webpointmorpheus total solution web design

webpointmorpheus Linux Info
Linux Processes

     Intro      Processes Defined      Viewing Processes      Killing Processes
     The /proc Directory      Process Execution      Scheduling Processes      Documents in this Series

©2005 - material compiled by Bob Carnaghi, www.webpointmorpheus.com
Introduction     Top of Page
All of the action that takes place on a Linux system occurs in the context of a process. Processes are the defined containers whereby productive work and task accomplishment is realized. A typical Linux system can have hundreds, even thousands, of processes, depending on the functions of the system. Initiating, managing, maintaining, and terminating these processes is of the utmost importance to a healthy system. This document begins to outline process definition, process viewing, process termination, process execution, and process scheduling.
Processes Outlined and Defined     Top of Page
A program is an executable file that exists on a hard drive that is run when executed. A process is a program that is currently running or can run in memory or through the CPU - a program in action. A user process is a process that is started by a user that is logged in to the system. User processes are initiated through a shell of some type (BASH, etc.) A daemon process is a process that is not associated with a login terminal, but continuously runs in the background of the server. Daemon processes can be started automatically at boot-up, or can be started manually. The init daemon is the first process that is started on a Linux system, and it initiates all other processes. The init process always has a PID of 1, and a PPID of 0 - which refers to the kernel itself. A child process is a process that is started by another process. A parent process is the process that spawns another process. A foreground process is a process that runs in a forked BASH subshell and masks or denies access to the original BASH shell. A background process is a process that runs in a forked BASH subshell, but permits access to the initiating shell. Background processes are initiated by entering the command and appending an apmersand ( & ) to the command line when executed. A process ID (PID) is a unique identification number that allows the Linux kernel to identify the process. PID's are not assigned in sequential order. A parent process ID (PPID) is the PID of the process that spawned the process. By definition, parent processes check to see if child processes have successfully executed. When the child process has successfully executed, the parent process releases the child's PID. A zombie process is a defunct process that has finished executing, but the parent process has not released the PID. A rogue process is a process that has encountered problems or an error during execution and continues to consume system resoruces. These processes appear at the top of the listing generated by the top command. The process priority is a numeric identification that is assigned to a process which gives it more or less kernel priority value. Process priority is measured from 0 (highest value) to 127 (lowest value). A nice value can be used to indirectly affect a processes priority. Nice values range from -20 (greatest chance of high priority) to 19 (least chance of high priority).
Viewing Processes     Top of Page
Viewing running processes is an important part of working with a Linux system. There are several ways to view the running processes on the system, and varying degrees of information can be returned when viewing the processes. Listed below are the most common ways to view running processes on a Linux system:
  1. the ps command - see table below for options.
  2. the top command - an interactive screen ordered by processor time
  3. the tail -f command - offers a dynamically updated view of processes
The  ps  command
Option Description
 -e  Displays all user and daemon processes that are running.
 -f  Dispalys full information about the running processes, including:
  1. UID
  2. PID
  3. PPID
  4. CPU utilization
  5. start time
  6. terminal
  7. processor time
  8. command name
 -l  Displays a long list of process information, including:
  1. flag
  2. state
  3. UID
  4. PID
  5. PPID
  6. CPU utilization
  7. priority
  8. nice value
  9. address - process in memory
  10. size
  11. WCHAN - what the process is waiting for while sleeping
  12. command name
  13. terminal
 a  Displays all processes running on terminals.
 x  Displays all proceses that do not run on terminals.
 
 ps  Command Usage
ps -e
ps -ef
ps -eF
ps -ely 		Shows every process on the system using standard syntax.
ps ax
ps axu 		Shows every process on the system using BSD syntax.
ps -ejH
ps axjf 		Shows every process tree.
ps -eLf
ps axms 		Shows info about threads.
ps -eo euser,ruser,suser,
fuser,f,comm,label

ps axZ
ps -eM 		Shows security info.
ps -U root -u root -N Shows every process except those running as root (real & effective ID).
ps -eo pid,tid,class,rtprio,ni,pri,
psr,pcpu,stat,wchan:14,comm

ps axo stat,euid,ruid,tty,tpgid,
sess,pgrp,ppid,pid,pcpu,comm

ps -eopid,tt,user,fname,tmout,f,wchan 		Shows every process with a user-defined format.
ps -o "%u : %U : %p : %a" Shows odd display with AIX field descriptors.
ps -C syslogd -o pid=xxx Shows only the process IDs of syslogd.
ps -p 1334 -o comm=xxx Shows only the name of PID 1334.
Killing Processes     Top of Page
Processes can be terminated using the kill command. There are different degrees of terminating processes and the outcome desired, as listed in the table below. Certain processes can ignore certain kill signals, a phenomenon known as trapping a signal. Typically, killing a parent process will kill it's child processes as well. In order to kill a zombie process, it's often necessary to kill the parent process. The killall command uses the same termination signals as the kill command, but works only with the process name, not the PID. Use the killall command to kill several processes with the same name at the same time. The top command offers an option to kill processes - see the man page for details.
Common  kill  signals
Name Number Description
SIGHUP 1 This kill signal is also known as the 'hangup' signal. It stops a running process and restarts it using the same PID. This is the typical kill signal used when restarting a process after editing a configuration file.
SIGINT 2 A relatively weak kill signal that works most of the time. This kill signal is sent by the CTRL+c key combination.
SIGQUIT 3 A core dump kill signal that saves the process information in memory to a file called core on the hard disk in the current working directory before killing the process. This kill signal is sent by the CTRL+\ key combination.
SIGTERM 15 This is the default kill signal used by the kill command. This kill signal is also the software termination signal used by programs to kill other processes.
SIGKILL 9 The absolute kill signal, nothing escapes this one. When this kill signal is used, the process's resources are sent to /dev/null.
The /proc Directory     Top of Page
The Linux kernel makes available a special filesystem that is available only to the root user for viewing information about hardware and other configuration information on the system. To view this filesystem, use the following command: ls -al /proc. This directory will contain many files and sub-directories which can be viewed and checked to verify hardware settings and other configuration parameters.
Typical /proc contents
File Description
apm Information about Advanced Power Management
cmdline Current location of the Linux kernel
cpuinfo Information about the computer's processors
devices List of the character and block devices currently used by the kernel
execdomains List of execution domains for processes on the system*
fb Framebuffer information**
filesystems List of the Linux kernel supported filesystems
interrupts List of IRQ's in use on the system
iomem List of currently used memory addresses
ioports List of reserved memory address ranges to be used by system devices
isapnp List of Plug and Play (PnP) devices in ISA slots on the system
kcore Representation of physical memory inside the computer***
kmsg Location of temporary messages from the kernel
loadavg Statistics on processor performance
locks List of files that the kernel currently has locked
mdstat RAID configuration information
meminfo Physical and virtual memory statistics
misc List of miscellaneous devices****
modules List of Linux kernel modules that are currently loaded
mounts Filesystems that are currently loaded by the system
partitions Partition table information that is currently loaded into memory on the system
pci List of PCI device with configuration information
swaps Virtual memory utilization statistics
scsi SCSI device information
version Linux kernel version and library information
what else???  
Notes:
*Execution domains permit a process to execute in a specific manner.
**Framebuffers are an abstract representation of video card devices used by programs to enhance communication with the video adapter.
***This file should not be viewed
****Major number = 10
Process Execution     Top of Page
There are three types of execution of processes, as listed below:
  1. Binary programs - programs which have been compiled for exectuion directly by the system.
  2. Shell scripts - text files that have been granted the execute privilege, and can be interpreted by the shell to realize a specific output.
  3. Shell functions - functions that are inherent to the shell for execution in a manner similar to binary programs.
When a compiled binary program or a shell script is executed, the BASH shell that interprets the command forks (creates) a new shell. The fork process is actually a BASH function that creates the new shell. The new subshell uses the exec function to carry out the requested task. When the new process has finished, the new BASH shell is closed with the shell function exit. The original BASH shell that forked the new process uses the wait shell function and proceeds to the background while the child process continues in the new subshell. The fg command can be used to bring a background job to the foreground. Conversely, the bg command can be used to send a foreground job to the background. Processes can also be sent immnediately to the background by appending an ampersand & to the command line when the command is entered into the shell. The jobs command will permit viewing the running jobs on a system. See the man page for details.
All processes have a process priority. In the multi-tasking environment of a Linux system, multiple tasks are executed simultaneously by assigning time slices per a system of priority that ranges from 0 to 127, with 0 being the hightest priority. To view process priorities and nice values, use the ps -l command. To affect a process priority, give it a new nice value. nice values range from 20 (nicest) to -19 (not very nice at all). Processes are typically initialized with a default nice value of 0. To assign a new nice value to a priority, use the nice command. See the man page for details.
Command Scheduling     Top of Page
Commands can be scheduled to run at some point in the future by two different daemons. The at command will run a certain command once at some time. The the atd daemon is flexible in terms of when certain commands will be run in the future, and can schedule recurring processes to be run during off hours. The crond daemon will run commands in a recurring fashion according to a schedule.
The atd Daemon
The at command will present a command line prompt where the commands to be run can be entered one on each line. To exit the command prompt, use the key combination CTRL+d. The at jobs are then stored in the /var/spool/at file. The at command offers the following methods of scheduling commands to run once at a future time and date.
 at  Command Variations
Command Description
 at 9:25pm  Schedules commands to run at 9:25 pm on the current date.
 at 9:25December 25  Schedules commands to run at 9:25 pm on the Christmas Day.
 at noon December 25  Schedules commands to run at noon on Christmas Day.
 at noon  Schedules commands to run at noon.
 at teatime  Schedules commands to run at 4:00 PM on the current date.
 at now + 15 minutes  Schedules commands to run 15 minutes from now.
 at tomorrow  Schedules commands to run the next day.
 at now + 7 days  Schedules commands to run a week from now.
 at now + 1 hour  Schedules commands to run in an hour.
 at now 
 at batch 		 Schedules commands to run immediately.
 at 11:00am 12/25/2006 
 at 11:00am 12252006 
 at 11:00am 25.122006  		Various forms for running commands at 11:00 am on Christmas Day.
There are additional commands to manage at jobs as listed. When viewing scheduled at jobs, regular users see only their jobs. The root user sees all scheduled at job s.
  1. at - schedules commands to be run at certain times in the future.
  2. atq - shows the contents of the at queue, which is stored in /var/spool/at. This command is equivalent to at -l.
  3. atrm - removes one or more jobs from the at queue
When the /etc/at.allow file is present on the system, the user must be listed in the file in order to schedule at jobs. When the /etc/at.deny file exists on the system, any user not listed in the file is allowed to schedule at jobs. Of the two files, the at.allow file is more restrictive. If both files exist, only the at.allow file is processed.
The crond Daemon
The crond daemon runs jobs automatially on a regular recurring schedule as defined in crontables. There are two types of cron jobs, those which belong to users, and are stored in /var/spool/cron and those which belong to the system, and are stored in /etc/cron.d and /etc/crontab. The crontable files are not to be edited directly, but must be edited with the crontab command. To create or edit an exsting cron job, enter the command crontab -e to view existing jobs, enter the command crontab -l. The command crontab -r will remove all associated cron jobs from the /var/spool/cron/username directory. The root user can edit and/or deletd cron jobs that belong to individual users by using the command cron -e -u username.
Entries into a crontab file have six fields that determine when the job is run, as well as the command to run. The entries are listed as  1 2 3 4 5 /full/path/to/command.run . The entries in field #1 are run on the minute of the hour that is listed. Field #2 is the hour that commands are run, in 24-hour format. Field #3 is the day of the month, and field #4 lists the month of the year to run the commands. Field #5 is the day of the week to run commands, numbered from 0-7. Acceptable formats for entering times (using the minute as an example) are as follows:
  1. 20,30 - the listed command will be run on the 20th and the 30th minute of every hour.
  2. */5 - the listed command will be run every 5 minutes.
  3. 0-59/15 - the listed command will run every 15 minutes.
There are supporting folders in the /etc directory labeled /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly and /etc/cron.monthly.
Other Documents in this Series      Top of Page
  1. Introduction and History
  2. Installation, Advanced Installation, and Usage
  3. The Linux Kernel and the Boot Process
  4. Filesystems - Management & Administration
  5. The BASH and Other Shells
  6. System Initialization and the X Environment
  7. Linux Processes
  8. Linux Administration, Peripherals, and Hardware
  9. Software Installation and Management
  10. Backups and Log Files
  11. Performance and Problems
  12. Network Configuration
  13. Security
  14. Key Linux Commands
  15. Essential Linux Definitions
webpointmorpheus Home       Technical Pages Site Map      This page was last modified: Wednesday January 03, 2007 10:53 AM