linux processes

Posted by Tully on Sun 17 May 2009


Binary Executables - These are programs that were orginally created as a text file using a programming language, such as C or C++. The text file was then run through a compiler to create a binary file that can be processed by the CPU.

Internal shell commands - Some of the commands you enter at the shell prompt are actual binary files in the file system that are loaded and run by the CPU. For example, when you enter rpm at the shell prompt, you load the rpm binary file into memory. Other commands, however, are binary executables. Instead, they are commands that are rolled into the shell program itself. For example, if you enter exit at a shell prompt, you are actually running an internal shell command. There is no executable file in the file system named "exit". Instead, the computer code associated with the exit function is stored within the shell program code itself.

Shell scripts - These are text files that are executed through the shell itself. You can include commands to run binary executables within the text of any shell script.

Newer, dual-core CPUs can actually execute more than one process at a time. Because there are two cores within the CPU, one core can execute one process while the other core works on another.

System processes are usually (but not always) noted with a "d" at the end of the name, which stands for daemon.

Any process running on a Linux system can launch additional processes. The process that launched the new process is called the parent process. The new process itself is called the child process. This parent/child relationship constitutes the herdity of Linux processes.

Whenever a process is created on a Linux system, it is assigned two resources:

Process ID (PID) Number - This is a number assigned to each process that uniquely identifies it on the system.

Parent Process ID (PPID) Number - This is the PID of the process parent process.

The process of creating a new subshell and running the command process within it is called forking.

Types of init scripts

System V - Linux distributions that use System V init scripts store them in the /etc/rc.d directory. Within /etc/rc.d are a series of subdirectories named rc.0 through rc6.d. Each of these directories is associated with a particular runlevel. Within each of these subdirectories are symbolic links that point to the init scripts for your system daemons, which reside in /etc/rc.d/init.d. Red Hat Linux and Fedora use System V-type init scripts.

BSD - Other Linux distributions use BSD-style init scripts. These scripts reside in the /etc/init.d directory. Within /etc/init.d are a services of directories named rc0.d through rc6.d. As with System V init scripts, these directories are associated with specific runlevels. These directories contain links that point to the init scripts in /etc/init.d. SUSE Linux uses this type of init script.

Using Top

The following are the columns used in the top display:

PID     - The process ID of the process.  
USER    - The name of the user that owns the process.  
PR      - The priority assigned to the process.  
NI      - This is the nice value of the process.  
VIRT    - The amount of virtual memory used by the process.  
RED     - The amount of physical RAM the process is using(its resident size) in kilobytes.  
SHR     - The amount of shared memory used by the process.  
S       - The status of the process.
CPU     - The percentage of CPU time used by the process.  
MEM     - The percentage of available physical RAM used by the process.  
TIME+   - The total amount of CPU time the process has consumed since being started.  
COMMAND - The name of the command that was entered to start the process.

Possible status values:

D - Uninterruptibly sleeping.  
R - Running.  
S - Sleeping.  
T - Traced or stopped.  
Z - Zombied.

A zombied process is one where the process has finished executing and exited, but the process' parent didn't get notified that it was finished and hasn't released the child process' PID. A zombied process may eventually clear up on it's own. It if doesn't you may need to manually kill the parent process.

You can add columns to top by pressing the letter F and selecting a column


By default the PS command shows the following:

PID  - The process ID of the process.  
TTY  - The name of the terminal session (shell) that the process is running within.  
TIME - The amount of CPU time used by the process.  
CMD  - The name of the command that was entered to create the process.

If there is a ? in the TTY process it means it's a system process.

The -f option to ps will add the follwing:

UID   - The user ID of the process owner.  
PPID  - The PID of the process parent process.  
C     - The amount of prcessor time utilized by the process.  
STIME - The time that the process started.

You can view much more info by adding the -l option.

The -l switch will add the following:

F     - The flags associated with the process. 
S     - The state of the process. This column uses the following codes: 
PRI   - The priority of the process.  
NI    - The nice value of the process.  
SZ    - The size of the process.  
WCHAN - The name of the kernel function which the process is sleeping.
        You will see a dash (-) in this column if the process is currently running.

Flag codes:

1 - Forked, but didn't execute.  
4 - Used root privileges.

State of process codes:

D - Uninterruptible sleep.  
R - Running  
S - Interruptible sleep.  
T - Stopped or traced.  
Z - Zombied.

Setting Priorities with nice

Nice - Used to set a nice value for a process.

renice - Used to change the nice value for a running process.

Nice values are from -20 to +19. The lower the number the higher the priority.

To start a process with a given nice value you can use the following command:

nice -n nice_level command

You can't set a negative nice value unless you are root. Normal users are restricted to 0 or higher.


The syntax of changing a already running processes nice value is as follows:

renice -n nice_value PID

Background / Foreground Processes

To put a program in the background use a & symbol. Example: firefox &. This will then put the firefox application in the background so you can use the firefox application but still be able to run more commands at the command prompt.

When you do this command it will then display 2 numbers. Example "1 4212". These two numbers display the job # and the PID.

To view all background jobs you can type jobs at the command prompt.

You can switch between background and foreground processes with the following commands:

fg - This command will move a background process to the foreground.

fg job_id

bg - This command will move a foreground process to the background. To use this utility, you must first assign the foreground job as a background job ID. This is done by pressing CTRL-Z. When you do, you'll see the process stop and a background job ID assigned to the process.

You can use the following to move the process to the background.

bg job_id

Ending Running Processes

The kill command will terminate a process. The syntax is as follows:

kill -signal PID

Kill Signals

SIGHUP - This is kill signal 1. This signal restarts the process. After a restart, the process will have exactly the same PID that it had before. This is a very useful option for restarting a service for which you've made changes in a configuration file.

SIGINT - This is kill signal 2. This signal sends a CTRL-C key sequence to the process.

SIGKILL - This is kill signal 9. This is a br
ute-force signal that kills the process. If the process was hung badly, this option will force it to stop. However, the process may not clean up after itself if this signal is used. The resources allocated to the process may remain allocated until the system is restarted.

SIGTERM - This is kill signal 15. This signal tells the process to terminate immediately. This is the default signal sent by the kill if you omit a signal in the command line. This signal allows the process to clean up after itself before exiting.

A good sequence when trying to kill a hung process is as follows:

  1. Send a SIGINT first. If it doesn't respond, then go on to step 2.
  2. Send a SIGTERM. Usually, this will fix the problem and allow the process to exit cleanly. If it doesn't then go on to step 3.
  3. Send a SIGKILL.

Schedule Processes

The at daemon is good for setting a job to run once a specific time. The service is called atd and can be started as follows:

/etc/init.d/atd start

You need to specify which users can and which users cannot create at jobs. This can be done by editing the following files:

/etc/at.allow - Users listed in this file are allowed to create at jobs.

/etc/at.deny - Users listed in this file are not allowed to create at jobs.

There are many formats you can use for the at command time. The following displays these formats:


HH:MM    - Specifies the exact hour and minute when the commands should be
           run. The at daemon assumes that the hour and minute specified is today
           unless that time is already past; then is assume it is tomorrow. You can
           also add am or pm to specify morning or afternoon.  
Noon     - Specifies that a command be run at 12:00 PM.  
Midnight - Specifies that a command be run at 12:00 AM.  
Teatime  - Specifies that a command be run at 4:00 PM.  
MMDDYY or MM/DD/YY or MM.DD.YY - These all specify the exact month,
                                  date, and year when a command is to be run.  
 HH:MM MMDDYY - Specifies the exact month, date, year, and time when a
                command is to be run.


 now - Specifies that the command be run immediately.  
 now + value - Specifies that the command be run at a certain time in
               the future. For example, you could enter any of the following:  
 now + 5 minutes  
 now + 2 hours  
 now + 3 days  
 today - Specifies that the command be run today. You  can mix this
         value with a fixed value from above, such as 2 pm today.  
 tomorrow - Specifies that the command be run tomorrow. You can also mix
            this value with a fixed value, such as 2 pm tomorrow.

The following is an example on how to use the atd daemon.

at now + 10 minutes  
at> echo "This is my command" | wall

You can run multiple command by hitting enter after each command you wish to run. When you are done entering the commands you wish to run you would press CTRL+D.

You can view a list of at jobs in the queue by typing atq at the command line.

To remove a job from the at queue you would type atrm job_number at the command line.

Using the cron Daemon

The cron uses many different directories to look for scheduled jobs. It will first check the /etc/crontab file which then checks the following:

/etc/cron.hourly  - Contains cron scripts that are run every hour.  
/etc/cron.daily   - Contains cron scripts that are run every day.  
/etc/cron.weekly  - Contains cron scripts that are run once a week.  
/etc/cron.monthly - Contains cron scripts that are run once a month.  
/etc/cron.d       - This file has jobs that run at specific times.

Crontab File Fields

1 - Minutes. This field specifies the minutes past the hour that the
             command should be run.  
2 - Hour. This field specifies the hour of the day when the command
          should be run. The cron daemon prefers military time, so you should use
          a value of 0 to 23 in this field.  
3 - Day. This field specifies the day of the month that the command
         should be run.  
4 - Month. This field specifies the month of the year when the command
           should be run.  
5 - Day of the week. Sunday is 0 and Saturday is 6.  
6 - The name of the command, including the full path, to be run.

Example crontab entry in /etc/cron.d

5 23 * * 1-6 /bin/tar -cvf /bin/tar -cvf /media/usb/backup.tar /home

The last line specifies that the command be run at 5 minutes after 11:00pm (23) every day () of every month () on Monday (1) through Saturday (6).

System cron jobs run as the root user

User created crontabs are created in /var/spool/cron/tabs with there username as the filename.

If you don't want to allow users to be able to create cron files you can restrict or allow users in the /etc/cron.allow and /etc/cron.deny files.

If you create a /etc/cron.allow file ONLY users that are in that file are able to create cron files.

Open up vi and edit your crontab file. If you don't have one it will be created.

crontab -e

Display your crontab

crontab -l

Remove your crontab file

crontab -r