Linux administration

Create, Monitor, and Kill Processes

Nguyen Hai Chau
Vietnam National University

What is a Process?

  • The kernel considers each program running on your system to be a process
  • A process 'lives' as it executes, with a lifetime that may be short or long
  • A process is said to 'die' when it terminates
  • The kernel identifies each process by a number known as a process id, or pid
  • The kernel keeps track of various properties of each process

Process Properties

  • A process has a user id (uid) and a group id (gid) which together specify what permissions it has

  • A process has a parent process id (ppid) — the pid of the process which created it

    • The kernel starts an init process with pid 1 at boot-up
    • Every other process is a descendant of pid 1

  • Each process has its own working directory, initially inherited from its parent process

  • There is an environment for each process — a collection of named environment variables and their associated values

    • A process's environment is normally inherited from its parent process

Parent and Child Processes

  • The init process is the ancestor of all other processes:

  • (Apache starts many child processes so that they can serve HTTP requests at the same time)

Process Monitoring: ps

  • The ps command gives a snapshot of the processes running on a system at a given moment in time

  • Very flexible in what it shows, and how:

    • Normally shows a fairly brief summary of each process
    • Normally shows only processes which are both owned by the current user and attached to a terminal

  • Unfortunately, it doesn't use standard option syntax

  • Instead it uses a mixture of options with one of three syntaxes:

    • Traditional BSD ps: a single letter with no hyphen
    • Unix98 ps: a single letter preceded by a hyphen
    • GNU: a word or phrase preceded by two hyphens

ps Options

  • ps has many options. Some of the most commonly used are:
Option Description
a Show processes owned by other users
f Display process ancestors in a tree-like format
u Use the 'user' output format, showing user names and process start times
w Use a wider output format. Normally each line of output is truncated; each use of the w option makes the 'window' wider
x Include processes which have no controlling terminal
-e Show information on all processes
-l Use a 'long' output format
-f Use a 'full' output format
-C cmd Show only processes named cmd
-U user Show only processes owned by user

Process monitoring: pstree

  • Displays a snapshot of running processes
  • Always uses a tree-like display, like ps -f
    • But by default shows only the name of each command
  • Normally shows all processes
    • Specify a pid as an argument to show a specific process and its descendants
    • Specify a user name as an argument to show process trees owned by that user

pstree Options

Option Description
-a Display commands' arguments
-c Don't compact identical subtrees
-G Attempt to use terminal-specific line-drawing characters
-h Highlight the ancestors of the current process
-n Sort processes numerically by pid, rather than alphabetically by name
-p Include pids in the output

Process Monitoring: top

  • Shows full-screen, continuously-updated snapshots of process activity
    • Waits a short period of time between each snapshot to give the illusion of real-time monitoring
  • Processes are displayed in descending order of how much processor time they're using
  • Also displays system uptime, load average, CPU status, and memory information

top Command-Line Options

Option Description
-b Batch mode - send snapshots to standard output
-n num Exit after displaying num snapshots
-d delay Wait delay seconds between each snapshot
-i Ignore idle processes
-s Disable interactive commands which could be dangerous if run by the superuser

top Interactive Commands

Key Behaviour
q Quit the program
Ctrl+L Repaint the screen
h Show a help screen
k Prompts for a pid and a signal, and sends that signal to that process
n Prompts for the number of processes to show information; 0 (the default) means to show as many as will fit
r Change the priority ('niceness') of a process
s Change the number of seconds to delay between updates. Thenumber may include fractions of a second (0.5, for example)

Signalling Processes

  • A process can be sent a signal by the kernel or by another process
  • Each signal is a very simple message:
    • A small whole number
    • With a mnemonic name
  • Signal names are all-capitals, like INT
    • They are often written with SIG as part of the name: SIGINT
  • Some signals are treated specially by the kernel; others have a conventional meaning
  • There are about 30 signals available, not all of which are very useful

Common Signals for Interactive Use

  • The command kill -l lists all signals
  • The following are the most commonly used:
Name Number Meaning
INT 2 Interrupt — stop running. Sent by the kernel when you press Ctrl+C in a terminal.
TERM 15 Please terminate. Used to ask a process to exit gracefully
KILL 9 Die! Forces the process to stop running; it is given no opportunity to clean up after itself.
TSTP 18 Requests the process to stop itself temporarily. Sent by the kernel when you press Ctrl+Z in a terminal.
HUP 1 Hang up. Sent by the kernel when you log out, or disconnect a modem. Conventionally used by many daemons as an instruction to re-read a configuration file.

Sending Signals: kill

  • The kill command is used to send a signal to a process
    • Not just to terminate a running process!
  • It is a normal executable command, but many shells also provide it as a built-in
  • Use kill -HUP pid or kill -s HUP pid to send a SIGHUP to the process with that pid
  • If you miss out the signal name, kill will send a SIGTERM
  • You can specify more than one pid to signal all those processes

Sending Signals to Daemons: pidof

  • On Unix systems, long-lived processes that provide some service are often referred to as daemons
  • Daemons typically have a configuration file (usually under /etc) which affects their behaviour
  • Many daemons read their configuration file only at startup
  • If the configuration changes, you have to explicitly tell the daemon by sending it a SIGHUP signal
  • You can sometimes use pidof to find the daemon's pid; for example, to tell the inetd daemon to reload its configuration, run:
$ kill -HUP $(pidof /usr/sbin/inetd)

as root

Monitoring memory usage

  • free: Display memory in different units
free -m

##               total        used        free      shared  buff/cache   available
## Mem:          28088        5375       13660         123        9052       24157
## Swap:          8191           0        8191
  • vmstat: Report virtual memory statistics
vmstat

## procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
##  r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
##  1  1      0 13988544 750252 8519600    0    0   115   185  292  162 17  7 74  2  0
  • htop: Text, interactive menu interface

Exercise

  • a. Use top to show the processes running on your machine.
  • b. Make top sort by memory usage, so that the most memory-hungry processes appear at the top.
  • c. Restrict the display to show only processes owned by you.
  • d. Try killing one of your processes (make sure it's nothing important).
  • e. Display a list of all the processes running on the machine using ps (displaying the full command line for them).
  • f. Get the same listing as a tree, using both ps and pstree.
  • g. Have ps sort the output by system time used.