3.5 Objective 5: Create, Monitor,
and Kill Processes
This Objective looks at the management of
processes. Just as file management is a
fundamental system administrator's function, the management
and control of processes is also essential for smooth system
operation. In most cases, processes will live, execute, and
die without intervention from the user because they are
automatically managed by the kernel. However, there are times
that a process will die for some unknown reason and need to be
restarted. Or, some process may "run wild" and consume system
resources, requiring that it be terminated. You will also need
to instruct running processes to perform operations, such as
rereading a configuration file.
3.5.1 Processes
Each program running
on your system is considered to be a process by the kernel.
Your shell is a process, and each command you type into the
shell starts one or more processes during its execution.
Attributes and concepts associated with processes include:
- Lifetime
-
Each process "lives" as it executes. Short commands such as ls will execute for a very short
time, generate results, and terminate on their own. User
programs such as web browsers run for extended periods until
terminated by the user. Daemons such as web servers run
continuously from boot to shutdown or restart. When a
process terminates, it is said to die (which is why
the program used to manually signal a process to stop
execution is called kill;
succinct, though admittedly morbid).
- Process ID (PID)
-
Every process has
a number assigned to it when it starts. PIDs are integer
numbers unique among all running processes.
- User ID (UID) and Group ID
(GID)
-
Processes must have associated
privileges, and a process' UID and GID are associated with
the user who started the process. This limits the process' access
to objects in the filesystem.
- Parent process
-
The first process
started by the kernel at system start time is a program
called init. This process has PID 1 and is the
ultimate parent of all other processes on the system. Your shell is a descendant of
init and the parent process
to commands started by the shell, which are its child processes, or
subprocesses.
- Parent process ID (parent
PID)
-
This is the PID of
the process that created the process in question. If
that parent process has vanished, the parent PID will be 1,
which is the PID of init.
- Environment
-
Each process holds
a list of variables and their associated values. Collectively, this list is known
as the process' environment
and the variables are environment
variables. The environment is inherited from the
parent process unless it is replaced through the execution
of startup scripts.
- Current working
directory
-
A default
directory is associated with each process, which is where
the process will seek and write files unless they are
explicitly specified to be elsewhere in the filesystem.
 |
Processes are often referred
to as tasks. Linux is a multitasking
operating system, in that it runs many processes
simultaneously. However, even though the terms
process and task may be synonymous in
this context, don't confuse multiprocessing with
multitasking. Multiprocessing generally refers to
systems with multiple central processing units, a
definition that has little to do with system
processes. Given the correct hardware and a
multiprocessing kernel, Linux has multiprocessing
capability.
| |
3.5.2 Process Monitoring
At any time, there could be tens or even
hundreds of processes running
together on your Linux system. Monitoring these processes is
done using three convenient utilities: ps, pstree, and top.
Syntaxps [options]
Description
This command generates a one-time
snapshot of the current processes on standard output.
Frequently used options
- -a
-
Show
processes that are owned by other users and attached to a
terminal. Normally, only the
current user's processes are shown.
- -f
-
"Forest" mode, which is used to display
process family trees. For example, using this option will
display all running child web servers (httpd) in a hierarchical diagram
under the parent web server.
- -l
-
Long format, which includes priority,
parent PID, and other information.
- -u
-
User format, which includes usernames and
the start time of processes.
- -w
-
Wide output format, used to eliminate the
default output line truncation. Useful for the -f option.
- -x
-
Include processes without controlling
terminals. Often needed to
see daemon processes and others not started from a terminal
session.
- -C cmd
-
Display instances of command name
cmd.
- -U usr
-
Display processes owned by username
usr.
Examples
Simply entering the ps command with no options will yield
a brief list of processes owned by you and attached to your
terminal: $ ps
Use the -a,
-u, and -x options to include processes owned
by others and not attached to terminals as well as to display
them in the "user" mode. The
command is valid with or without the dash: $ ps -aux
$ ps aux
In this case, the dash is optional. However, certain ps options require the dash. (See the
manpage for details.)
If you are interested in finding process
information on a particular command, use the -C option. This command displays all web
server processes: $ ps u -C httpd
You'll note that the -C option requires the dash, but the u option won't work with it if a dash
is included. This confusion
exists because the ps command
as implemented on Linux understands options in three differing
forms:
- Unix98 options
-
These may be
grouped and must be preceded by a dash.
- BSD options
-
These may be
grouped and must not be used
with a dash.
- GNU long options
-
These options are
preceded by two dashes.
All of these option types may be freely
intermixed. Instead of the
-C option, you may wish to use
ps with other options that you
usually use and pipe the output to grep, searching for process names,
PIDs, or anything else you know about the process: $ ps -aux | grep httpd
In this case, the result would be the same
list of httpd servers, as well
as the grep command itself.
Syntaxpstree [options] [pid|user]
Description
The pstree command is similar to the
"forest" mode of ps -f. This
command displays a hierarchical list of processes in a tree
format. pstree is very handy
for understanding how parent/child process relationships are
set up.
If pid is specified, the displayed
tree is rooted at that process. Otherwise, it is rooted at the
init process, which has PID 1. If user (a valid
username) is specified, trees for all processes owned by
user are shown. The tree is represented using
characters that appear as lines, such as | for vertical lines and + for intersections (VT100
line-drawing characters, displayed as solid lines by most
terminals, are optional). The output looks similar to this:
httpd-+-httpd
|-httpd
|-httpd
|-httpd
`-httpd
By default, visually identical branches of
the tree are merged to reduce output. Merged lines are
preceded by a count indicating the actual number of similar
processes. The preceding example is normally displayed on a
single line: httpd---5*[httpd]
This behavior can be turned off with the
-c option.
Frequently used options
- -a
-
Display command-line arguments used to
launch processes.
- -c
-
Disable the compaction of identical
subtrees.
- -G
-
Use the VT100 line-drawing characters
instead of plain characters to display the tree. This yields
a much more pleasing display but may not be appropriate for
printing or paging programs.
- -h
-
Highlight the ancestry of the current
process (usually the shell). The terminal must support
highlighting for this option to be meaningful.
- -n
-
The default sort order for processes with
the same parent is alphanumerically by name. This option
changes this behavior to a numeric sort by PID.
- -p
-
Include PIDs in the output.
Example
Display a process tree including PIDs: # pstree -p
init(1)-+-atd(356)
|-crond(370)
|-gpm(526)
|-httpd(540)-+-httpd(544)
| |-httpd(545)
| |-httpd(546)
| |-httpd(547)
| |-httpd(548)
|-inetd(384)
|-login(691)-bash(699)-startx(711)-xinit(718)
-+-X(719)
|-lpd(412)
|-mdrecoveryd(5)
|-mingetty(692)
|-mingetty(693)
|-named(398)
|-nfsd(467)---lockd(475)---rpciod(476)
|-nfsd(468)
|-portmap(284)
Syntaxtop [command-line options]
Description
The top command also offers output
similar to ps, but in a
continuously updated display. This is useful in situations in
which you need to watch the status of one or more processes or
to see how they are using your system.
In addition, a header of useful uptime, load,
CPU status, and memory information is displayed. By default,
the process status output is generated with the most
CPU-intensive processes at the top of the listing (and is
named for the "top" processes). In order to format the screen,
top must understand how to
control the terminal display. The type of terminal (or
terminal window) in use is stored in the environment variable
TERM. If this variable is not set or contains an unknown
terminal type, top may not
execute.
Popular command-line options
Dashes are not required for top options:
- -b
-
Run in batch mode. This is useful for sending output
from top to other programs or
to a file. It executes the
number of iterations specified with the -n option and terminate. This option is also useful if
top cannot display on the
terminal type you are using.
- -d delay
-
Specify the delay in seconds between
screen updates. The default
is five seconds.
- -i
-
Ignore idle processes, listing only the
"interesting" ones taking system resources.
- -n num
-
Display num iterations and then
exit, instead of running indefinitely.
- -q
-
Run with no delay. If the user is the superuser, run
with highest possible priority. This option causes top to update continuously and will
probably consume any idle time your CPU had. Running top -q as superuser will seriously
affect system performance and is not recommended.
- -s
-
Run in secure mode. Some of top's interactive commands can be
dangerous if running as the superuser. This option disables them.
Frequently used interactive
options
Once top is
running interactively, it can be given a number of commands
via the keyboard to change its behavior. These commands are
single-key commands, some of which cause top to prompt for input:
- Ctrl-L
-
Repaint the screen.
- h
-
Generate a help screen.
- k
-
Kill a process. You will be prompted for the PID
of the process and the signal to send it (the default signal
is 15, SIGTERM ). See Section
3.5.4.
- n
-
Change the number of processes to show. You will be prompted to enter an
integer number. The default
is 0, which indicates that the screen should be filled.
- q
-
Quit the program.
- r
-
Renice a
process (change its priority). You will be prompted for the PID
of the process and the value to nice it to (see nice and renice in Objective 6). Entering a positive value causes
a process to lose priority.
If the superuser is running top, a negative value may be
entered, causing a process to get a higher than normal
priority. This command is not
available in secure mode.
- s
-
Change the delay in seconds between
updates. You will be prompted
for the delay value, which may include fractions of seconds
(i.e., 0.5).
Example 1
Simply executing top without options gives a full
status display updated every five seconds: $ top
Use the q
command to quit.
Example 2
To run top
with a faster refresh rate, use the interval option, specified
here with a one-second refresh: $ top -d 1
Example 3
To have top
update constantly, you could specify -d 0, or use the -q option. Here, this feature is used
to watch only nonidle processes, which will include top itself: $ top -qi
Example 4
You may wish to use top to log its output to a file. Use the -b (batch) option for this purpose.
In this batch example, the -i
option eliminates idle processes, the -n option, with its argument,
indicates five iterations, and the -d option indicates a one-second
interval. Results will be redirected to file1. This
command will take five seconds to execute and does not use the
optional dashes: $ top bin 5 d 1 > file1
The single-key interactive commands can be
used when top is running
interactively. For example, if you type the h command, top yields a help screen. By entering
the n command, top prompts you for the number of
lines you wish to display.
|
The parent/child relationship of the
processes on a Linux system is important. Be sure to
understand how these relationships work and how to view
them. Note that the init process always has PID 1
and is the ultimate ancestor of all system processes.
|
Using top to
change the "nice" (priority modifier) value for a process is
discussed in Objective 6.
3.5.3 Signaling Active
Processes
Each process running on your system listens
for signals, simple messages sent to the process
either by the kernel or by a user. The messages are sent
through interprocess communication. They are single-valued, in
that they don't contain strings or command-like constructs.
Instead, signals are numeric integer messages, predefined and
known by processes. Most have an implied action for the
process to take. When a process receives a signal, it can (or
may be forced) to take action. For example, if you are
executing a program from the command line that appears to
hang, you may elect to type Ctrl-C to abort the
program. This action actually
sends an INTERRUPT signal to the process, telling it
to stop running.
There are about 30 signals defined in Linux.
Each signal has a name and a number (the number is sent to the
process, the name is only for our convenience). Many signals
are used by the kernel, and some are useful for users. Table
3-5 lists popular signals for interactive use.
Table 3-5. Frequently Used
Interactive Signals
HUP |
1 |
Hang up. This signal is sent
automatically when you log out or disconnect a
modem. It is also used by
many daemons to cause the configuration file to be
reread. |
INT |
2 |
Interrupt; stop running. This signal is
sent when you type Ctrl-C. |
KILL |
9 |
Kill; stop unconditionally and
immediately. Sending this signal is a drastic measure,
as it cannot be ignored by the process. This is the
"emergency kill" signal. |
TERM |
15 |
Terminate, nicely if possible. This
signal is used to ask a process to exit gracefully.
|
TSTP |
18 |
Stop executing, ready to continue. This
signal is sent when you type Ctrl-Z. (See Section
3.5.5 for more information.)
|
As you can see from Table
3-5 some signals are invoked by pressing well-known key
combinations such as Ctrl-C and
Ctrl-Z. You can also use the
kill command to send any
message. The kill command is
implemented both as a shell built-in command and as a
standalone binary command.
Syntaxkill [-s sigspec | -sigspec] [pids]
kill -l [signum]
Description
In the
first form, kill is used with
an optional sigspec.
This is a signal value, specified as either an integer or the
signal name (such as SIGHUP, or
simply HUP). The sigspec is
case-insensitive but usually specified with uppercase
letters. You may use -s sigspec or simply
-sigspec to make up the signal value or name. If a sigspec is not given,
then SIGTERM (signal 15, "exit gracefully") is assumed. The sigspec is followed by
one or more pids to which the signal is to be sent. In
the second form with the -l
option, kill lists the
valid signal names. If
signum (an integer) is present, only the signal name
for that number will be displayed.
Examples
This command displays the signal name SIGTERM, the name of signal 15, and
the default when kill is used
to signal processes: $ kill -l 15
All of these commands will send a SIGTERM signal to the processes with
PIDs 1000 and 1001: $ kill 1000 1001
$ kill -15 1000 1001
$ kill -SIGTERM 1000 1001
$ kill -sigterm 1000 1001
$ kill -TERM 1000 1001
$ kill -s 15 1000 1001
$ kill -s SIGTERM 1000 1001
If those two processes are playing nicely on
your system, they'll comply with the SIGTERM signal and terminate when
they're ready (after they clean up whatever they're doing).
Not all processes will comply, however. A process may be hung
in such a way that it cannot respond, or it may have signal handling code written to trap
the signal you're trying to send. To force a process to die,
use the strongest kill: $ kill -9 1000 1001
$ kill -KILL 1000 1001
These equivalent commands send the KILL signal to the process, which the
process cannot ignore. The process will terminate immediately
without regard to closing files or other cleanup procedures.
Because of this, using the KILL signal is a last
resort. See Section
3.5.4.
The inetd
superdaemon will respond to the HUP signal by rereading its
configuration file. If you've made changes to that file and
want inetd to reconfigure
itself, send it the HUP signal:
$ kill -HUP `cat /var/run/inetd.pid`
|
Note that kill is used for sending all
kinds of signals, not just termination signals. Also, be
aware of the difference between the PID you intend to
kill and the signal you wish to send it. Since they're
both integers, they can sometimes be confused.
|
The backward quotes are replaced by the shell
with the contents of the file inetd.pid, which inetd creates when it
starts.
3.5.4 Terminating Processes
Based on the type of service that has failed,
you can use ps or top to identify one or more processes
that may have a problem. Once you know the PID for the process
that's causing the problem, you can use the kill command to stop the process
nicely with SIGTERM (kill -15 [PID
]), escalating the
signal to higher strengths if necessary until the process
terminates.
|
Occasionally you may see a
process displayed by ps or top that is listed as a
zombie. These are processes that are stuck
while trying to terminate and are appropriately
said to be in the zombie state. Just as in
the cult classic film Night of the Living Dead,
you can't kill zombies, because they're already
dead!
| |
If you have a recurring problem with zombies,
there may be a bug in your system software or in an
application
Killing a process may also kill all of its
child processes. For example, killing a shell may kill all the
processes initiated from that shell, including other shells.
3.5.5 Shell Job Control
Linux and most modern Unix systems offer
job control , which is the ability of your
shell (with support of the kernel) to place executing commands
in the background where they can be executed. A program is said to be in the
foreground when it is attached to your
terminal. When executing in the
background, you have no input to the process other than
sending it signals. When a process is started in the
background, you create a job. Each job is assigned a job number,
starting at 1 and numbering sequentially.
The basic reason to create a background
process is to keep your terminal or terminal window session
free. There are many instances when a long-running program
will never produce a result from standard output or standard
error, and your shell will simply sit idle waiting for the
program to finish. Noninteractive programs can be placed in
the background by adding the &
character to the command. For example, if you start netscape from the command line, you
don't want the shell to sit and wait for it to terminate. The
shell will respond by starting the browser in the background
and will give you a new command prompt. It will also issue the
job number, denoted in square brackets, along with the PID.
For example: $ netscape &
[1] 1748
Here, Netscape is started as a background
process. Netscape is assigned to job 1 (as denoted by
[1]), and is assigned PID 1748. If you start a
program and forget the &
character, you can still put it in the background by first
stopping it by typing Ctrl-Z: ^Z
[1]+ Stopped netscape
Then issue the bg command to restart the job in the
background: $ bg
[1]+ netscape &
Putting interactive programs in the
background can be quite useful. Suppose you're logged into a
remote Linux system, running Emacs in text mode. Realizing
that you need to drop back to the command line, you elect not
to terminate the editor but instead simply press Ctrl-Z. This stops Emacs and puts it
in the background and returns you a command prompt. When you're
finished, you can go back into Emacs by issuing the fg command, which puts your stopped
job back into the foreground.
Background jobs and their status can be
listed by issuing the jobs
command. Stopped jobs can be brought to the foreground with
the fg command and optionally
placed into the background with the Ctrl-Z and bg sequence.
Syntaxbg [jobspec]
Description
Place jobspec in the background, as if
it had been started with &.
If jobspec is not present, then the shell's notion of
the current job is used, as
indicated by the plus sign (+)
in output from the jobs command. Using this command on
a job that is stopped will allow it to run in the background.
Syntaxfg [jobspec]
Description
This command places the specified job in the
foreground, making it the current job. If jobspec is
not present, then the shell's notion of the current job is
used.
Syntaxjobs [options] [jobspecs]
Description
List the active jobs. If jobspecs are included,
output is restricted to information about those jobs.
Frequently used option
- -l
-
Also list PIDs.
|
Be sure to know how to display
background jobs and how to switch among them. | 
|