Process and job control
What is happening on your Linux machine? Various shell commands give you details about system processes and help you control them.
Whenever you or an application launch a program, the operating system starts one or multiple processes. These processes can enter various states: They can be processed, stopped, restarted, and – under normal circumstances – stopped again. Linux has something similar to access controls for processes: Only the user that started a process can stop, restart, or terminate the process.
The only exception to this rule is the root user, who can control any process on a system. On top of this are processes that run on system user accounts, such as nobody or lp – again, only root has full access to them. In this issue, I will be looking at tools that help you find out more about, and control, processes.
One Big Family
Processes are never isolated and are always in good company. In fact, they are in a hierarchical structure, with process number 1, init, at the top. init is the first process that Linux launches after booting. All other processes share this common "ancestor" – init starts the operating system's basic programs. pstree shows the relationship between "parent" and "child" processes. This tree structure shows you at a glance who is descended from whom (Figure 1).
The tool gives you more detailed output if you set the -a flag. This tells pstree to show you, in addition, the parameters with which the programs are running.
If you use a terminal that supports different fonts and bold type, such as Gnome Terminal or KDE's Konsole, you might also want to try the -h parameter. This tells pstree to highlight its own process and its ancestors.
If you would like to use this practical feature for other processes, use -H with the process ID, and pstree will highlight the specified process and its family tree. Setting the -p option tells pstree to output the process ID (PID), and -u gives you the user.
All of these parameters can be combined – for example, pstree -apu.
Listing Processes with ps
The ps command gives you a list of the processes currently running on your system. If you do not specify any command-line parameters, the tool will restrict the list to the current shell. If you are interested in all of your processes, call ps with the x option (Listing 1).
01 $ ps x 02 PID TTY STAT TIME COMMAND 03 3011 ? Ss 0:00 /usr/bin/gnome-session 04 3061 ? S 0:00 /usr/bin/dbus-launch --exit-with-session /usr/bin/gnome-session 05 [...] 06 3086 ? Ssl 0:02 gnome-panel --sm-client-id default1 07 3088 ? Ssl 0:02 nautilus --no-default-window --sm-client-id default2
The tabular output in the shell tells you the following characteristics:
- PID: The process identifier, a unique number that you can use to reference a process individually.
- TTY: The terminal or console on which the process was started. A question mark indicates that the process is not running on a terminal.
- STAT: The process status. The states can be S (sleeping), R (running), D (dead, the process cannot be restarted), or Z (zombie, a process that has terminated without correctly returning its return status).
- TIME: The computational time used.
- COMMAND: The full command with all of its command-line options.
The ps command offers a number of additional options for adding more information to the output. For example, u shows the process owner and CPU cycles or memory percentage, and a gives you a list of all processes for all users. The l option is also practical – this lengthy output gives you additional information on the PPID (parent process identifier) and on the UID (user identification) of the user who launched the process.
To display what can be fairly lengthy command-line parameters in the COMMAND column, you might want to set w for wider output, and you can use the option multiple times. As shown in Figure 2, you can combine these parameters as needed.
ps displays the full set of command-line parameters in the COMMAND column. Some programs, such as the wget download manager, optionally accept passwords for authentication in the shell. The password also appears as a command in the process list; theoretically, any user on the system could sniff sensitive data.
Buy this article as PDF
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.
Legendary Uber-distro splits over the systemd controversy.
One of CeBIT’s most successful forums returns in 2015.
A new study says it is possible to unmask 81% of TOR users.
Redmond joins the revolution by turning the .NET Core Runtime into a GitHub project.
Users only had 7 hours to update before the intrusions started.
It's official: The new web arrives