Full Workload

Whenever you or an application launch a program, the operating system starts one or multiple processes. These processes can enter various states: They can be processed, stopped, restarted, and – under normal circumstances – stopped again. Linux has something similar to access controls for processes: Only the user that started a process can stop, restart, or terminate the process.

The only exception to this rule is the root user, who can control any process on a system. On top of this are processes that run on system user accounts, such as nobody or lp – again, only root has full access to them. In this issue, I will be looking at tools that help you find out more about, and control, processes.

One Big Family

Processes are never isolated and are always in good company. In fact, they are in a hierarchical structure, with process number 1, init, at the top. init is the first process that Linux launches after booting. All other processes share this common "ancestor" – init starts the operating system's basic programs. pstree shows the relationship between "parent" and "child" processes. This tree structure shows you at a glance who is descended from whom (Figure 1).

Additional Output

The tool gives you more detailed output if you set the -a flag. This tells pstree to show you, in addition, the parameters with which the programs are running.

If you use a terminal that supports different fonts and bold type, such as Gnome Terminal or KDE's Konsole, you might also want to try the -h parameter. This tells pstree to highlight its own process and its ancestors.

If you would like to use this practical feature for other processes, use -H with the process ID, and pstree will highlight the specified process and its family tree. Setting the -p option tells pstree to output the process ID (PID), and -u gives you the user.

All of these parameters can be combined – for example, pstree -apu.

Listing Processes with ps

The ps command gives you a list of the processes currently running on your system. If you do not specify any command-line parameters, the tool will restrict the list to the current shell. If you are interested in all of your processes, call ps with the x option (Listing 1).

01  $ ps x
02   PID TTY      STAT   TIME COMMAND
03  3011 ?        Ss     0:00 /usr/bin/gnome-session
04  3061 ?        S      0:00 /usr/bin/dbus-launch --exit-with-session /usr/bin/gnome-session
05 [...]
06  3086 ?        Ssl    0:02 gnome-panel --sm-client-id default1
07  3088 ?        Ssl    0:02 nautilus --no-default-window --sm-client-id default2

The tabular output in the shell tells you the following characteristics:

• PID: The process identifier, a unique number that you can use to reference a process individually.
• TTY: The terminal or console on which the process was started. A question mark indicates that the process is not running on a terminal.
• STAT: The process status. The states can be S (sleeping), R (running), D (dead, the process cannot be restarted), or Z (zombie, a process that has terminated without correctly returning its return status).
• TIME: The computational time used.
• COMMAND: The full command with all of its command-line options.

The ps command offers a number of additional options for adding more information to the output. For example, u shows the process owner and CPU cycles or memory percentage, and a gives you a list of all processes for all users. The l option is also practical – this lengthy output gives you additional information on the PPID (parent process identifier) and on the UID (user identification) of the user who launched the process.

To display what can be fairly lengthy command-line parameters in the COMMAND column, you might want to set w for wider output, and you can use the option multiple times. As shown in Figure 2, you can combine these parameters as needed.