What are Linux processes? In Linux systems, a process refers to a program that is already executing/ running. It is an instance of a running program. Every process has a process id (PID) associated with a user and a group account. This enables the kernel to uniquely identify each process. Several processes run at the same time in Linux, each having an illusion that it is the only one running and they share the resources of the host (RAM, CPU and Storage).
Process Management is quite crucial for System Admins and Cyber Security personnel. It is important to know what processes are running at any given time because of the following reasons:
- To be able to monitor resource utilization on the host. Some processes are resource-intensive and it is important not to overwhelm the host operating capacity.
- It enables one to detect undesired processes that may have resulted from hacking activities.
- One can stop, start or kill a process whenever need be.
Every good administrator should have at their finger tips the necessary commands to start, stop, list, identify or delete a process. In this guide, we are going to look at some of the commands used to manage processes in Linux.
Types of Linux Processes
Linux processes can be broadly classified into two as described below:
- Foreground processes: These are processes created by a user interactively in the terminal. They are not part of the system and therefore have not been started automatically.
- Background processes: These are processes started automatically as part of the system, not expecting any user input.
What is parent process and child process in Linux? Linux processes can further be classified as Parent process and child process. A running process can create another process which inherits the environment of the main process. The main process which creates other processes is called a parent process while a child process is a process created by the main process.
What is a daemon?
Daemon is a special type of Linux background processes that runs without any user input and is activated by an event. It can, however, be controlled by a user via init process. Almost all daemon processes end with a d. For example, httpd is a daemon process for http service.
Tools for process management in Linux
Linux offers several tools to enable System Admins to have control over Linux processes. Some of these tools have to be installed on the Linux system to be able to use them while other come with the operating system. Commonly used tools are top, htop, ps, monit, lsof and kill among others.
1. PS command
This is a command used to display running processes. When used without any argument, it displays processes for the current shell.
$ psOutput:
PID TTY TIME CMD
1585 pts/0 00:00:00 bash
1607 pts/0 00:00:00 psps -aux: displays all processes in BSD format.
$ ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 1.2 0.7 244780 13704 ? Ss 18:01 0:01 /usr/lib/systemd/systemd --switched-root --system --deserialize 18
root 2 0.0 0.0 0 0 ? S 18:01 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? I< 18:01 0:00 [rcu_gp]
root 4 0.0 0.0 0 0 ? I< 18:01 0:00 [rcu_par_gp]
root 5 0.0 0.0 0 0 ? I 18:01 0:00 [kworker/0:0-events]
root 6 0.0 0.0 0 0 ? I< 18:01 0:00 [kworker/0:0H-kblockd]
root 7 0.0 0.0 0 0 ? I 18:01 0:00 [kworker/u256:0-events_unbound]
root 8 0.0 0.0 0 0 ? I< 18:01 0:00 [mm_percpu_wq]
root 9 0.0 0.0 0 0 ? S 18:01 0:00 [ksoftirqd/0]
root 10 0.0 0.0 0 0 ? I 18:01 0:00 [rcu_sched]
root 11 0.0 0.0 0 0 ? S 18:01 0:00 [migration/0]
root 12 0.0 0.0 0 0 ? S 18:01 0:00 [watchdog/0]
root 13 0.0 0.0 0 0 ? S 18:01 0:00 [cpuhp/0]
root 14 0.0 0.0 0 0 ? S 18:01 0:00 [cpuhp/1]
root 15 0.0 0.0 0 0 ? S 18:01 0:00 [watchdog/1]
root 16 0.0 0.0 0 0 ? S 18:01 0:00 [migration/1]
root 17 0.0 0.0 0 0 ? S 18:01 0:00 [ksoftirqd/1]
root 18 0.0 0.0 0 0 ? I 18:01 0:00 [kworker/1:0-events]
root 19 0.0 0.0 0 0 ? I< 18:01 0:00 [kworker/1:0H-kblockd]
root 21 0.0 0.0 0 0 ? S 18:01 0:00 [kdevtmpfs]
root 22 0.0 0.0 0 0 ? I< 18:01 0:00 [netns]
root 23 0.0 0.0 0 0 ? S 18:01 0:00 [kauditd]
root 24 0.0 0.0 0 0 ? S 18:01 0:00 [xenbus]
root 25 0.0 0.0 0 0 ? S 18:01 0:00 [xenwatch]
root 26 0.0 0.0 0 0 ? I 18:01 0:00 [kworker/0:1-events_power_efficient]
root 27 0.0 0.0 0 0 ? I 18:01 0:00 [kworker/0:2-events]
root 28 0.0 0.0 0 0 ? S 18:01 0:00 [khungtaskd]
root 29 0.0 0.0 0 0 ? S 18:01 0:00 [oom_reaper]
root 30 0.0 0.0 0 0 ? I< 18:01 0:00 [writeback]
root 31 0.0 0.0 0 0 ? S 18:01 0:00 [kcompactd0]Use ps -aux | more to displays processes one screen at a time.
ps -eF: displays more formatting as shown.
$ ps -eF
UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
root 1 0 0 61195 13704 1 18:01 ? 00:00:01 /usr/lib/systemd/systemd --switched-root --system --deserialize 18
root 2 0 0 0 0 0 18:01 ? 00:00:00 [kthreadd]
root 3 2 0 0 0 0 18:01 ? 00:00:00 [rcu_gp]
root 4 2 0 0 0 0 18:01 ? 00:00:00 [rcu_par_gp]
root 6 2 0 0 0 0 18:01 ? 00:00:00 [kworker/0:0H-kblockd]
root 7 2 0 0 0 1 18:01 ? 00:00:00 [kworker/u256:0-events_unbound]
root 8 2 0 0 0 0 18:01 ? 00:00:00 [mm_percpu_wq]
root 9 2 0 0 0 0 18:01 ? 00:00:00 [ksoftirqd/0]
root 10 2 0 0 0 1 18:01 ? 00:00:00 [rcu_sched]
root 11 2 0 0 0 0 18:01 ? 00:00:00 [migration/0]
root 12 2 0 0 0 0 18:01 ? 00:00:00 [watchdog/0]
root 13 2 0 0 0 0 18:01 ? 00:00:00 [cpuhp/0]
root 14 2 0 0 0 1 18:01 ? 00:00:00 [cpuhp/1]
root 15 2 0 0 0 1 18:01 ? 00:00:00 [watchdog/1]
root 16 2 0 0 0 1 18:01 ? 00:00:00 [migration/1]
root 17 2 0 0 0 1 18:01 ? 00:00:00 [ksoftirqd/1]
root 19 2 0 0 0 1 18:01 ? 00:00:00 [kworker/1:0H-kblockd]
root 21 2 0 0 0 1 18:01 ? 00:00:00 [kdevtmpfs]
root 22 2 0 0 0 1 18:01 ? 00:00:00 [netns]
root 23 2 0 0 0 1 18:01 ? 00:00:00 [kauditd]
root 24 2 0 0 0 1 18:01 ? 00:00:00 [xenbus]
root 25 2 0 0 0 1 18:01 ? 00:00:00 [xenwatch]
root 26 2 0 0 0 0 18:01 ? 00:00:00 [kworker/0:1-events]
root 27 2 0 0 0 0 18:01 ? 00:00:00 [kworker/0:2-cgroup_destroy]
root 28 2 0 0 0 1 18:01 ? 00:00:00 [khungtaskd]
root 29 2 0 0 0 0 18:01 ? 00:00:00 [oom_reaper]
root 30 2 0 0 0 1 18:01 ? 00:00:00 [writeback]
root 31 2 0 0 0 0 18:01 ? 00:00:00 [kcompactd0]
root 32 2 0 0 0 1 18:01 ? 00:00:00 [ksmd]
root 33 2 0 0 0 0 18:01 ? 00:00:00 [khugepaged]2. TOP Command
Top command displays processes in real time. You can easily see real time resource utilization by processes such as RAM and CPU.
topOutput:
top - 18:19:42 up 18 min, 1 user, load average: 0.00, 0.01, 0.02
Tasks: 108 total, 1 running, 107 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 0.0 sy, 0.0 ni, 99.0 id, 0.0 wa, 0.3 hi, 0.3 si, 0.3 st
MiB Mem : 1792.8 total, 1128.6 free, 370.6 used, 293.6 buff/cache
MiB Swap: 2048.0 total, 2048.0 free, 0.0 used. 1264.4 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
535 root 20 0 0 0 0 I 0.3 0.0 0:01.14 kworker/1:4-events
848 rngd 20 0 160232 6480 5680 S 0.3 0.4 0:14.82 rngd
1 root 20 0 244780 13704 9200 S 0.0 0.7 0:02.01 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par_gp
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:0H-kblockd
7 root 20 0 0 0 0 I 0.0 0.0 0:00.02 kworker/u256:0-events_unbound
8 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_wq
9 root 20 0 0 0 0 S 0.0 0.0 0:00.01 ksoftirqd/0
10 root 20 0 0 0 0 I 0.0 0.0 0:00.55 rcu_sched
11 root rt 0 0 0 0 S 0.0 0.0 0:00.03 migration/0 htop: Offers interactive process viewer. You need to install to use it.
To install htop in Ubuntu, run the below command:
### Ubuntu / Debian ###
sudo apt update && sudo apt install htop
### CentOS / Fedora ###
sudo yum -y install htopInstall htop in CentOS:
sudo yum -y install htop 3. Sorting processes ‘top’ command
With top command you can sort processes to easily identify them using the below commands.
Use top -u <user> to display processes by a certain user. For example, display processes by root user, run the below command
top -u rootOutput:
top - 03:56:39 up 9:55, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 108 total, 2 running, 106 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 0.0 sy, 0.0 ni, 97.7 id, 0.0 wa, 0.3 hi, 0.5 si, 1.5 st
MiB Mem : 1792.8 total, 901.2 free, 385.0 used, 506.6 buff/cache
MiB Swap: 2048.0 total, 2048.0 free, 0.0 used. 1243.0 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 244780 13760 9200 S 0.0 0.7 0:03.39 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par_gp
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:0H-kblockd
7 root 20 0 0 0 0 I 0.0 0.0 0:00.03 kworker/u256:0-events_unbound
8 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_wq
9 root 20 0 0 0 0 S 0.0 0.0 0:00.19 ksoftirqd/0
10 root 20 0 0 0 0 I 0.0 0.0 0:17.59 rcu_sched
11 root rt 0 0 0 0 S 0.0 0.0 0:00.03 migration/0To sort by CPU utilization, press Shift + P.
top - 04:27:12 up 10:25, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 108 total, 1 running, 107 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 0.2 sy, 0.0 ni, 99.0 id, 0.0 wa, 0.2 hi, 0.3 si, 0.3 st
MiB Mem : 1792.8 total, 896.4 free, 389.3 used, 507.0 buff/cache
MiB Swap: 2048.0 total, 2048.0 free, 0.0 used. 1238.6 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1007 mysql 20 0 1752236 92888 20112 S 0.3 5.1 0:13.03 mysqld
1 root 20 0 244780 13760 9200 S 0.0 0.7 0:03.49 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par_gp
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:0H-kblockd
7 root 20 0 0 0 0 I 0.0 0.0 0:00.06 kworker/u256:0-events_unbound
8 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_wq To highlight processes on a running top command, press z. This helps to easily identify running processes by being displayed in colour red.
4. Kill command
It is used to send a signal to a process causing it to act according to the signal.
kill -l: displays all available signals.
kill -lOutput:
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1
11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM
16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP
21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR
31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3
38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12
53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7
58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2
63) SIGRTMAX-1 64) SIGRTMAXA signal can be sent to a process in three ways:
Using the signal number
- Kill -9 [PID]
With SIG prefix
- kill -SIGKILL [PID]
Without SIG prefix
- kill -KILL [PID]
To get process PID, you can run a command like ps -aux. Or if you know the name of the process, you can use a command like pidof
ps aux
pifof chromeOnce you get the process id , you can terminate it by running a command as shown:
kill -9 [pid]
kill -s KILL [PID]
kill -KILL [PID]killall command terminates all the processes matching the specified name when used without an argument. However, you can specify a different signal using the -s option.
killall [process name]
killall -s 9 [process name]
killall -KILL [process name]
killall -SIGKILL [process name]5. fg and bg command
- fg: puts a background job to foreground
- bg: puts a background job to foreground
Some usage:
%n : Refer to job number n.
%str : Refer to a job that was started by a command beginning with str.
%?str : Refer to a job that was started by a command containing str.
%-Â : Refer to the previous job.
Use jobs command to list jobs currently in the background
$ jobs
[1]+ Running sleep 100 &To move the job to the foreground run the command as shown below.
$ fg % 1
sleep 100To take back the job to the background, first press Control+Z which suspends the job and place it in the background. After that use bg to run it in the background
$ bg % 1
[1]+ sleep 100 &Confirm the jobs
$ jobs
[1]+ Running sleep 100 &I hope you have enjoyed our guide on how to Manage Linux Processes with ps, top, kill, killall, fg and bg. Below are more of our interesting Linux guides!.
- Managing Processes in Linux Systems
- Processing Text Streams Using Filters on Linux
- Managing Files and Directories on Linux Terminal
Recommended Linux Books to read:
