Linux process administration

Linux

At any given time, your Linux system is constantly running several processes. These processes run concurrently and are simultaneously executed by the CPU. They also don’t interfere with each other; for example, if one process crashes or ends abnormally, it won’t affect any other process in the system. Some processes can spawn other processes, which are called child processes. If you stop a child process, the parent process will continue. However, if you stop the parent process, each child process is also stopped. A process uses several system resources when running, including the following:

– CPU: Runs the instructions for the process.
– Memory: Holds the process and any data that it is using.
– File Systems: Allows access to required physical files, and also allocates temporary storage for processing.
– Physical Devices: Allows processes to access physical devices, such as monitors, hard drives, and printers.

The system tracks each process for its usage of these resources, and allocates these resources as needed to the process that needs them the most. Some processes are given priority over others, while the other processes must “wait their turn” to use the CPU.

A process can be in one of the following states:
– Running: The process is currently assigned to a CPU and running.
– Ready: The process is waiting to be assigned to a CPU.
– Waiting: The process is waiting for a particular resource to become available.
– Zombie: The process has stopped but is still consuming resources; also often referred to as a “dead” process.
– Stopped: The process is in a stopped state.

The CPU uses a special identification number called a PID, or Process ID, which tracks each process. This number allows the administrator to more easily differentiate between processes while managing the system. The PID can also be used in conjunction with several commands to change the state of a process.

Linux Core services and non-critical services

Several core processes are integral to the Linux system because they run critical programs that the Linux kernel needs in order to function properly. These processes are run at boot time, and are usually referred to as “daemons.”

Init

The most important service in a Linux system is provided by init. Init starts when the system boots, and continues the boot process by performing various startup jobs, such as checking and mounting file systems, and starting services and daemons. When the system is shut down, the init process stops all other processes, unmounts the file systems, and halts the system.

All processes are spawned from init. Many Linux startup services and daemons are spawned from the init process. The command pstree gives you a list of all the processes in a “tree” format, so you can easily discern the parent and child processes.

This is the sample output from the pstree command:

init-+-apmd
|-atd
|-crond
|-gpm
|-identd---identd---3*[identd]
|-inetd
|-kflushd
|-klogd
|-kpiod
|-kswapd
|-kupdate
|-lockd---rpciod
|-login---bash---pstree
|-lpd
|-mdrecoveryd
|-5*[mingetty]
|-portmap
|-pump
|-rpc.statd
|-sendmail
|-syslogd
‘-xfs

Getty

The getty process provides logins from terminals. The init program starts a separate instance of getty for each terminal on which logins are allowed. When the user types his or her name and password, the getty process begins the login program to authenticate the user.

Syslog

The syslog process allows the kernel and many other system programs to produce warnings, errors, and other messages. Syslog is configured to write these events to a file where the administrator can retrieve them at a later date.

Cron

The cron program schedules system tasks and other periodic maintenance programs. The cron program reads a configuration file, and then executes various programs and services at specified times.

Non-critical processes

Processes that are not part of the Linux system are considered non-critical, and are usually programs and applications, such as Web servers and FTP servers. Stopping and starting these processes won’t affect the core functionality of the system.

When killing processes, be sure that you are not terminating a special core process, because you may cause your system to crash.

Process administration

The administrator can use several different commands to manage processes.

The ps command lists currently running processes. With the ps command, you can check the status of all running processes. You can also customize the way you view the list by using special arguments.

Using the ps command without any arguments only shows the running processes of the current user.

PID TTY TIME CMD
637 tty1 00:00:00 bash
913 tty1 00:00:00 ps

This example shows the user bash shell running, and the ps command that was just run. The PID shows the process identification number for that process. The TTY column defines which terminal the process was run from. The time lists how long the process has been active.

To see all running processes, use the ps -e command. If you are running as root, the ps command shows all running processes by default. The output looks something like this:

PID TTY TIME CMD
1 ? 00:00:07 init
2 ? 00:00:00 kflushd
3 ? 00:00:00 kupdate
4 ? 00:00:00 kpiod
5 ? 00:00:00 kswapd
6 ? 00:00:00 mdrecoveryd
287 ? 00:00:00 pump
301 ? 00:00:00 portmap
316 ? 00:00:00 lockd
317 ? 00:00:00 rpciod
326 ? 00:00:00 rpc.statd
340 ? 00:00:00 apmd
391 ? 00:00:00 syslogd
400 ? 00:00:00 klogd
414 ? 00:00:00 identd
416 ? 00:00:00 identd
418 ? 00:00:00 identd
420 ? 00:00:00 identd
421 ? 00:00:00 identd
432 ? 00:00:00 atd
446 ? 00:00:00 crond
464 ? 00:00:00 inetd
478 ? 00:00:00 lpd
522 ? 00:00:00 sendmail
537 ? 00:00:00 gpm
589 ? 00:00:00 xfs
628 tty2 00:00:00 mingetty
629 tty3 00:00:00 mingetty
630 tty4 00:00:00 mingetty
631 tty5 00:00:00 mingetty
632 tty6 00:00:00 mingetty
976 tty1 00:00:00 login
977 tty1 00:00:00 bash
1055 tty1 00:00:00 ps

This example shows all the processes that are currently running on the system. The notable processes include the core services, such as inetd, init, syslogd, and crond. The several mingetty processes refer to the number of terminal sessions available for this instance of Linux. The current user is on tty1, which is why you see the login, bash, and ps processes listed as originating from the terminal tty1.

ps a

This command is similar to ps -e, but this argument displays all processes that originated from that particular TTY or terminal. For example:

PID TTY TIME CMD
976 tty1 00:00:00 login
977 tty1 00:00:00 bash
1055 tty1 00:00:00 ps

ps –u

This command displays all processes run by a particular user. For example, to see all processes run by the user root, use this command: ps -u root.

ps –au

This command displays all processes listed by username.

ps -f

This command displays a more detailed listing of process information, including the owner’s ID, the start time of the process, and the parent process ID (PPID). For example:

UID PID PPID C STIME TTY TIME CMD
user 636 628 0 06:31 tty1 00:00:00 -bash
user 667 636 0 06:42 tty1 00:00:00 ps -f

ps –ef

This is the most common command used to list processes. It displays all processes by using the full listing format.

ps | more

The ps command can be piped through other commands to aid in displaying the information. Sometimes, a process list can scroll by too quickly because of all the entries, so you can pipe it through the more command to list it screen by screen.

ps > file.txt

You can use this command to send the output of the ps command to a text file to be stored for later viewing, or to print it to a printer.
Process control

Sometimes, a Linux system administrator may want to use certain commands in order to manually control processes. For example, the administrator may want to stop and restart a process, or shut down programs that are taking up too many resources.

Occasionally, a system administrator will have to manually control processes that have lapsed into a frozen state—meaning, they won’t respond to conventional means of control. This tends to happen more often in a programming environment where a process may go out of control, and constantly use up resources until they have been depleted, which may cause the server to crash.

Foreground and background operation

A process can run either in the foreground or the background. When a process is running in the foreground, it is operating in your current shell, and any output or input is sent directly to that process. When a process is running in the background, it is still running, using resources, and completing its task, but it provides output or allows input from the current shell.

For example, to run a program from your shell, you simply type its name and hit Enter. At this point, you aren’t able to get back to your current shell without stopping the process. To immediately put the process into the background at startup, append an ampersand (&) to the command. The difference between foreground and background processes is easily shown with this example:

/home/root# tail -f /var/log/messages

This command allows you to follow any additions to the /var/log/messages file, which is the main log file for your system. When the program is run, you won’t be able to return to your shell until the program is stopped. This process is running in the foreground. To immediately put the program in the background, use the following command:

/home/root# tail -f /var/log/messages &

After using this command, the program will run in the background. Follow these steps to further manipulate the operation of the process:

1. After you press Enter, you are immediately returned to your shell prompt.
2. To return the application to the foreground, you can use [ctrl-z] to suspend the process, and then use the fg command to bring it back to the foreground.
3. If you have a process running in the foreground, and you need to return to your shell, you can use [ctrl-z] to suspend the process. Then, type bg to run the program in the background.
4. To end the process completely, use the [ctrl-c] command.
Each process has its own unique PID that is assigned by the Linux system. This number represents the process when using various process control commands. The PPID, or parent process identification, is the identifier of the process that is the parent to the current process. Knowing the PPID is very beneficial because many parent processes have several child processes, and killing the parent process will stop all of the child processes in the chain.

It is very easy to mistake the PPID with the PID of a process in a ps command output listing. Killing the PPID of a process might kill a major parent process that will also terminate any child processes.

To see a list of all your processes—including PID numbers—you can use the ps -e command. Here is a sample output:

PID TTY TIME CMD
1 ? 00:00:07 init
2 ? 00:00:00 kflushd
3 ? 00:00:00 kupdate
4 ? 00:00:00 kpiod
5 ? 00:00:00 kswapd
6 ? 00:00:00 mdrecoveryd
287 ? 00:00:00 pump
301 ? 00:00:00 portmap
316 ? 00:00:00 lockd
317 ? 00:00:00 rpciod
326 ? 00:00:00 rpc.statd
340 ? 00:00:00 apmd
391 ? 00:00:00 syslogd
400 ? 00:00:00 klogd
414 ? 00:00:00 identd
416 ? 00:00:00 identd
418 ? 00:00:00 identd
420 ? 00:00:00 identd
421 ? 00:00:00 identd
432 ? 00:00:00 atd
446 ? 00:00:00 crond
464 ? 00:00:00 inetd
478 ? 00:00:00 lpd
522 ? 00:00:00 sendmail
537 ? 00:00:00 gpm
589 ? 00:00:00 xfs
628 tty2 00:00:00 mingetty
629 tty3 00:00:00 mingetty
630 tty4 00:00:00 mingetty
631 tty5 00:00:00 mingetty
632 tty6 00:00:00 mingetty
976 tty1 00:00:00 login
977 tty1 00:00:00 bash
1055 tty1 00:00:00 ps

To stop a certain process, use the kill command. To use this command, you need to know the PID number of the process that you want to terminate. For example, you can stop the sendmail process, which is PID 522, by issuing the following command:

kill 522

To ensure that the process has indeed ended, enter the ps -e command to examine the currently running processes, and to see if sendmail is still running. Sometimes, a process won’t stop even after receiving the kill command. If this happens, you will have to add an extra argument to force a kill signal to the process.

To do this, use the following command:

kill -9 522

Signals are different types of commands that you can use with the kill command to change the state of a process. You can list the different types of signals that you can send by using the kill -l command. The output is listed here:

1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL
5) SIGTRAP 6) SIGIOT 7) SIGBUS 8) SIGFPE
9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2
13) SIGPIPE 14) SIGALRM 15) SIGTERM 17) SIGCHLD
18) SIGCONT 19) SIGSTOP 20) SIGTSTP 21) SIGTTIN
22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO
30) SIGPWR 31) SIGSYS

The most commonly used signals are 1 and 9, SIGHUP, and SIGKILL. Use the kill -9 command to force a kill to a process that won’t stop after you’ve issued a conventional kill command. The signal HUP tells the process to restart. For example, if you need to restart your Sendmail program, which has a PID of 522, issue the following command:

kill -HUP 522

Use the killall command to kill multiple processes that use the same name. For example, an Apache Web server usually runs several httpd processes. In order to kill the process properly, you have to find which httpd process is the parent process.

To make it easier, you can use the killall command to stop all of the httpd processes by using the following command:

killall httpd

The top command is another useful command for monitoring current processes. When you run this command, it shows all the current processes and their current resource usage in real time. The administrator can quickly see which program or process is taking up too much CPU time or memory space. Below shows the output of the top command.

Top Command Output

 

 

In case of any ©Copyright or missing credits issue please check CopyRights page for faster resolutions.

Leave a Reply