Section 5.6. Objective 5: Create, Monitor, and Kill Processes

5.6. Objective 5: Create, Monitor, and Kill Processes

This Objective looks at the management of processes. Just as file management is a fundamental system administrator's function, the management and control of processes is also essential for smooth system operation. In most cases, processes will live, execute, and die without intervention from the user because they are automatically managed by the kernel. However, there are times that a process will die for some unknown reason and need to be restarted. Or, some process may "run wild" and consume system resources, requiring that it be terminated. You will also need to instruct running processes to perform operations, such as rereading a configuration file.

5.6.1. Processes

Every program, whether it's a command, application, or script, that runs on your system is a process. Your shell is a process, and every command you execute from the shell starts one or more processes of its own (referred to as child processes). Attributes and concepts associated with these processes include:

Lifetime

A process lifetime is defined by the length of time it takes to execute (it's "life"). Commands with a short lifetime such as ls will execute for a very short time, generate results, and terminate when complete. User programs such as web browsers have a longer lifetime, running for unlimited periods of time until terminated manually. Long lifetime processes include server daemons that run continuously from system boot to shutdown. When a process terminates, it is said to die (which is why the program used to manually signal a process to stop execution is called kill; succinct, though admittedly morbid).

Process ID (PID)

Every process has a number assigned to it when it starts. PIDs are integer numbers unique among all running processes.

User ID (UID) and Group ID (GID)

Processes must have associated privileges, and a process's UID and GID are associated with the user who started the process. This limits the process's access to objects in the filesystem.

Parent process

The first process started by the kernel at system start time is a program called init. This process has PID 1 and is the ultimate parent of all other processes on the system. Your shell is a descendant of init and the parent process to commands started by the shell, which are its child processes, or subprocesses.

Parent process ID (parent PID)

This is the PID of the process that created the process in question. If that parent process has vanished, the parent PID will be 1, which is the PID of init.

Environment

Each process holds a list of variables and their associated values. Collectively, this list is known as the environment of the process, and the variables are called environment variables. Child processes inherit their environment settings from the parent process unless an alternative environment is specified when the program is executed.

Current working directory

The default directory associated with each process. The process will read and write files in this directory unless they are explicitly specified to be elsewhere in the filesystem.

5.6.2. Process Monitoring

At any time, there could be tens or even hundreds of processes running together on your Linux system. Monitoring these processes is done using three convenient utilities: ps, pstree, and top.

Syntax

 ps [options] 

Description

This command generates a one-time snapshot of the current processes on standard output.

Frequently used options

-a

Show processes that are owned by other users and attached to a terminal. Normally, only the current user's processes are shown.

-f

"Forest" mode, which is used to display process family trees. For example, using this option will display all running child web servers (httpd) in a hierarchical diagram under the parent web server. (There is also a separate command called pstree that does this nicely.)

-l

Long format, which includes priority, parent PID, and other information.

-u

User format, which includes usernames and the start time of processes.

-w

Wide output format, used to eliminate the default output line truncation. Useful for the -f option.

-x

Include processes without controlling terminals. Often needed to see daemon processes and others not started from a terminal session.

-C cmd

Display instances of command name cmd.

-U user

Display processes owned by username user.

Examples

Simply entering the ps command with no options will yield a brief list of processes owned by you and attached to your terminal:

 $ ps 

Use the -a, -u, and -x options to include processes owned by others and not attached to terminals as well as to display them in the "user" mode. The command is valid with or without the dash:

 $ ps -aux $ ps aux 

In this case, the dash is optional. However, certain ps options require the dash. (See the manpage for details.)

If you are interested in finding process information on a particular command, use the -C option. This command displays all web server processes:

 $ ps u -C httpd] 

You'll note that the -C option requires the dash, but the u option won't work with it if a dash is included. This confusion exists because the ps command as implemented on Linux understands options in three differing forms:

Unix98 options

These may be grouped and must be preceded by a dash.

BSD options

These may be grouped and must not be used with a dash.

GNU long options

These options are preceded by two dashes.

---

Tip: The Linux ps tries to be compatible with ps from various other systems. How it interprets various command-line options, which determines how compatible it is with other versions of ps, can be controlled by setting I_WANT_A_BROKEN_PS, PS_PERSONALITY, and various other environment variables. See the ps manpage for details.

---

All of these option types may be freely intermixed. Instead of the -C option, you may wish to use ps with other options that you usually use and pipe the output to grep, searching for process names, PIDs, or anything else you know about the process:

 $ ps aux | grep httpd 

In this case, the result would be the same list of httpd servers, as well as the grep command itself.

Syntax

 pstree [options] [pid|user] 

Description

The pstree command is similar to the "forest" mode of ps -f. This command displays a hierarchical list of processes in a tree format. pstree is very handy for understanding how parent/child process relationships are set up.

If the PID is specified, the displayed tree is rooted at that process. Otherwise, it is rooted at the init process, which has PID 1. If user (a valid username) is specified, trees for all processes owned by user are shown. The tree is represented using characters that appear as lines, such as | for vertical lines and + for intersections (VT100 line-drawing characters, displayed as solid lines by most terminals, are optional). The output looks similar to this:

 httpd-+-httpd       |-httpd       |-httpd       |-httpd       '-httpd 

By default, visually identical branches of the tree are merged to reduce output. Merged lines are preceded by a count indicating the actual number of similar processes. The preceding example is normally displayed on a single line:

 httpd---5*[httpd] 

This behavior can be turned off with the -c option.

Frequently used options

-a

Display command-line arguments used to launch processes.

-c

Disable the compaction of identical subtrees.

-G

Use the VT100 line-drawing characters instead of plain characters to display the tree. This yields a much more pleasing display but may not be appropriate for printing or paging programs.

-h

Highlight the ancestry of the current process (usually the shell). The terminal must support highlighting for this option to be meaningful.

-n

The default sort order for processes with the same parent is alphanumerically by name. This option changes this behavior to a numeric sort by PID.

-p

Include PIDs in the output.

Example

Display a process tree including PIDs:

 # pstree -p init(1)-+-atd(468)         |-bdflush(5)         |-crond(454)         |-httpd(440)-+-httpd(450)         |            |-httpd(451)         |            |-httpd(452)         |            |-httpd(453)         |            |-httpd(455)         |            |-httpd(456)         |            |-httpd(457)         |            '-httpd(458)         |-keventd(2)         |-kjournald(7)         |-klogd(335)         |-ksoftirqd_CPU0(3)         |-kswapd(4)         |-kupdated(6)         |-login(475)---bash(478)---pstree(518)         |-sendmail(420)         |-sshd(385)         |-syslogd(330)         '-xinetd(402) 

Syntax

 top [options] 

Description

The top command also offers output similar to ps, but in a continuously updated display. This is useful in situations in which you need to watch the status of one or more processes or to see how they are using your system.

In addition, a header of useful uptime, load, CPU status, and memory information is displayed. By default, the process status output is generated with the most CPU-intensive processes at the top of the listing (and is named for the "top" processes). To format the screen, top must understand how to control the terminal display. The type of terminal (or terminal window) in use is stored in the environment variable TERM. If this variable is not set or contains an unknown terminal type, top may not execute.

Popular command-line options

Dashes are optional in top options:

-b

Run in batch mode. This is useful for sending output from top to other programs or to a file. It executes the number of iterations specified with the -n option and terminate. This option is also useful if top cannot display on the terminal type you are using.

-d delay

Specify the delay in seconds between screen updates. The default is five seconds.

-i

Ignore idle processes, listing only the "interesting" ones taking system resources.

-n num

Display num iterations and then exit, instead of running indefinitely.

-q

Run with no delay. If the user is the superuser, run with highest possible priority. This option causes top to update continuously and will probably consume any idle time your CPU had. Running top -q as superuser will seriously affect system performance and is not recommended.

-s

Run in secure mode. Some of top's interactive commands can be dangerous if running as the superuser. This option disables them.

Frequently used interactive options

Once top is running interactively, it can be given a number of commands via the keyboard to change its behavior. These commands are single-key commands, some of which cause top to prompt for input:

Ctrl-L

Refresh the screen.

h

Generate a help screen.

k

Kill a process. You will be prompted for the PID of the process and the signal to send it. (The default signal is 15, SIGTERM.) See the later section "Terminating Processes."

n

Change the number of processes to show. You will be prompted to enter an integer number. The default is 0, which indicates that the screen should be filled.

q

Quit the program.

r

Change the priority of a process (renice). You will be prompted for the PID of the process and the value to nice it to (see nice and renice later in this chapter in Objective 6: Modify Process Execution Priorities"). Entering a positive value causes a process to lose priority. If the superuser is running top, a negative value may be entered, causing a process to get a higher than normal priority. This command is not available in secure mode.

s

Change the delay in seconds between updates. You will be prompted for the delay value, which may include fractions of seconds (i.e., 0.5).

Example 1

Simply executing top without options gives a full status display updated every five seconds:

 $ top 

Use the q command to quit.

Example 2

To run top with a faster refresh rate, use the interval option, specified here with a one-second refresh:

 $ top -d 1 

Example 3

To have top update constantly, you could specify -d 0, or use the -q option. Here, this feature is used to watch only non-idle processes, which will include top itself:

 $ top -qi 

Example 4

You may wish to use top to log its output to a file. Use the -b (batch) option for this purpose. In this batch example, the -i option eliminates idle processes, the -n option, with its argument, indicates five iterations, and the -d option indicates a one-second interval. Results will be redirected to file1. This command will take five seconds to execute and does not use the optional dashes:

 $ top bin 5 d 1 > file1 

The single-key interactive commands can be used when top is running interactively. For example, if you type the h command, top displays a help screen. If you enter the n command, top prompts you for the number of lines you wish to display.

Using top to change the nice (priority modifier) value for a process is discussed in "Objective 6: Modify Process Execution Priorities" later in this chapter.

5.6.3. Signaling Active Processes

Each process running on your system listens for signals, simple messages sent to the process either by the kernel or by a user. The messages are sent through interprocess communication. They are single-valued, in that they don't contain strings or command-like constructs. Instead, signals are numeric integer messages, predefined and known by processes. Most have an implied action for the process to take. When a process receives a signal, it can (or may be forced) to take action.

For example, if you are executing a program from the command line that appears to hang, you may elect to type Ctrl-C to abort the program. This action actually sends an SIGINT (interrupt signal) to the process, telling it to stop running.

There are more than 32 signals defined for normal process use in Linux. Each signal has a name and a number (the number is sent to the process, the name is only for our convenience). Many signals are used by the kernel, and some are useful for users. Table 5-5 lists popular signals for interactive use.

^[a] Signal names will often be specified with a SIG prefix. That is, signal HUP is the same as signal SIGHUP.

As you can see from Table 5-5, some signals are invoked by pressing well-known key combinations such as Ctrl-C and Ctrl-Z. You can also use the kill command to send any message. The kill command is implemented both as a shell built-in command and as a standalone binary command.

Syntax

 kill [-s sigspec | -sigspec] [pids] kill -l [signum] 

Description

In the first form, kill is used with an optional sigspec. This is a signal value, specified as either an integer or the signal name (such as SIGHUP, or simply HUP). The sigspec is case-insensitive but is usually specified with uppercase letters. The bash built-in kill is case-insensitive both when using the -ssigspec and the -sigspec forms, but the standalone kill is only case-insensitive in the -ssigspec form. For this reason, it is best to use uppercase signal names. You may use -ssigspec or simply -sigspec to make up the signal value or name. If a sigspec is not given, then SIGTERM (signal 15, "exit gracefully") is assumed. The sigspec is followed by one or more PIDS to which the signal is to be sent. In the second form with the -l option, kill lists the valid signal names. If signum (an integer) is present, only the signal name for that number will be displayed.

Examples

This command displays the signal name SIGTERM, the name of signal 15, and the default when kill is used to signal processes:

 $ kill -l 15 TERM 

All of these commands will send SIGTERM to the processes with PIDs 1000 and 1001:

 $ kill 1000 1001 $ kill -15 1000 1001 $ kill -SIGTERM 1000 1001 $ kill -sigterm 1000 1001 $ kill -TERM 1000 1001 $ kill -s 15 1000 1001 $ kill -s SIGTERM 1000 1001 

If those two processes are playing nicely on your system, they'll comply with the SIGTERM signal and terminate when they're ready (after they clean up whatever they're doing). Not all processes will comply, however. A process may be hung in such a way that it cannot respond, or it may have signal handling code written to trap the signal you're trying to send. To force a process to die, use the strongest kill:

 $ kill -9 1000 1001 $ kill -KILL 1000 1001 

These equivalent commands send the KILL signal to the process, which the process cannot ignore. The process will terminate immediately without closing files or performing any other cleanup. Because this may leave the program's data in an inconsistent state, using the KILL signal should be a last resort. When a process is blocked waiting for I/O, such as trying to write to an unavailable NFS server or waiting for a tape device to complete rewinding, the KILL signal may not work. See the "Terminating Processes" section.

The httpd daemon will respond to the HUP signal by rereading its configuration files. If you've made changes and want httpd to reconfigure itself, send it the HUP signal:

 $ kill -HUP 'cat /var/run/httpd.pid' 

Many other daemons respond to SIGHUP this way.

The back quotes are replaced by the shell with the contents of the file httpd.pid, which httpd creates when it starts.

5.6.4. Terminating Processes

Occasionally, you'll find a system showing symptoms of high CPU load or run out of memory for no obvious reason. This often means an application has gone out of control on your system. You can use ps or top to identify processes that may be having a problem. Once you know the PID for the process, you can use the kill command to stop the process nicely with SIGTERM (kill -15 PID), escalating the signal to higher strengths if necessary until the process terminates.

Killing a process may also kill all of its child processes. For example, killing a shell may kill all the processes initiated from that shell, including other shells.

5.6.5. Shell Job Control

Linux and most modern Unix systems offer job control , which is the ability of your shell (with support of the kernel) to stop and restart executing commands, as well as place them in the background where they can be executed. A program is said to be in the foreground when it is attached to your terminal. When executing in the background, you have no input to the process other than sending it signals. When a process is put in the background, you create a job. Each job is assigned a job number, starting at 1 and numbering sequentially.

The basic reason to create a background process is to keep your shell session free. There are many instances when a long-running program will never produce a result from standard output or standard error, and your shell will simply sit idle waiting for the program to finish. Noninteractive programs can be placed in the background by adding a & character to the command. For example, if you start mozilla from the command line, you don't want the shell to sit and wait for it to terminate. The shell will respond by starting the browser in the background and will give you a new command prompt. It will also issue the job number, denoted in square brackets, along with the PID. For example:

 $ mozilla & [1]  1748 

Here, Mozilla is started as a background process. Mozilla is assigned to job 1 (as denoted by [1]), and is assigned PID 1748. If you start a program and forget the & character, you can still put it in the background by first stopping it by typing Ctrl-Z:

 ^Z [1]+  Stopped      mozilla 

Then issue the bg command to restart the job in the background:

 $ bg [1]+ mozilla & 

Putting interactive programs in the background can be quite useful. Suppose you're logged into a remote Linux system, running Emacs in text mode. Rather than exit from the editor when you need to drop back to the shell, you can simply press Ctrl-Z. This stops Emacs, puts it in the background, and returns you a command prompt.^[1] When you are finished, you resume your Emacs session with the fg command, which puts your stopped job back into the foreground.

^[1] This example ignores the fact that Emacs is capable of hosting a shell itself, which would probably eliminate your need to use job control to get to the command line.

Background jobs and their status can be listed by issuing the jobs command. Stopped jobs can be brought to the foreground with the fg command and optionally placed into the background with the Ctrl-Z and bg sequence.

Syntax

 bg [jobspec] 

Description

Place jobspec in the background, as if it had been started with &. If jobspec is not present, then the shell's notion of the current job is used, as indicated by the plus sign (+) in output from the jobs command. Using this command on a job that is stopped will allow it to run in the background.

Syntax

 fg [jobspec] 

Description

This command places the specified job in the foreground, making it the current job. If jobspec is not present, the shell's notion of the current job is used.

Syntax

 jobs [options] [jobspecs] 

Description

List the active jobs. The optional jobspecs argument restricts output to information about those jobs.

Frequently used option

-l

Also list PIDs.