR or PRI): 0 to 99

User space priority range: 100 to 139

Nice value range (NI): -20 to 19

PR = 20 + NI

PR = 20 + (-20 to + 19)
PR = 20 + -20 to 20 + 19

PR = 0 to 39 which is same as 100 to 139.

To avoid this, you can tell your machine to prioritize processes as per your
requirements.

This priority is called Niceness in Linux, and it has a value between -20 to
19. The lower the Niceness index, the higher would be a priority given to
that task.

Unprivileged users are only allowed to set a positive nice level (0 to 19).
Only root can set a negative nice level (-20 to -1).

The default Nice value of all the processes is 0.

To start a process with a niceness value other than the default value use
the following syntax

nice -n 'Nice value' process name

If there is some process already running on the system, then you can
'Renice' its value using syntax.

renice 'nice value' -p 'PID'

To change Niceness, you can use the 'top' command to determine the PID
(process id) and its Nice value. Later use the renice command to change
the value.

Let us understand this by an example.

The following example requests a list of all processes, with their pid, name, and nice level, sorted in
descending order by nice level:

[student@desktopX ~]$ ps axo pid,comm,nice --sort=-nice PID COMMAND NI

74 khugepaged

19 688 alsactl

19 1953 tracker-miner-f

19 73 ksmd

5 714 rtkit-daemon 1

DF
This utility reports the free disk space(Hard Disk) on all the file systems.

If you want the above information in a readable format, then use the
command

'df -h'
 Free
This command shows the free and used memory (RAM) on the Linux
system.

You can use the arguments

free -m to display output in MB

free -g to display output in GB

Summary:
 Any running program or a command given to a Linux system is called
a process
 A process could run in foreground or background
 The priority index of a process is called Nice in Linux. Its default
value is 0, and it can vary between 20 to -19
 The lower the Niceness index, the higher would be priority given to
that task

Command Description
Bg To send a process to the background
Fg To run a stopped process in the foreground
Top Details on all Active Processes
Ps Give the status of processes running for a user
ps PID Gives the status of a particular process
Pidof Gives the Process ID (PID) of a process
kill PID Kills a process
Nice Starts a process with a given priority
Renice Changes priority of an already running process
Command Description
Df Gives free hard disk space on your system
Free Gives free RAM on your system