103.5. Create, monitor and kill processes
Weight: 4
Description: Candidates should be able to perform basic process management.
Key Knowledge Areas:
Run jobs in the foreground and background
Signal a program to continue running after logout
Monitor active processes
Select and sort processes for display
Send signals to processes
Terms and Utilities:
&
bg
fg
jobs
kill
nohup
ps
top
free
uptime
pgrep
pkill
killall
screen
In this section we are talking about jobs and processes. What you should know is that, what exactly is a job?
If you run a command from the shell, that is job.
A job might be executed and exit immediately and runs for a short time only but some jobs run for a long time.
that goes to sleep for 3600 seconds, that is an hour! So you can wait for an hour (considering that you can not use your terminal) or you can run a job in background.
Foreground and Background jobs (&)
A job is a process that the shell manages. Each job is assigned a sequential job ID. Because a job is a process, each job has an associated PID. There are two types of job statuses:
1. Foreground: When we enter a command in a terminal window, the command occupies that terminal window until it completes. This is a foreground job. 2. Background: When we enter an ampersand (&) symbol at the end of a command line, the command runs without occupying the terminal window. The shell prompt is displayed immediately after you press Return. This is an example of a background job.
By default you get notified about terminated jobs when you hit enter ,Try set -b to get notified immediately.
Job Control Commands
Job control commands enable us to place jobs in the foreground or background, and to start or stop jobs. The table describes the job control commands.
Command | Description |
jobs | Lists all jobs |
bg %n | Places the current or specified job in the background, where n is the job ID |
fg %n | Brings the current or specified job into the foreground, where n is the job ID |
Control-Z | Stops the foreground job and places it in the background as a stopped job |
Control-C | Ctrl+C kills the process |
if no job id is mentioned bg and fg consider the most recent job
jobs
bg
we cloud use fg %3
command and it would have the same result.
fg
We brought a job to foreground and use Ctrl + C to kill that job.
we can disable and enable shell job control feature with
set +m and set -m
commands.
jobs normally stick to the shell running it, so they are killed when we close the terminal or log out. Some times we need to make sure that the running job is not attached to the running shell.This is where nohup and disown come to play.
huponexit
jobs are killed only if the huponexit
option is set!
runshopt huponexit
to see if this is true.
If
huponexit
is false, which is the default on at least some linuxes these days, then backgrounded jobs will not be killed on normal logout!If
huponexit
is true, then we can usenohup
ordisown
to dissociate the process from the shell so it does not get killed when you exit. Or, run things withscreen
.
use shopt -s huponexit
and shopt -u huponexit
in order to set and unset it.
Signal a program to continue running after logout
nohup
Nohup
stands for no hangup, and that means even if the parent shell is diconnected the job just will continue, The output of the nohup command will write in nohup.out the file if any redirecting filename is not mentioned in nohup command.
Using nohup with commands:
Now even if we close the terminal and open it again ping is still running.
Please notice that we can not use
fg
,bg
commands on that particular job anymore.
When we run nohup command without ‘&’ then it returns to shell command prompt immediately after running that particular command in the background.
We useually use nohup with output redirection
nohup bash script.sh > myresult.txt 2>&1
disown
We can also use disown command, it is used after the a process has been launched and put in the background, it’s work is to remove a shell job from the shell’s active list jobs, therefore we can not use fg, bg commands on that particular job anymore but that process keeps running even after closing current shell.
disown -h %1 lets us to have normal job control mechanisms to continue controlling the process until closing the terminal.
Option | Description |
-a | Delete all jobs if jobID is not supplied. |
-r | Delete only running jobs. |
There is a problem with nohup and disown commands. There is no way to bring back that job to forground and work interactivly with that. So we need a different solution, screen.
screen
screen command in Linux provides the ability to launch and use multiple shell sessions from a single ssh session.
When a process is started with ‘screen’, the process can be detached from session and then can reattach the session at a later time. When the session is detached, the process that was originally started from the screen is still running and managed by the screen itself. The process can then re-attach the session at a later time, and the terminals are still there, the way it was left. (you might need to install it)
Start screen for the first time
simple use screen command :
use screen -s Session_Name
to start a named session.now lets run a command inside screen:
Inorder to create a new screen inside the current screen (nested screen) use just press Ctrl-a +c
Detach the screen
One of the advantages of screen that is you can detach it. Then, you can restore it without losing anything you have done on the screen. use Ctrl-a + d to detach:
-d is also used to detach a screen session so that it can be reattached in future.
List screens
screen -ls is used to display the currently opened screens including those running in the background:
Reattach to a screen
-r It is used to reattach a screen session which was detached in past:
We usually use
screen -dr <Screen-ID>
command.This means detach the specified screen first and then reattach it.
Switching between screens
When we do nested screen, you can switch between screen using command Ctrl-a +n. It will be move to the next screen. When need to go to the previous screen, just press Ctrl-a +p.
Terminate screen session
Use “Ctrl-A” and “K” to kill the screen.
Monitor active processes
What is process?
A program is a series of instructions that tell the computer what to do. When we run a program, those instructions are copied into memory and space is allocated for variables and other stuff required to manage its execution. This running instance of a program is called a process and it's processes which we manage
Each process got a PID. PID stands for process identifier and it is is a unique number that identifies each of the running processes in an operating system
processes can further be categorized into:
Parent processes – these are processes that create other processes during run-time.
Child processes – these processes are created by other processes during run-time.
therefore PPID stands for Parent Process ID. notes:
note1:Used up pid’s can be used in again for a newer process since all the possible combinations are used.
note2:At any point of time, no two processes with the same pid exist in the system because it is the pid that Unix uses to track each process.
If we use the
jobs
command with the-l
option, it will also show process ID.
ps
ps (Process status) can be used to see/list all the running processes and their PIDs along with some other information depends on different options.
ps reads the process information from the virtual files in /proc file-system. In it's simplest form, when used without any option, ps
will print four columns of information for minimum two processes running in the current shell, the shell itself, and the processes that run in the shell when the command was invoked.
Where, PID – the unique process ID TTY – terminal type that the user is logged into TIME – amount of CPU in minutes and seconds that the process has been running CMD – name of the command that launched the process.
Note – Sometimes when we execute ps command, it shows TIME as 00:00:00. It is nothing but the total accumulated CPU utilization time for any process and 00:00:00 indicates no CPU time has been given by the kernel till now. In above example we found that, for bash no CPU time has been given. This is because bash is just a parent process for different processes which needs bash for their execution and bash itself is not utilizing any CPU time till now.
Usually when we use the command ps we add parameters like -a
, -u
and -x
. While
a
= show processes for all usersu
= display the process’s user/ownerx
= also show processes not attached to a terminal
where column are :
USER – Specifies the user who executed the program.
PID: Process ID, shows the process identification number.
CPU%: The processor % used by the process.
MEME%: The memory % used by the process.
VSZ: The virtual size in kbytes.
RSS: In contrast with the virtual size, this shows the real memory used by the process.
TTY: Identifies the terminal from which the process was executed.
STATE: Shows information on the process’ state just as it’s priority, by running “man ps” you can see codes meaning.
START: Show when the process has started.
TIME: Shows the processor’s time occupied by the program.
C0MMAND: Shows the command used to launch the process.
We can also use ps -ef instead of ps aux . There are no differences in the output because the meanings are the same. The difference between ps -ef and ps aux is due to historical divergences between POSIX and BSD systems. At the beginning, POSIX accepted the -ef while the BSD accepted only the aux form. Both list all processes of all users. In that aspect
-e
andax
are completely equivalent.
Options for ps command | Description |
ps -T | View Processes associated with a terminal |
ps -x | View all processes owned by you |
ps -o column_name | view process according to user-defined format |
It is also possible to use --sort option to sort output based on different fields (+ for ascending & - for descending). ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head -10
. With-o
or –format
options, ps allows us to build user-defined output formats.
Process selection commands | Description |
ps -C command_name | Select the process by the command name. |
ps p process_id | View process by process ID. |
ps -u user_name/ID | Select by user name or ID |
ps -g group_name , ps -G group_id | Select by group name or ID |
ps -t pst/0 | Display Processes by TTY |
We already know about the grep command in Linux, which searches for a pattern, and then prints the matching text in the output. What if the requirement is to apply this kind of processing to fetch select information about processes currently running in the system?
pgrep
the pgrep
command searches for processes currently running on the system, based on a complete or partial process name, or other specified attributes.
Always use ps -ef command to make sure about process_name. There is different between process_name and the running program(like bash). compare pgrep -a and pgrep -af.
pgrep options:
Real Time process monitoring ?
Be creative and use combination of other commands like 'watch'. We can use 'watch' in conjunction with ps command to perform Real-time Process Monitoring :
watch -n 1 'ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head'
But there is another tool for that, top.
top
top command is used to show the Linux processes. It provides a dynamic real-time view of the running system. Usually, this command shows the summary information of the system and the list of processes or threads which are currently managed by the Linux Kernel.
Top output keep refreshing until you press ‘q‘.
Where,
PID: Shows task’s unique process id
USER: User name of owner of task.
PR: Stands for priority of the task.
NI: Represents a Nice Value of task. A Negative nice value implies higher priority, and positive Nice value means lower priority.
VIRT: Total virtual memory used by the task.
RES:It is the Resident size, the non-swapped physical memory a task has used.
SHR: Represents the amount of shared memory used by a task.
%CPU: Represents the CPU usage.
%MEM: Shows the Memory usage of task.
TIME+: CPU Time, the same as ‘TIME’, but reflecting more granularity through hundredths of a second.
COMMAND:Shows the command used to launch the process.
top command option | description |
top -n 10 | Exit Top Command After Specific repetition |
top -u user1 | Display Specific User Process |
Top -d seconds.tenths | It tells delay time between screen updates |
top -h | Shows top command syntax |
Running top command hot keys | Description |
pressing ‘d‘ | change screen refresh interval (default 3.0 sec) |
Pressing ‘z‘ | display running process in color |
Pressing ‘c‘ | display absolute path of running program |
pressing ‘k‘ | kill a process after finding PID of process(without exiting) |
Pressing 'M' | sort based on memory usage |
Shift+P | Sort by CPU Utilisation |
Press ‘h‘ | Getting top command help |
Manage processes
To manage processes in a linux machine we can send signals signals to the process.Many Signals are defined in the linux kernels. (try man 7 signal
)
Signal Name | Signal Number | Description |
SIGHUP | 1 | Hang up detected on controlling terminal or death of controlling process |
SIGINT | 2 | Issued if the user sends an interrupt signal (Ctrl + C) |
SIGQUIT | 3 | Issued if the user sends a quit signal (Ctrl + D) |
SIGKILL | 9 | If a process gets this signal it must quit immediately and will not perform any clean-up operations |
SIGTERM | 15 | Software termination signal (sent by kill by default) |
SIGCOUNT | 18 | Continue the process stopped with STOP |
STOP | 19 | Stop process |
to send signals to processes there are some commands:
kill
kill
command in Linux (located in /bin/kill), is a built-in command which is used to terminate processes manually . kill command sends a signal to a process which terminates the process.
please notice that:
A user can kill all his process.
A user can not kill another user’s process.
A user can not kill processes System is using.
A root user can kill System-level-process and the process of any user.
note: If the user doesn’t specify any signal which is to be sent along with kill command then default TERM signal is sent that terminates the process.
use kill -l
to see all signals you can send using kill.
There are two commands used to kill a process:
kill – Kill a process by ID
killall,pkill – Kill a process by name
killing a proccess by name could be realy dangerous, Before sending signal, verify which process is matching the criteria using “pgrep -l”.
killall
killall
is a tool for terminating running processes on your system based on name. In contrast, kill
terminates processes based on Process ID number (PID). Like kill
, killall
can also send specific system signals to processes.
note1:the whole process_name should be defined ( ex : sleep not sle or slee).
note2: If no signal name is specified, SIGTERM is sent.
killall command example | Description |
killall -l | all signals the killall command can send |
killall -q process_name | prevent killall from complaining if specified process doesn't exist |
killall -u [user-name] | kill all processes owned by a user |
killall -o 5h | kill all processes that have now been running for more than 5 hour |
killall -y 4h | kill all precesses that less than 4 hours old |
killall -w [process-name] | causes |
pkill
The PKill command allows you to kill a program simply by specifying the name.
note: We don't have to define whole process_name. So it could be really dangerous!
example:
pkill command example | Description |
pkill -c [process_name] | return a count of the number of processes killed |
pkill -U [real_user_ID] | kill all the processes for a particular user |
pkill -G [real_group_ID] | kill all the programs in a particular group |
free
free
command displays the total amount of free space available along with the amount of memory used and swap memory in the system, and also the buffers used by the kernel.
As free displays the details of the memory related to the system , its syntax doesn’t need any arguments to be passed but it has some options!
free command with no options produces the columnar output as shown above where column:
total : displays the total installed memory (MemTotal and SwapTotal i.e present in /proc/meminfo).
used : displays the used memory.
free : displays the unused memory.
shared : displays the memory used by tmpfs(Shmen i.epresent in /proc/meminfo and displays zero in case not available).
buffers : displays the memory used by kernel buffers.
cached : displays the memory used by the page cache and slabs(Cached and Slab available in /proc/meminfo).
buffers/cache : displays the sum of buffers and cache.
By default the display is in kilobytes, but you can override this using -b
for bytes, -k
for kilobytes, -m
for megabytes, or -g
for gigabytes.
-t
displays an additional line containing the total of the total, used and free columns:
Other free command options:
uptime
The uptime
command shows you a one-line display that includes the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.
Lets try uptime -h
to see all of uptime
availbale options:
examples:
.
.
.
Processes deep dive ( Beyond the scope of LPIC1)
Types of Processes
Parent and Child process : The 2nd and 3rd column of the ps –f command shows process id and parent’s process id number. For each user process there’s a parent process in the system, with most of the commands having shell as their parent.
Zombie and Orphan process : After completing its execution a child process is terminated or killed and SIGCHLD updates the parent process about the termination and thus can continue the task assigned to it. But at times when the parent process is killed before the termination of the child process, the child processes becomes orphan processes, with the parent of all processes “init” process, becomes their new ppid. A process which is killed but still shows its entry in the process status or the process table is called a zombie process, they are dead and are not used.
Daemon process : They are system-related background processes that often run with the permissions of root and services requests from other processes, they most of the time run in the background and wait for processes it can work along with for ex print daemon. When ps –ef is executed, the process with ? in the tty field are daemon processes
States of a Process in Linux
Running – here it’s either running (it is the current process in the system) or it’s ready to run (it’s waiting to be assigned to one of the CPUs). use ps -r command.
Waiting – in this state, a process is waiting for an event to occur or for a system resource. Additionally, the kernel also differentiates between two types of waiting processes; interruptible waiting processes – can be interrupted by signals and uninterruptible waiting processes – are waiting directly on hardware conditions and cannot be interrupted by any event/signal.
Stopped – in this state, a process has been stopped, usually by receiving a signal. For instance, a process that is being debugged.
Zombie – here, a process is dead, it has been halted but it’s still has an entry in the process table.
Processes state codes in ps aux or ps -ef command:
R
running or runnable (on run queue)D
uninterruptible sleep (usually IO)S
interruptible sleep (waiting for an event to complete)Z
defunct/zombie, terminated but not reaped by its parentT
stopped, either by a job control signal or because it is being traced
Some extra modifiers:
<
high-priority (not nice to other users)N
low-priority (nice to other users)L
has pages locked into memory (for real-time and custom IO)s
is a session leaderl
is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)+
is in the foreground process group
.
https://www.thegeekdiary.com/understanding-the-job-control-commands-in-linux-bg-fg-and-ctrlz/
https://linuxhint.com/nohup_command_linux/
https://www.tecmint.com/run-linux-command-process-in-background-detach-process/
https://www.geeksforgeeks.org/screen-command-in-linux-with-examples/
https://www.tecmint.com/screen-command-examples-to-manage-linux-terminals/
https://linoxide.com/linux-command/15-examples-screen-command-linux-terminal/
https://ryanstutorials.net/linuxtutorial/processes.php
https://www.cyberciti.biz/faq/unix-linux-disown-command-examples-usage-syntax/
https://linuxize.com/post/ps-command-in-linux/
https://www.computerhope.com/jargon/p/pid.htm
https://www.tecmint.com/linux-process-management/
https://www.geeksforgeeks.org/processes-in-linuxunix/
https://www.geeksforgeeks.org/ps-command-in-linux-with-examples/
https://linuxhint.com/ps_command_linux-2/
https://www.quora.com/What-is-the-difference-between-ps-elf-and-ps-aux-in-Linux
https://www.geeksforgeeks.org/top-command-in-linux-with-examples/
https://www.tecmint.com/12-top-command-examples-in-linux/
https://www.tutorialspoint.com/unix/unix-signals-traps.htm
https://www.geeksforgeeks.org/kill-command-in-linux-with-examples/
https://www.linux.com/tutorials/how-kill-process-command-line/
https://www.linode.com/docs/tools-reference/tools/use-killall-and-kill-to-stop-processes-on-linux/
https://www.geeksforgeeks.org/free-command-linux-examples/
https://www.geeksforgeeks.org/linux-uptime-command-with-examples/
https://linuxhint.com/load_average_linux/
.
Last updated