3.4. Linux Processes

3.4. Linux Processes

To control your computer efficiently , you should thoroughly know your server and the processes that run on it. An intruder that breaks into your computer may try to surreptitiously run a program that gives the hacker root rights. A host of such programs can be found on the Internet, including various Trojan horse programs.

A process is a program or its child. A process is created when a program is launched. Each program runs with certain rights. Services that are activated during the system boot have root (complete) or nobody (no) rights. Programs that are launched from the command line have the rights of the user that starts them, unless its SUID or SGID bit is set, in which case the program has the rights of its owner.

There are two main process types: background and foreground. A terminal can have only one foreground process. For example, having launched the man program, you will not be able to execute any other commands until you terminate man .

Those who are familiar with Midnight Commander may ask how it is possible to execute commands while working in Midnight Commander. The answer is simple: processes can spawn child processes. So Midnight Commander is the parent process, and the commands that are executed from it are its child processes. Closing Midnight Commander closes all its child processes.

3.4.1. Mode Switching

All services run as background processes. That is, they do their job in parallel with whatever else you are doing on the computer. However, not only services but also any program can be run in the background mode. It is done by issuing the command to launch the program and following it with a space and the & character. For example, execute the following command:

 man ls & 

You will not see the help file but only the following string displayed on the screen:

 [1] 2802 

The terminal is now ready to accept other commands, because the terminal's foreground process launched the man ls command in the background mode and itself remains in the foreground.

But what does the message displayed in response to the command mean? The sequential number of the background process launched is shown in the square brackets. This number will successively increase. Because this is the first command issued, the number in the square brackets is 1. A separate count of background processes is kept for each user. If you log into the system on another terminal and launch a background process, you will see something like the following:

 [1] 2805 

The number in the square brackets is 1 again, but the next number is, and always will be, different than the one for the first command on the first terminal. This number is the Process IDentifier (PID) of the process created and is unique for all users. This means that if you launch a process number, for example, 2802, no process launched by any other user will ever have this PID.

Remember the identifiers in the preceding two examples; you will need them later.

You can find out what processes are running by executing the jobs command. It displays the following result:

 [1] + Stopped        man ls 

In this case, you can see that the process number, [1] , is loaded into the memory and the status of the man ls command is Stopped .

But what is the purpose of sending a command into the background execution mode? You can use this feature to run in the background a program that takes a long time to complete, while you can engage into other tasks in the foreground. You can switch the command running in the background to the foreground. This is done by entering the fg %X command, where X is the process number shown in the square brackets. Try executing this command with X = 1; this will bring the man ls process to the foreground and display the man page for the ls command.

It is only logical to expect that if a background process can be made the foreground, the reverse is also possible. It is indeed. The process can be returned to the background by pressing the <Ctrl>+<Z> key combination. This will put you back into the command line mode. Execute the jobs command to ascertain that man ls is still running in the background mode.

If the program that you want to return to the background accepts system commands, you can do this by executing the gb %X command instead of using the <Ctrl>+<Z> key combination. Here, X is the process number.

3.4.2. Process Termination

To terminate a process, it has to be returned to the foreground and stopped by one of the methods available. Most often, the program will provide the information on how to terminate it. If this is not the case, you will have to read the program's man page (displayed by executing the man program's_name command) or other documentation for the program.

Background-only processes, as to be expected, cannot be brought into the foreground mode. They are stopped using special commands, which usually look like the following:

 service's_name stop 

Sometimes, processes can hang. Yes, even Linux is not free of this curse. A foreground process can be terminated using the <Ctrl>+<C> or <Ctrl>+<Break> key combination. But this method does not always work for all programs. If a process refuses to terminate when asked nicely , it is terminated using the kill command. To terminate a process with the identifier given in the square brackets, issue the following command:

 kill %n 

Here, n is the number of process given in the square brackets. For example, the man program in the earlier examples is terminated by entering the following in the command line:

 kill %1 

Right afterward, run the jobs command. You should see the following message on the screen:

 [1] + Terminated       man ls 

Executing the jobs command again will produce no information about the man program. A process launched by another user whose PID is known is terminated by the following command:

 kill n 

Here, n is the PID of the process. Note that it is entered without the % character. Then the kill command looks for the process with the specified PID and sends a signal for its termination.

3.4.3. Displaying Process Information

Information about running processes can be displayed using the jobs command. To spy on what other users in the system are doing, the ps command is executed. Running this command without any options displays the following information:

 PID  TTY        TIME    CMD 1652  tty1     00:00:00  bash 1741  tty1     00:00:00  ps 

The four columns display the following information: the PID; the terminal, on which the program was started; the execution time; and the command being executed.

But this list of processes is far from complete. To display all running processes launched from the current terminal, the ps command is executed with the -a switch. The processes launched from all terminals are displayed by executing the ps command with the -x switch added. If you also want to display the name of the user to whom the process belongs, add the -u switch. The resulting command looks as follows :

 ps -axu 

The information it displays is this:

 USER PID %CPU %MEM VSZ  RSS TTY STAT START TIME COMMAND root 1   0.0  0.1  1376 452 ?   S    14:25 0:05 init root 2   0.0  0.0     0   0 ?   SW   14:25 0:00 [keventd] root 3   0.0  0.0     0   0 ?   SW   14:25 0:00 [kapmd] root 5   0.0  0.0     0   0 ?   SW   14:25 0:00 [kswapd] root 6   0.0  0.0     0   0 ?   SW   14:25 0:00 [bdflush] root 7   0.0  0.0     0   0 ?   SW   14:25 0:00 [kupdated] root 530 0.0  0.1  1372 436 ?   S    14:25 0:00 klogd -x rpc  550 0.0  0.2  1516 540 ?   S    14:25 0:00 portmap 

The status of the processes is shown in the STAT column. It can be one of the following:

  • S (sleeping) This is the normal status for services, which only wake up to service client requests .

  • R (running) This indicates that the process currently is being executed.

  • T (traced or stopped) This process is currently being debugged or stopped.

  • Z (zombied) The process has hung and can be killed without any adverse consequences.

  • W The process has no resident pages.

  • < This is a high-priority process.

  • N This is a low-priority process.

These are the main process statuses that you can observe on your system.

A question mark in the STAT column means that the process was started at the system boot stage and does not belong to any of the shells .

The preceding is just a small excerpt from the results returned by the ps -axu command. There are many more processes running in a system, and even with the minimal number of services running, the list may not fit into one screen. I like saving the results of the ps command in a text file so that I could examine it at my leisure in any text editor. This is done by executing the following command:

 ps -axu >> ps.txt 

To see what processes are run by other users, you can execute the w command. The output it produces looks similar to the following:

 10:59am  up 37 min,  2 users,  load average: 0.00, 0.00, 0.00 USER    TTY    FROM  LOGIN@   IDLE   JCPU   PCPU  WHAT root    tty1   -     10:24am  0.00s  0.82s, 0 05s w flenov  tty2   -     10:39am  8:13   0.85s  0.03s grotty 

You can see that there are two users in the system at the given moment. The root user is working on the tty1 terminal, and the user Flenov is working on the tty2 terminal. The LOGIN@ column shows when the user logged into the system. What the user is doing at the given moment is shown in the WHAT column.

The JCPU and PCPU columns can be used to evaluate the extent of the system's workload. If your computer is working sluggishly, you can see the processes that take up too much of the processor time in these columns.

The ps command displays static information about the processes. You can check the current resource usage with the help of the top program. It displays current processes sorted in descending order by the processor and memory usage (Fig. 3.4). Thus, you can tell at a glance which service or program takes up too much of the system's resources and puts a drag on the computer.

image from book
Figure 3.4: A sample of the results produced by the top program

If my computer starts slowing or hiccups periodically, I launch the top command in a separate terminal and switch to it when necessary to check the workload that the processes place on the system.

At the top of the window displayed is the information about the number of users, the overall system workload, and the process statistics: the total number of processes and the number of sleeping, executing, zombie, and stopped processes.

A short set of statistics on memory usage is also displayed: the amount of available, used, and free system memory and the same information for the swap file. In this case, the computer has 256 MB of random access memory (RAM) installed, of which only 7 MB is free; the swap partition is not currently being used. Such a small amount of free RAM available tells me that it would not hurt to increase the system memory. The less the computer resorts to the swap file, the more efficiently it works. That the swap file is not being used at the moment does not mean much. Switching into the graphical mode and launching a couple of resource-hungry applications will quickly use up even this memory.

The top program also displays the processor workload information at the specified time intervals. To exit the program, press the <Ctrl>+<C> key combination.



Hacker Linux Uncovered
Hacker Linux Uncovered
ISBN: 1931769508
EAN: 2147483647
Year: 2004
Pages: 141

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net