What is Process?
- Linux calls each running program a process.
- Process is made up of the program instruction, and data read from files, other programs or input from a system user.
- Each process gets its own Process ID (PID). Based on PID, Linux manages how process uses memory and CPU.
- When Linux system boots, it starts first process called the init process. The init process is the core of the Linux system. This process runs scripts that start all other processes running on the system.
Types of processes?
There are two types of processes in Linux:
- Foreground processes – started and controlled by user through a terminal session. They do not start automatically as part of the system services.
- Background processes – processes not started in terminal session. They do not expect user input to be running. Also, they run in terminal session background.
Furthermore, since Linux is multi-user system, the kernel needs to uniquely identify each running process. The process is identified by its process ID (PID), but also with it’s parent process ID (PPID). Based on this information, foreground and background processes are identified and created as follows:
- Parent processes – processes that create other processes.
- Child processes – processes that are created by other processes.
What is Daemon?
Daemon – type of background process that start on system startup. Also, they keep running forever as a service. Daemons start as system tasks (services). Daemons can be controlled by init process (systemd for example)
Creating a process
New process is usually created when an existing process makes an copy of itself in memory. The child process will have same environment variables as its parent. However, it will have different PID number.
Processes are created with fork() and exec() functions.
Finding process ID
To find PID of a given process, use pidof command, like so:
$ pidof systemd 1 $ pidof firefox 25151
To find the PID and PPID of current shell, we run:
$ echo $$ 2152 $ echo $PPID 2149
Understanding background and foreground
To start a process in foreground, just call any program and it will run, or wait for user input. As such, this process will bind to current shell and you will only be able to use that process.
Starting the process in background
To start a process in background, call any program and add & symbol at the end, like so
# dd if=/dev/zero of=/dev/null &
Sending background process to foreground
Also, we can send foreground process to background by sending a SIGSTOP signal by pressing CTRL + Z keys. To see background processes, we use jobs command. The jobs command will show background processes with their job ID (not to be mistaken with PID). To call process to foreground, use fg %[JOB_ID]
# jobs  firefox  tar -cf backup.tar /backups/ # fg %1
What are Process States?
A process changes from one state to another depending on its environment. A process can have these states:
- Running – when in running state, process has all its needs to run. The running processes are marked with ‘R’ in ps output. Running process is either running or being ready to be run (waiting to be assigned to CPUs)
- Uninterruptable sleep (D)- process is in uninterruptable sleep state when it needs resources that are not currently available, in other words it waits for any I/O (storage device, network, whatever). At that point, it either goes to sleep state by itself, or the kernel knock him out and makes him sleep. When the resource process needs becomes available, a signal is sent to the CPU. Signal with D state cannot be killed, even with
kill -9command because they are, well, interruptable. The only way to kill that process is to reboot system or waiting for I/O to respond. To see list of all processes in D state use
echo w > /proc/sysrq-trigger
- Stopped – process can stop by themselves or by receiving a signal.
- Zombie process – If a process is ended but its parent process is not, meaning it did not acknowledged the termination signal because it’s sleeping, then it is called zombie process.
Sending signals to processes
Most important way of controlling processes is by sending signals to them. To list all signals use #kill -l
[aldin@ghost ~]$ kill -l 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM 16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP 21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ 26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR 31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3 38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8 43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13 48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 63) SIGRTMAX-1 64) SIGRTMAX
- SIGHUP 1 – sent to a process when its controlling terminal is closed
- SIGINT 2 – sent to a process by its controlling terminal when a user interrupts the process by pressing CTRL + C
- SIGQUIT 3 – sent to a process if the user sends a quit signal with CTRL + D
- SIGKILL 9 – immediately terminates a process and the process will not perform any clean-up operations
- SIGTERM 15 – process termination signal (kill uses SIGTERM by default)
- SIGTSTP 20 – sent to a process by its controlling terminal to request it to stop (terminal stop). Initiated by the user pressing CTRL + Z
- SIGCONT – puts process in foreground
- SIGSTOP – puts process in background
A user can only kill his own processes, not others’ processes. Also, a user cannot kill processes system is using. Most importantly, root user can kill all system and user processes.
Kill sends a specified signal to a process. The kill command sends SIGTERM signal by default. SIGTERM is safest way to kill a process. SIGHUP is less secure way of killing a process. SIGKILL is the most unsafe way.
# kill -9 19212 # kill SIGKILL 19212 # kill -SIGTERM 19212 # kill 19212 19213 19214
Kills a process by entering process name, not PID
# pkill mysqld
pgrep greps process ID by given name. It simply shows PID of a given process name, nothing else:
# pgrep mysql 3139
killall is used to kill all child processes of a given command.
# killall mysqld
nice and renice
All active processes have priority and certain nice value. Processes with higher nice value are getting more CPU time (higher priority). Processes with lower nice value are getting lower CPU time (lower priority). However, the higher nice value is not 19, but -20, and the lower priority value is not -20, but 19. Default niceness value is 0. The root can change these nice values with nice and renice commands.
The following command would set nice value for process gnome-terminal
# nice -n 15 gnome-terminal
- nice – used to set a nice value for a process. Normal users can set 0-20 values, while root user can set from -20 to 19 values.
- renice – used to change nice value for a process.
The following command would change nice value to 15 to process with ID 1851
# renice -n 15 -p 1851
The following command will change nice value for all processes that belong to ‘wheel’ group
# renice -n 15 -g wheel
The following command will change nice value for all processes that belong to ‘aldin’ user
# renice -n 15 -u aldin