Chapter 6: Linux

processes
Open source (it403)
Table of contents:
1. Processes 7. PS Options
2. Kernel 8. Command: Top
3. Foreground & Background 9. Nice & renice
4. PID 10. Signals
5. PPID (Parent Processes) 11. Command: kill
6. PS Commands 12. Command: killall
1. Processes
• A process is a program in action. It is the actual execution of
a program that is loaded into memory and being processed
by the CPU.
• When you run a command or program on your computer, it can
create multiple processes, which are instances of the program that are
actively running and performing tasks on the computer.
• For example, imagine you open a web browser and type in a website
address. The browser will start running as a process on your
computer. As you navigate through different pages on the website,
the browser may create new processes to handle each page
separately. Each process will have its own memory space and system
resources, allowing you to navigate the website efficiently.
• Some processes are independent of each other and others are related.
• For example, imagine you are using a word processing program to
write a document. The program may create multiple processes, such
as one for the user interface, one for spell checking, and one for
printing. The user interface process doesn't rely on the spell checking
process, so they are independent of each other.
• However, the printing process depends on the user interface
process to receive the print command, so they are related.
• If a related process is not functioning properly, it may affect
other related processes, while an independent process can
malfunction without affecting other processes.
• When a process creates a new process, the new process
is called a "descendant". The original process has some
control over its descendant processes, meaning it can
pause, restart, change the priority, or even stop them
from running altogether.
• To understand this better, imagine you are using a music player
program to listen to a playlist. The program creates a process to
play the music and another process to display the user interface.
If you pause the music, the process responsible for playing the
music is temporarily suspended. When you resume the music,
the process is resumed, allowing the music to play again.
• Similarly, the original process can change the priority of its
descendant processes, which determines how much CPU time
they are allocated. For example, if the music player program is
running slowly because other programs are using too much CPU
time, the process responsible for playing the music can be given
a higher priority to ensure that the music doesn't skip or pause.
• Finally, the original process can also terminate its descendant
processes, which means stopping them from running
completely. For example, if the music player program is closed,
both the process responsible for playing the music and the
process responsible for displaying the user interface are
terminated.
• When a process is terminated (i.e., stopped from running), all of its descendant
processes are also terminated to avoid any potential problems or resource waste.
• To understand this, imagine you are using a web browser program to visit a
website. The program creates a process for the user interface and a process for
each tab that you open. If you close the web browser program, the process
responsible for the user interface is terminated, and all of the descendant
processes responsible for each tab are also terminated.
• In Linux, every process running on the system is assigned a
unique identifier called a Process ID, or PID for short.
• Think of it like a ticket number assigned to each process that
allows the operating system to keep track of it. When a new
process is created, the operating system assigns it a new PID that
is different from all the other processes running on the system.
2. Kernel
• The operating system, particularly the kernel, is responsible for ensuring
that each process running on the system has access to the resources it
needs and that the system as a whole is being used efficiently.
• For example, if a process requires more CPU time, the kernel will
allocate more CPU time to it to ensure it can complete its tasks
efficiently.
• The kernel also ensures overall optimized system utilization which
involves balancing the needs of different processes running on the system
to ensure that each process has access to the resources it needs while
avoiding wasted resources or bottlenecks (limitation that restricts the flow
of data or the processing of tasks) that can slow down the system.
• Overall, the kernel plays a critical role in managing resources and
optimizing system utilization in Linux and other operating systems.
3. Foreground & Background
Foreground:
• In Linux and other command-line interfaces, when the command
is taking up your attention and running in the current terminal
window. You can see the output of the command as it runs, and
you cannot run any other commands until it is complete. Then
this command is said to be running in the foreground.
Background:

• When you run a command in a prompt, it's called a

process. Normally, when you run a process, you can see
its progress and output in the prompt, and you have to
wait for it to finish before you can run other processes.
• But if you put a process into the background by adding "&" at
the end of the command, the process will continue to run
without showing its progress or output in the prompt. Instead,
you'll see a job number and a process ID appear, and the
prompt will return, allowing you to run other commands in the
meantime.
• Later on, if you want to see the progress of the
background process again, you can bring it back to the
foreground using the "fg" command followed by the job
number, like "fg %1". This will make the process visible
in the prompt again, and you can interact with it as usual.
4. PID
PID (Process Identification Number)
• A process ID is a unique identifier assigned to a process while it
runs.
• Each time you run a process, it has a different PID
• You can use the PID to track the status of a process / CPU usage .
• The range 0 to System Config refers to the range of
possible process IDs (PIDs) that can be assigned to running
processes on a computer system. The actual range of PIDs
that can be assigned depends on the specific system
configuration, which can vary from system to system.
• The command "cat /proc/sys/kernel/pid_max" is
used to display the maximum PID value that can be
assigned on the current system configuration. This
value is determined by the operating system and
hardware limitations.
• When a process is killed on a computer system,
its PID is recycled and can be assigned to a new
process. This recycling process ensures that the
system does not run out of available PIDs.
• The string of characters ":(){ :|:& };:" is known as the "fork bomb" command. It is a
malicious command that can cause a denial-of-service (DoS) attack on a computer
system by rapidly creating new processes until the system runs out of available
resources.
• The command works by recursively calling itself, creating new processes that in turn
create more processes, until the system becomes unresponsive and crashes.
• It is important to never run this command on a computer system, as it can cause serious
damage to the system.
5- PPID
PPID (Parent Processes)
• A process that generates a new process is called a parent
process; the new process is called a child process.
• The parent process (PPID) becomes
associated(linked) with the new child process.
6- PS Commands
 Displays processes’ status.

• In particular, the status of a process refers to its current state.

• For example, a process may be "running" if it is currently executing instructions, "sleeping" if

it is waiting for a particular event to occur, or "stopped" if it has been paused or terminated.

• The ‘ps’ command can display this status information for each process.
 Useful in monitoring what’s happening on a system.

• For example, if we use a monitoring tool like the ps command, we can see the current status
of all the processes running on the computer.

• This can help us identify if a process is consuming too much memory or CPU resources, causing the computer to slow down.

• By identifying the problem process, we can then take action to fix the issue and restore the computer's performance.
 ps [options]
• The "ps" command is a way to check what programs are running on your computer.

 pstree
• Used to see the processes running in a tree-like structure.
 Only shows the processes that belong to the user who is currently using the command.

• For example, if you are logged in as "User A" and you use the "ps" command, it will only show
you the processes that belong to "User A". It will not show you any processes belonging to other
users who may also be logged in at the same time.

• This is a security measure that helps to protect your privacy and prevent other users from seeing
your processes or interfering with them.
 The basic output of the "ps" command shows you three pieces of information about the processes that are running on your
computer:

• 1. Process ID (PID) - This is a unique number assigned to each running program or task on your computer. It allows you to identify and track
specific processes.

• 2. Terminal (TTY) - This tells you which terminal or console the process is running from. This is useful if you have multiple terminals open and
want to know which process is running on which terminal.

• 3. CPU Time - This shows you how much CPU time a process has used. CPU time is the amount of time that the processor spends executing a
particular process or task. It can give you an idea of how much resources a particular process is using and how much impact it is having on your
system's performance.
7- ps Options
 ps –e
• Shows all the processes running on the system, even if they are being run by
other users.

 ps –f
• gets a more detailed view of all the processes running on a system, including
information about the users who started them and their resource utilization.
 ps –p
• Certainly! The ‘-p’ option of the ‘ps’ command in Linux
allows you to display information about a specific process or
a list of processes identified by their process IDs (PIDs).
Here’s the syntax of the ‘-p’ option:
• You can replace ‘PID’ with the actual process ID(s) you want to get information about.
You can also provide multiple PIDs separated by spaces to display information about
several processes at once.
• When you execute the ‘ps –p’ command, the output will show the process details of the
specified PIDs, such as their command name, status, start time, and CPU usage. The
output will only contain information about the specified PIDs and not all running
processes on the system.
Here's an example command that displays the process details for a single PID:
Here's an example command that displays the process details for multiple PIDs:
 ps –l
• The output will show more detailed information about all running processes in long format
with the most recently started processes at the bottom.
 ps –u
• When using the -u option, you can specify the username or user ID (UID) of the user whose
processes you want to view.
• If you do not specify a username or UID, the ps command will display information about
processes running as the current user.
• The output will show information about all running processes associated with that user.
 ps –t
• The -t option takes one or more terminal names as arguments.
• When used with one terminal name, ps will display information about processes running on
that terminal.
• When used with multiple terminal names, ps will display information about processes running
on any of the specified terminals.

For example, if you want to view information about processes associated with the pts/0
terminal, you would run the following command:
Here's an example of how you can use the -t option with multiple terminal names:
8- Command: Top
• Displays information about running processes, similar to the ps command.
• In other words, if you run this command and new processes are started or
existing ones are terminated, the displayed information will update
automatically to show the current state of the processes.
• The top command, it will show you a list of running processes sorted by their CPU usage.
This means that the processes that are using the most CPU resources will be listed at the
top of the list, and the ones using the least will be at the bottom.

• In addition, the top command updates its display every 3 seconds by default. This means
that the displayed information will automatically update every 3 seconds to show the
most current information about the running processes.
‘top’ accepts several options. The most useful are:
• -d: lets you specify how often you want "top" to update the
information it's showing you.
For example, if you wanted "top" to update every 5 seconds, you
would type:

Then press Enter, and "top" will start running with updates
every 5 seconds. You can change the number of seconds to
whatever interval you prefer, such as 1, 10, or even 60.
• -p:
 only shows information for the processes you are interested in.
 To use the "-p" option with "top," you need to specify one or more process IDs (PIDs) after the
option.
For example, to monitor only the process with the PID of 1234, you would type:

 If you want to monitor multiple processes, you can specify them (up to 20) as a comma-
separated list.
For example, to monitor processes with PIDs 1234, 5678, and 9101, you would type:
• Keep in mind that if you specify a PID that does not exist or that "top" cannot access, you will see an error message.

Command Top:
• When you run the "top" command on a computer, it gives you information about what's happening on
the system.
• The information is divided into two sections.

• In the first section, in the first line you see general information about the system, like :

1) current time
2) how long the computer has been turned on
3) how many users are currently logged in
4) The "load average," which is a measure of how busy the system is.
The load average is shown in three numbers separated by commas: the first number is the average
load over the last minute, the second is over the last five minutes, and the third is over the last
fifteen minutes.
• In the second line you see general process information, which tells you:
1) How many processes are currently running, sleeping, stopped, or
zombie.
A "zombie" process is one that has finished its job, but its parent process hasn't cleaned up after it
yet.

• The next line in the first section shows general CPU information, like how much of the
CPU is being used.
• The last two lines in the first section detail the status of the system memory, like how
much is being used and how much is free.
• The second section of the "top" output is a list of all the
currently running processes on the system, with information
about each process like:
1. process ID (PID).
2. how much CPU and memory it's using.
3. The user who started the process.

This section looks similar to the output of the "ps" command.

top
9- nice & renice
• nice value ranges from -20 (highest priority) to 19 (lowest priority).
• The lower the priority value, the more "nice" the process is to other processes.

nice -n -10 command → launch a new process with priority of -10 (default 0)

• renice : used to adjust the priority of an existing process

renice #priority #pid → renice 10 32443 (where 32443 is the pid of the process)
10- Signals
• In Linux, processes communicate with each other using signals
to indicate that an important event has occurred.
• When a user hits Ctrl+C on their keyboard while running a script
or program, it sends a signal to the process.
• This signal is a short, fast, one-way message that lets the process
know that the user has requested to interrupt or stop the
execution of the program.
• The process then receives the signal and takes appropriate
action, such as terminating the program or prompting the
user for confirmation before stopping the execution.
• Other signals can also be sent to processes, such as
signals to pause, resume, or terminate a program, among
others.
trap -l → list of all signals
trap -p → print signals
• When a script or program receives a signal to shut down, it is important that the signal
is trapped (if possible) and a "graceful shutdown" is performed.

• This means that the script should have a chance to finish any tasks it was working on,
such as deleting temporary files or closing open ports in the case of a firewall script.

• If the script simply stops running immediately when it receives the signal, it can leave
the computer in an unpredictable state, potentially causing errors or data loss.

• By performing a graceful shutdown, the script can ensure that all necessary tasks are
completed before exiting, minimizing the risk of any negative consequences.
• SIGHUP (Signal Hang Up) is a signal that can be sent to a process in order to request it to
reload its configuration files. When a process receives a SIGHUP signal, it will typically close
all open connections and restart, reading its configuration files again.
• In the given example, "ssh suddenly dropped", this could mean that the SSH connection was
interrupted or disconnected unexpectedly. To try and recover the connection, one option could
be to send a SIGHUP signal to the ssh process by running the following command:

• The -1 option specifies the SIGHUP signal, and <pid of ssh process> should be replaced with
the process ID of the ssh process. This command will send the SIGHUP signal to the ssh
process, prompting it to reload its configuration files and hopefully reconnect the dropped
connection.
• SIGINT (Signal Interrupt) is a signal that can be sent to a
process to request it to interrupt its execution and terminate.
This signal is often sent by the user pressing Ctrl+C on their
keyboard, which sends the SIGINT signal to the process
running in the foreground.

• In the given example, "Ctrl+c (interrupt signal)", this means that

the user has pressed Ctrl+C on their keyboard, sending the
SIGINT signal to the running process.
•"Signal Handler -> close" means that the process has a signal handler set up to
handle the SIGINT signal. The signal handler is a piece of code that is executed
when the process receives the signal. In this case, the signal handler is
programmed to perform the action of "close", which could mean closing any
open files or network connections, freeing up system resources, and terminating
the process.

•For example, if a long-running script is executing and the user decides they
want to terminate it prematurely, they can press Ctrl+C to send the SIGINT
signal to the script. The script's signal handler would then execute the "close"
action, which could include cleaning up any temporary files or network
connections before terminating the script.
• SIGQUIT (Signal Quit) is a signal that can be sent to a
process to request it to terminate immediately.

• The user can force a process to quit by sending the

SIGQUIT signal (using Ctrl+\ on their keyboard) or by
sending the EOF signal (using Ctrl+d on their
keyboard).
• SIGFPE (Signal Floating Point Exception) is a signal that is sent to
a process when it attempts to perform an illegal or erroneous
mathematical operation, such as dividing by zero or attempting to take
the square root of a negative number.

• SIGFPE signals are used to indicate that a process has attempted to

perform an illegal or erroneous mathematical operation, and the signal
is sent to the process to allow it to handle the error in a controlled
manner, for example by displaying an error message to the user or by
terminating the program.
• SIGKILL (Signal Kill) is a signal that is sent to a process to
immediately terminate it.
• It is the most powerful and drastic signal that can be sent to a process.
• When a process receives the SIGKILL signal, it is not able to catch or
ignore it, and it will be terminated immediately, without any chance to
clean up or save its state.
• This signal is often used as a last resort when other signals have failed
to terminate the process, such as SIGTERM or SIGINT, the
SIGKILL.
• SIGTERM (Signal Termination) is a signal that is sent to a process to
request it to terminate gracefully.

• When a process receives the SIGTERM signal, it is expected to perform a

clean shutdown, save its state, and exit.

• It is a default signal sent by the kill command when no other signal is

specified.

• It is often used to terminate a long-running process that is no longer needed.

• Two commands available in Linux allow you to send process signals to running
processes:

kill -SIGQUIT pid

 killall -SIGKILL name

• This command will send the SIGKILL signal to all processes with the name "firefox“
which will forcefully terminate the processes without giving them a chance to perform
any cleanup operations and may cause data loss or other undesired consequences.
11- Command: kill
• The 'kill' command is used to send signals to processes based on their process
ID (PID).
• A signal is a message sent to a process that can cause it to perform a specific
action.
• The syntax for the 'kill' command is 'kill -s signal pid', where 'signal' is the
type of signal to be sent and 'pid' is the process ID of the process to which the
signal will be sent.
• You can use the -s parameter to specify other signals either by their name or signal
number.
• For example, you can use 'kill -15 pid' or 'kill -s 15 pid' to send a TERM signal to a
specific process.
• The two signals you're most likely to use are:
1. KILL (signal number 9), which causes the process to exit immediately without performing
any cleanup tasks,
2. TERM (signal number 15), which causes the process to exit but allows it to perform cleanup
tasks before it exits.

• To send a signal to a process, you should either be the owner of the process or be logged
in as the root user.
12-Command: killall
• The 'killall' command is a way to stop processes by their names rather than their PID
numbers.
• This can be useful when you have multiple instances of a process running and you
want to stop all of them at once.
• You can also use wildcard characters with the process name to target multiple
processes.
• For example, if you want to stop all processes with names starting with "http", you
can use the command "killall -i http*". This will prompt you to confirm before
sending the TERM signal to each matching process.
• By default, 'killall' sends a TERM signal (15) to the targeted processes, which allows
them to close open files before exiting. However, you can also specify a different signal
using the -s option.

To send the SIGKILL signal to all processes named firefox:

• If you use the -i option with 'killall', it will prompt you for confirmation before sending
the signal to each process. This can be useful to avoid accidentally stopping the wrong
processes.
To interactively prompt the user before sending the SIGKILL signal to all processes
named firefox: