What are Linux processes? In Linux systems, a process refers to a program that is already executing/ running. It is an instance of a running program. Every process has a process id (PID) associated with a user and a group account. This enables the kernel to uniquely identify each process. Several processes run at the same time in Linux, each having an illusion that it is the only one running and they share the resources of the host (RAM, CPU and Storage)

Process Management is quite crucial for System Admins and Cyber Security personnel. It is important to know what processes are running at any given time because of the following reasons:

  • To be able to monitor resource utilization on the host. Some processes are resource-intensive and it is important not to overwhelm the host operating capacity.
  • It enables one to detect undesired processes that may have resulted from hacking activities.
  • One can stop, start or kill a process whenever need be.

Every good administrator should have at their finger tips the necessary commands to start, stop, list, identify or delete a process. In this guide, we are going to look at some of the commands used to manage processes in Linux.

Types of Linux Processes

Linux processes can be broadly classified into two as described below:

  • Foreground processes: These are processes created by a user interactively in the terminal. They are not part of the system and therefore have not been started automatically.
  • Background processes: These are processes started automatically as part of the system, not expecting any user input.

What is parent process and child process in Linux? Linux processes can further be classified as Parent process and child process. A running process can create another process which inherits the environment of the main process. The main process which creates other processes is called a parent process while a child process is a process created by the main process.

What is a daemon?

Daemon is a special type of Linux background processes that runs without any user input and is activated by an event. It can, however, be controlled by a user via init process. Almost all daemon processes end with a d. For example, httpd is a daemon process for http service.

Tools for process management in Linux

Linux offers several tools to enable System Admins to have control over Linux processes. Some of these tools have to be installed on the Linux system to be able to use them while other come with the operating system. Commonly used tools are top, htop, ps, monit, lsof and kill among others.

PS command

This is a command used to display running processes. When used without any argument, it displays processes for the current shell.

$ ps

Output

PID TTY          TIME CMD 
1585 pts/0    00:00:00 bash 
1607 pts/0    00:00:00 ps

ps -aux: displays all processes in BSD format

$ ps -aux
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND 
root           1  1.2  0.7 244780 13704 ?        Ss   18:01   0:01 /usr/lib/systemd/systemd --switched-root --system --deserialize 18 
root           2  0.0  0.0      0     0 ?        S    18:01   0:00 [kthreadd] 
root           3  0.0  0.0      0     0 ?        I<   18:01   0:00 [rcu_gp] 
root           4  0.0  0.0      0     0 ?        I<   18:01   0:00 [rcu_par_gp] 
root           5  0.0  0.0      0     0 ?        I    18:01   0:00 [kworker/0:0-events] 
root           6  0.0  0.0      0     0 ?        I<   18:01   0:00 [kworker/0:0H-kblockd] 
root           7  0.0  0.0      0     0 ?        I    18:01   0:00 [kworker/u256:0-events_unbound] 
root           8  0.0  0.0      0     0 ?        I<   18:01   0:00 [mm_percpu_wq] 
root           9  0.0  0.0      0     0 ?        S    18:01   0:00 [ksoftirqd/0] 
root          10  0.0  0.0      0     0 ?        I    18:01   0:00 [rcu_sched] 
root          11  0.0  0.0      0     0 ?        S    18:01   0:00 [migration/0] 
root          12  0.0  0.0      0     0 ?        S    18:01   0:00 [watchdog/0] 
root          13  0.0  0.0      0     0 ?        S    18:01   0:00 [cpuhp/0] 
root          14  0.0  0.0      0     0 ?        S    18:01   0:00 [cpuhp/1] 
root          15  0.0  0.0      0     0 ?        S    18:01   0:00 [watchdog/1] 
root          16  0.0  0.0      0     0 ?        S    18:01   0:00 [migration/1] 
root          17  0.0  0.0      0     0 ?        S    18:01   0:00 [ksoftirqd/1] 
root          18  0.0  0.0      0     0 ?        I    18:01   0:00 [kworker/1:0-events] 
root          19  0.0  0.0      0     0 ?        I<   18:01   0:00 [kworker/1:0H-kblockd] 
root          21  0.0  0.0      0     0 ?        S    18:01   0:00 [kdevtmpfs] 
root          22  0.0  0.0      0     0 ?        I<   18:01   0:00 [netns] 
root          23  0.0  0.0      0     0 ?        S    18:01   0:00 [kauditd] 
root          24  0.0  0.0      0     0 ?        S    18:01   0:00 [xenbus] 
root          25  0.0  0.0      0     0 ?        S    18:01   0:00 [xenwatch] 
root          26  0.0  0.0      0     0 ?        I    18:01   0:00 [kworker/0:1-events_power_efficient] 
root          27  0.0  0.0      0     0 ?        I    18:01   0:00 [kworker/0:2-events] 
root          28  0.0  0.0     0     0 ?        S    18:01   0:00 [khungtaskd] 
root          29  0.0  0.0      0     0 ?        S    18:01   0:00 [oom_reaper] 
root          30  0.0  0.0      0     0 ?        I<   18:01   0:00 [writeback] 
root          31  0.0  0.0      0     0 ?        S    18:01   0:00 [kcompactd0]

Use ps -aux | more to displays processes one screen at a time

ps -eF: displays more formatting as shown.

$ ps -eF
UID          PID    PPID  C    SZ   RSS PSR STIME TTY          TIME CMD 
root           1       0  0 61195 13704   1 18:01 ?        00:00:01 /usr/lib/systemd/systemd --switched-root --system --deserialize 18 
root           2       0  0     0     0   0 18:01 ?        00:00:00 [kthreadd] 
root           3       2  0     0     0   0 18:01 ?        00:00:00 [rcu_gp] 
root           4       2  0     0     0   0 18:01 ?        00:00:00 [rcu_par_gp] 
root           6       2  0     0     0   0 18:01 ?        00:00:00 [kworker/0:0H-kblockd] 
root           7       2  0     0     0   1 18:01 ?        00:00:00 [kworker/u256:0-events_unbound] 
root           8       2  0     0     0   0 18:01 ?        00:00:00 [mm_percpu_wq] 
root           9       2  0     0     0   0 18:01 ?        00:00:00 [ksoftirqd/0] 
root          10       2  0     0     0   1 18:01 ?        00:00:00 [rcu_sched] 
root          11       2  0     0     0   0 18:01 ?        00:00:00 [migration/0] 
root          12       2  0     0     0   0 18:01 ?        00:00:00 [watchdog/0] 
root          13       2  0     0     0   0 18:01 ?        00:00:00 [cpuhp/0] 
root          14       2  0     0     0   1 18:01 ?        00:00:00 [cpuhp/1] 
root          15       2  0     0     0   1 18:01 ?        00:00:00 [watchdog/1] 
root          16       2  0     0     0   1 18:01 ?        00:00:00 [migration/1] 
root          17       2  0     0     0   1 18:01 ?        00:00:00 [ksoftirqd/1] 
root          19       2  0     0     0   1 18:01 ?        00:00:00 [kworker/1:0H-kblockd] 
root          21       2  0     0     0   1 18:01 ?        00:00:00 [kdevtmpfs] 
root          22       2  0     0     0   1 18:01 ?        00:00:00 [netns] 
root          23       2  0     0     0   1 18:01 ?        00:00:00 [kauditd] 
root          24       2  0     0     0   1 18:01 ?        00:00:00 [xenbus] 
root          25       2  0     0     0   1 18:01 ?        00:00:00 [xenwatch] 
root          26       2  0     0     0   0 18:01 ?        00:00:00 [kworker/0:1-events] 
root          27       2  0     0     0   0 18:01 ?        00:00:00 [kworker/0:2-cgroup_destroy] 
root          28       2  0     0     0   1 18:01 ?        00:00:00 [khungtaskd] 
root          29       2  0     0     0   0 18:01 ?        00:00:00 [oom_reaper] 
root          30       2  0     0     0   1 18:01 ?        00:00:00 [writeback] 
root          31       2  0     0     0   0 18:01 ?        00:00:00 [kcompactd0] 
root          32       2  0     0     0   1 18:01 ?        00:00:00 [ksmd] 
root          33       2  0     0     0   0 18:01 ?        00:00:00 [khugepaged]

TOP Command

Top command displays processes in real time. You can easily see real time resource utilization by processes such as RAM and CPU.

$ top

Output

top - 18:19:42 up 18 min,  1 user,  load average: 0.00, 0.01, 0.02 
Tasks: 108 total,   1 running, 107 sleeping,   0 stopped,   0 zombie 
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni, 99.0 id,  0.0 wa,  0.3 hi,  0.3 si,  0.3 st 
MiB Mem :   1792.8 total,   1128.6 free,    370.6 used,    293.6 buff/cache 
MiB Swap:   2048.0 total,   2048.0 free,      0.0 used.   1264.4 avail Mem  

   PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND                                                                                                                                                                                                  
   535 root      20   0       0      0      0 I   0.3   0.0   0:01.14 kworker/1:4-events                                                                                                                                                                                       
   848 rngd      20   0  160232   6480   5680 S   0.3   0.4   0:14.82 rngd                                                                                                                                                                                                     
     1 root      20   0  244780  13704   9200 S   0.0   0.7   0:02.01 systemd                                                                                                                                                                                                  
     2 root      20   0       0      0      0 S   0.0   0.0   0:00.00 kthreadd                                                                                                                                                                                                 
     3 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 rcu_gp                                                                                                                                                                                                   
     4 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 rcu_par_gp                                                                                                                                                                                               
     6 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 kworker/0:0H-kblockd                                                                                                                                                                                     
     7 root      20   0       0      0      0 I   0.0   0.0   0:00.02 kworker/u256:0-events_unbound                                                                                                                                                                            
     8 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 mm_percpu_wq                                                                                                                                                                                             
     9 root      20   0       0      0      0 S   0.0   0.0   0:00.01 ksoftirqd/0                                                                                                                                                                                              
    10 root      20   0       0      0      0 I   0.0   0.0   0:00.55 rcu_sched                                                                                                                                                                                                
    11 root      rt   0       0      0      0 S   0.0   0.0   0:00.03 migration/0                                                                                                                                                                                              

htop: Offers interactive process viewer. You need to install to use it. The output of htop command is as shown below.

To install htop in Ubuntu, rum the below command:

--- Ubuntu / Debian ---
$ sudo apt-get install htop

--- CentOS / Fedora ---
$ sudo yum -y install htop

Install htop in CentOS

sudo yum -y install htop 

Sorting processes ‘top’ command

With top command you can sort processes to easily identify them using the below commands.

Use top -u <user> to display processes by a certain user. For example, display processes by root user, run the below command

$ top -u root

Output

top - 03:56:39 up  9:55,  1 user,  load average: 0.00, 0.00, 0.00 
Tasks: 108 total,   2 running, 106 sleeping,   0 stopped,   0 zombie 
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni, 97.7 id,  0.0 wa,  0.3 hi,  0.5 si,  1.5 st 
MiB Mem :   1792.8 total,    901.2 free,    385.0 used,    506.6 buff/cache 
MiB Swap:   2048.0 total,   2048.0 free,      0.0 used.   1243.0 avail Mem  

   PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND                                                                                                                                                                                                  
     1 root      20   0  244780  13760   9200 S   0.0   0.7   0:03.39 systemd                                                                                                                                                                                                  
     2 root      20   0       0      0      0 S   0.0   0.0   0:00.01 kthreadd                                                                                                                                                                                                 
     3 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 rcu_gp                                                                                                                                                                                                   
     4 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 rcu_par_gp                                                                                                                                                                                               
     6 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 kworker/0:0H-kblockd                                                                                                                                                                                     
     7 root      20   0       0      0      0 I   0.0   0.0   0:00.03 kworker/u256:0-events_unbound                                                                                                                                                                            
     8 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 mm_percpu_wq                                                                                                                                                                                             
     9 root      20   0       0      0      0 S   0.0   0.0   0:00.19 ksoftirqd/0                                                                                                                                                                                              
    10 root      20   0       0      0      0 I   0.0   0.0   0:17.59 rcu_sched                                                                                                                                                                                                
    11 root      rt   0       0      0      0 S   0.0   0.0   0:00.03 migration/0

To sort by CPU utilization, press Shift + P

top - 04:27:12 up 10:25,  1 user,  load average: 0.00, 0.00, 0.00 
Tasks: 108 total,   1 running, 107 sleeping,   0 stopped,   0 zombie 
%Cpu(s):  0.0 us,  0.2 sy,  0.0 ni, 99.0 id,  0.0 wa,  0.2 hi,  0.3 si,  0.3 st 
MiB Mem :   1792.8 total,    896.4 free,    389.3 used,    507.0 buff/cache 
MiB Swap:   2048.0 total,   2048.0 free,      0.0 used.   1238.6 avail Mem  

   PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND                                                                                                                                                                                                  
  1007 mysql     20   0 1752236  92888  20112 S   0.3   5.1   0:13.03 mysqld                                                                                                                                                                                                   
     1 root      20   0  244780  13760   9200 S   0.0   0.7   0:03.49 systemd                                                                                                                                                                                                  
     2 root      20   0       0      0      0 S   0.0   0.0   0:00.01 kthreadd                                                                                                                                                                                                 
     3 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 rcu_gp                                                                                                                                                                                                   
     4 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 rcu_par_gp                                                                                                                                                                                               
     6 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 kworker/0:0H-kblockd                                                                                                                                                                                     
     7 root      20   0       0      0      0 I   0.0   0.0   0:00.06 kworker/u256:0-events_unbound                                                                                                                                                                            
     8 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 mm_percpu_wq                                                                                                                                                                                             

To highlight processes on a running top command, press z. This helps to easily identify running processes by being displayed in colour red.

Kill command

It is used to send a signal to a process causing it to act according to the signal.

kill -l: displays all available signals.

$ kill -l

Output

1) SIGHUP       2) SIGINT       3) SIGQUIT      4) SIGILL       5) SIGTRAP 
6) SIGABRT      7) SIGBUS       8) SIGFPE       9) SIGKILL     10) SIGUSR1 
11) SIGSEGV     12) SIGUSR2     13) SIGPIPE     14) SIGALRM     15) SIGTERM 
16) SIGSTKFLT   17) SIGCHLD     18) SIGCONT     19) SIGSTOP     20) SIGTSTP 
21) SIGTTIN     22) SIGTTOU     23) SIGURG      24) SIGXCPU     25) SIGXFSZ 
26) SIGVTALRM   27) SIGPROF     28) SIGWINCH    29) SIGIO       30) SIGPWR 
31) SIGSYS      34) SIGRTMIN    35) SIGRTMIN+1  36) SIGRTMIN+2  37) SIGRTMIN+3 
38) SIGRTMIN+4  39) SIGRTMIN+5  40) SIGRTMIN+6  41) SIGRTMIN+7  42) SIGRTMIN+8 
43) SIGRTMIN+9  44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13 
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 
53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9  56) SIGRTMAX-8  57) SIGRTMAX-7 
58) SIGRTMAX-6  59) SIGRTMAX-5  60) SIGRTMAX-4  61) SIGRTMAX-3  62) SIGRTMAX-2 
63) SIGRTMAX-1  64) SIGRTMAX

A signal can be sent to a process in three ways:

Using the signal number

  • Kill -9 [PID]

With SIG prefix

  • kill -SIGKILL [PID]

Without SIG prefix

  • kill -KILL [PID]

To get process PID, you can run a command like ps -aux. Or if you know the name of the process, you can use a command like pidof

$ ps aux
$ pifof chrome

Once you get the process id , you can terminate it by running a command as shown:

kill -9 [pid]
kill -s KILL [PID]
kill -KILL [PID]

killall command terminates all the processes matching the specified name when used without an argument. However, you can specify a different signal using the -s option.

killall [process name]
killall -s 9 [process name]
killall -KILL [process name]
killall -SIGKILL [process name]

fg and bg command

  • fg: puts a background job to foreground
  • bg: puts a background job to foreground

Some usage:

%n : Refer to job number n.
%str : Refer to a job which was started by a command beginning with str.
%?str : Refer to a job which was started by a command containing str
.
%- : Refer to the previous job.

Use jobs command to list jobs currently in the background

$ jobs
[1]+  Running                 sleep 100 &

To move the job to the foreground run the command as shown below.

$ fg % 1
sleep 100

To take back the job to the background, first press Control+Z which suspends the job and place it in the background. After that use bg to run it in the background

$ bg % 1
[1]+ sleep 100 &

Confirm the jobs

$ jobs
[1]+  Running                 sleep 100 &

I hope you have enjoyed our guide on how to Manage Linux Processes with ps, top, kill, killall, fg and bg. Below are more of our interesting Linux guides!.

Linux Learning courses.

$15.21
$152.06
in stock
Udemy.com
$15.21
$152.06
in stock
Udemy.com
(12304)
$15.21
$152.06
in stock
Udemy.com
$15.21
$152.06
in stock
Udemy.com
$17.55
$175.46
in stock
Udemy.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

five × 3 =