All You Need To Know About Processes in Linux

In this article, we will walk through a basic understanding of processes and briefly look at how to manage processes in Linux using certain commands.

A process refers to a program in execution; it’s a running instance of a program. It is made up of the program instruction, data read from files, other programs or input from a system user.

Types of Processes

There are fundamentally two types of processes in Linux:

  • Foreground processes (also referred to as interactive processes) – these are initialized and controlled through a terminal session. In other words, there has to be a user connected to the system to start such processes; they haven’t started automatically as part of the system functions/services.
  • Background processes (also referred to as non-interactive/automatic processes) – are processes not connected to a terminal; they don’t expect any user input.

What is Daemons

These are special types of background processes that start at system startup and keep running forever as a service; they don’t die. They are started as system tasks (run as services), spontaneously. However, they can be controlled by a user via the init process.

Linux Process State

Creation of a Processes in Linux

A new process is normally created when an existing process makes an exact copy of itself in memory. The child process will have the same environment as its parent, but only the process ID number is different.

There are two conventional ways used for creating a new process in Linux:

  • Using The System() Function – this method is relatively simple, however, it’s inefficient and has significantly certain security risks.
  • Using fork() and exec() Function – this technique is a little advanced but offers greater flexibility, speed, together with security.

How Does Linux Identify Processes?

Because Linux is a multi-user system, meaning different users can be running various programs on the system, each running instance of a program must be identified uniquely by the kernel.

And a program is identified by its process ID (PID) as well as it’s parent processes ID (PPID), therefore processes can further be categorized into:

  • Parent processes – these are processes that create other processes during run-time.
  • Child processes – these processes are created by other processes during run-time.

The Init Process

Init process is the mother (parent) of all processes on the system, it’s the first program that is executed when the Linux system boots up; it manages all other processes on the system. It is started by the kernel itself, so in principle it does not have a parent process.

The init process always has process ID of 1. It functions as an adoptive parent for all orphaned processes.

You can use the pidof command to find the ID of a process:

# pidof systemd
# pidof top
# pidof httpd

Find Linux Process ID

To find the process ID and parent process ID of the current shell, run:

$ echo $$
$ echo $PPID

Find Linux Parent Process ID

Starting a Process in Linux

Once you run a command or program (for example cloudcmd – CloudCommander), it will start a process in the system. You can start a foreground (interactive) process as follows, it will be connected to the terminal and a user can send input it:

# cloudcmd

Start Linux Interactive Process

Linux Background Jobs

To start a process in the background (non-interactive), use the & symbol, here, the process doesn’t read input from a user until it’s moved to the foreground.

# cloudcmd &
# jobs

Start Linux Process in Background

You can also send a process to the background by suspending it using [Ctrl + Z], this will send the SIGSTOP signal to the process, thus stopping its operations; it becomes idle:

# tar -cf backup.tar /backups/*  #press Ctrl+Z
# jobs

To continue running the above-suspended command in the background, use the bg command:

# bg

To send a background process to the foreground, use the fg command together with the job ID like so:

# jobs
# fg %1

Linux Background Process Jobs

You may also like: How to Start Linux Command in Background and Detach Process in Terminal

States of a Process in Linux

During execution, a process changes from one state to another depending on its environment/circumstances. In Linux, a process has the following possible states:

  • Running – here it’s either running (it is the current process in the system) or it’s ready to run (it’s waiting to be assigned to one of the CPUs).
  • Waiting – in this state, a process is waiting for an event to occur or for a system resource. Additionally, the kernel also differentiates between two types of waiting processes; interruptible waiting processes – can be interrupted by signals and uninterruptible waiting processes – are waiting directly on hardware conditions and cannot be interrupted by any event/signal.
  • Stopped – in this state, a process has been stopped, usually by receiving a signal. For instance, a process that is being debugged.
  • Zombie – here, a process is dead, it has been halted but it’s still has a task to perform on the system.

How to View Active Processes in Linux

There are several Linux tools for viewing/listing running processes on the system, the two traditional and well known are ps and top commands:

1. ps Command

It displays information about a selection of the active processes on the system as shown below:

# ps 
# ps -e | head 

List Linux Active Processes

2. top – System Monitoring Tool

top is a powerful tool that offers you a dynamic real-time view of a running system as shown in the screenshot below:

# top 

Read this for more top usage examples: 12 TOP Command Examples in Linux

3. glances – System Monitoring Tool

glances is a relatively new system monitoring tool with advanced features:

# glances

For a comprehensive usage guide, read through: Glances – An Advanced Real Time System Monitoring Tool for Linux

There are several other useful Linux system monitoring tools you can use to list active processes, open the link below to read more about them:

  1. 20 Command Line Tools to Monitor Linux Performance
  2. 13 More Useful Linux Monitoring Tools

How to Control Processes in Linux

Linux also has some commands for controlling processes such as kill, pkill, pgrep and killall, below are a few basic examples of how to use them:

$ pgrep -u tecmint top
$ kill 2308
$ pgrep -u tecmint top
$ pgrep -u tecmint glances
$ pkill glances
$ pgrep -u tecmint glances

Control Linux Processes

To learn how to use these commands in-depth, to kill/terminate active processes in Linux, open the links below:

  1. A Guide to Kill, Pkill and Killall Commands to Terminate Linux Processess
  2. How to Find and Kill Running Processes in Linux

Note that you can use them to kill unresponsive applications in Linux when your system freezes.

Sending Signals To Processes

The fundamental way of controlling processes in Linux is by sending signals to them. There are multiple signals that you can send to a process, to view all the signals run:

$ kill -l

List All Linux Signals

To send a signal to a process, use the kill, pkill or pgrep commands we mentioned earlier on. But programs can only respond to signals if they are programmed to recognize those signals.

And most signals are for internal use by the system, or for programmers when they write code. The following are signals which are useful to a system user:

  • SIGHUP 1 – sent to a process when its controlling terminal is closed.
  • SIGINT 2 – sent to a process by its controlling terminal when a user interrupts the process by pressing [Ctrl+C].
  • SIGQUIT 3 – sent to a process if the user sends a quit signal [Ctrl+D].
  • SIGKILL 9 – this signal immediately terminates (kills) a process and the process will not perform any clean-up operations.
  • SIGTERM 15 – this a program termination signal (kill will send this by default).
  • SIGTSTP 20 – sent to a process by its controlling terminal to request it to stop (terminal stop); initiated by the user pressing [Ctrl+Z].

The following are kill commands examples to kill the Firefox application using its PID once it freezes:

$ pidof firefox
$ kill 9 2687
OR
$ kill -KILL 2687
OR
$ kill -SIGKILL 2687  

To kill an application using its name, use pkill or killall like so:

$ pkill firefox
$ killall firefox 

Changing Linux Process Priority

On the Linux system, all active processes have a priority and certain nice value. Processes with higher priority will normally get more CPU time than lower priority processes.

However, a system user with root privileges can influence this with the nice and renice commands.

From the output of the top command, the NI shows the process nice value:

$ top  

List Linux Running Processes

Use the nice command to set a nice value for a process. Keep in mind that normal users can attribute a nice value from zero to 20 to processes they own.
Only the root user can use negative nice values.

To renice the priority of a process, use the renice command as follows:

$ renice +8  2687
$ renice +8  2103

 

How does linux work?

Basics of Linux:

Linux is a multitask and multiuser operating system. Now, a little explanation of this terminology.

An operating system is a collection of programs that run in a computer so that a person can easily access the hardware and all resources of the computers. The operating system is the big program that makes your computer life easy.

multitask operating system is capable of doing several tasks at the same time.

multiuser operating sytem has a concept of “userquot;, a way to identify the person that is using the system, and can allow different users to perform different taks in the computer, and protect one user’s tasks from interfering with another user’s programs.

Some terminology:

There are a few other terms that will help you to understand the rest of the this manual:

  • shell: this is a program in the system that allows you to give the commands you want to execute. It is the basic programs that connects you to the operating sytem.
  • process: any task that you run in the system is called a process (again, a process is something a little more complex than just a task, but that definition is good enough to start).
  • file: a part of the hard disk that contains data owned by a user of the system.
  • X-windows (or simply windows): this is a mode of Linux where you screen (monitor) can be split in small “parts” called windows, that allow you to do several things at the same time (or rather change from one task to another easily) and view graphics in a nice way.
  • text terminal: by this I mean a monitor that has only the capability to display text stuff, no graphics (or perhaps a very basic graphics display).
  • session: the time you spend between logging on in the system and logging out of the system.

Linux boot process:

In many ways Linux is no different from any other operating system. It runs on the same computer, and the inner workings are the same as those that drive Windows, Linux, BSD, MacOS, etc. But there are fundamental and compounding differences from that point forward. Here we will cover how Linux works? Starting at power on, and finally reaching the desktop.

When you press the “On” button on your PC to start it, the computer wakes up the same way we do every morning. We open our eyes and check if there is anything wrong from the time we went to sleep. On a computer this is performed by the BIOS (Basic Input Output System) on the motherboard. The BIOS is the small chip that has the responsibility of identifying, checking and initializing system devices such as graphics cards, hard disks, etc.

To do this the BIOS makes a POST (Power On Self Test) and then checks which drive to use as the primary boot device. Normally this is set through the BIOS configuration screen and the first boot device can be identified as the CD-ROM, USB drive, hard disk or floppy disk. Let’s say that our system is configured to boot from CD-ROM and then Hard Disk. The BIOS checks the CD-ROM device to see if a CD/DVD resides there and is bootable. If so it boots from the CD-ROM, if not it turns to the hard disk, and hands over the control of the computer.

The boot of the operating system starts here, with the boot partition always located at the same place for all operating systems: track 0, head 0 and cylinder 0. Then the small program here, which is GRUB (GRand Unified Boot loader) or LILO (LInux LOader) performs the initialization and boot of the operating system, and since many distributions implement GRUB as their default bootloader, I will go with this one.

The configuration file (/boot/grub/grub.conf), which is used to create the list of operating systems to boot in GRUB’s menu interface, essentially allows the user to select a pre-set group of commands to execute.

It looks like below:

 # grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/mapper/vg_centos-lv_root
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-642.13.1.el6.x86_64)
 root (hd0,0)
 kernel /vmlinuz-2.6.32-642.13.1.el6.x86_64 ro root=/dev/mapper/vg_centos -lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_centos/lv_swap rd_NO_MD SYSFON T=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=vg_centos/lv_root KEYBOARDTYPE=p c KEYTABLE=us rd_NO_DM rhgb quiet
 initrd /initramfs-2.6.32-642.13.1.el6.x86_64.img
title CentOS (2.6.32-504.8.1.el6.x86_64)
 root (hd0,0)
 kernel /vmlinuz-2.6.32-504.8.1.el6.x86_64 ro root=/dev/mapper/vg_centos- lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_centos/lv_swap rd_NO_MD SYSFONT =latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=vg_centos/lv_root KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
 initrd /initramfs-2.6.32-504.8.1.el6.x86_64.img
title CentOS 6 (2.6.32-504.el6.x86_64)
 root (hd0,0)
 kernel /vmlinuz-2.6.32-504.el6.x86_64 ro root=/dev/mapper/vg_centos-lv_r oot rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_centos/lv_swap rd_NO_MD SYSFONT=lat arcyrheb-sun16 crashkernel=auto rd_LVM_LV=vg_centos/lv_root KEYBOARDTYPE=pc KEY TABLE=us rd_NO_DM rhgb quiet
 initrd /initramfs-2.6.32-504.el6.x86_64.img

The GRUB is either in /boot/grub/menu.lst or /boot/boot/menu.lst. The menu.lst file is symlink to grub.conf. So both files are same.

Now, the GRUB knows that the kernel version 2.6.32 is to be loaded and it is in root (/) directory (the kernel is a compressed file and can decompress itself in case of a system call.) GRUB makes a call to the kernel (which is the vmlinuz-2.6.32-504.8.1.el6.x86_64 file in the configuration above) to decompress itself and start.

The kernel checks if your graphics card is there and running and if it supports complex text modes. After that it checks the hardware present on the computer (hard disks, network cards, TV cards etc.) and loads the relevant drivers. The kernel displays all the progress with informative messages during this time, as you can see in the screenshot.

After this boot stage the kernel tries to mount the file system. It tries to auto detect the file system and if it succeeds, carries on. If not, a kernel panic occurs and the system stops. If not, the kernel finally hands over the remaining job to the process named init and waits.

Init is the first process in the Linux system, with Process ID (PID) 1 and it initializes the rest of the system.

One of the most important concepts in how Linux works are the runlevels. These modes of operation allow Linux to run in V-style initialization state. After we see what is the system state in each runlevel, we continue with the initialization process in all Linux systems. Discussing the step by step process of what Linux initialization does. This will help to explain how does Linux work. Then we discuss the graphical login window, which means the system is up and running for the graphical user mode.

Linux Runlevels

Users migrating from Windows have difficulty understanding the runlevel concept in Linux. We have to understand what is a runlevel? And what does the computer do at the specified runlevel? to understand the remaining init process.

Linux is a multiuser system and it loads/halts the necessary programs to act as single user, multiuser, graphical desktop, and to halt or restart the system. The runlevels are numbered from 1 to 6 and the corresponding system states are as follows:

Runlevel 0: shutdown/halt the system

Runlevel 1: single user mode

Runlevel 2: multi user mode without network

Runlevel 3: multi user mode with network

Runlevel 4: reserved for local use (GUI mode for Slackware only)

Runlevel 5: graphical user interface (GUI) mode

Runlevel 6: reboot

There are programs that have to be started in each runlevel. These programs are listed in rcX.d files present in /etc, where X indicates the runlevel number (for example rc3.d is the file that holds information about which programs to start/stop for runlevel 3.) /etc/init.d directory holds the information to point at these files for the init to look for.

The rc3.d contains symbolic links to /etc/init.d files as:

S90crond -> ../init.d/crond

K88sssd -> ../init.d/sssd

NEVER SET YOUR DEFAULT RUNLEVEL TO 0, 4 OR 6!

We said the programs are started or stopped. If the computer is booting, the programs are started and preceded with S in the rcX.d files. If the computer is shutting down, they are preceded with K. ‘S’ is for ‘start’ and ‘K’ is for ‘kill’.Having all these in mind, let’s go on with the init process.

  • Init

    When the init process starts, it checks configuration files to carry on its job. First of all, it looks at the /etc/inittab which tells the init which processes to start. In the /etc/inittab file is the information about the runlevels. The default runlevel for the system is indicated by the line id:X:initdefault where X is the runlevel number.

    As you may have guessed, the runlevels have direction settings 1 -> 2 -> 3 -> 5. Meaning, if you want your computer to boot to runlevel 3, runlevel 1 programs are started, then runlevel 2 programs then runlevel 3, and the system is booted. In this scenario, runlevel 5 programs are not started.

    Then the init performs system initialization, named sysinit.

    Depending on the runlevel, init tries to figure out if it is a part of a network. Then it mounts /proc, where Linux keeps track of various processes and hardware (try cat /proc/cpuinfo at the command line), and checks the BIOS to align the system with the BIOS settings such as date and time, and sets the time zone. After that init mounts the swap partition (which Windows users know as pagefile) as defined in the /etc/fstab. When finished, it goes on to setting the hostname, which is the system’s “name” in the network. After that, it mounts the root file system (/ in Linux notation) and checks the /etc/fstab again to verify the other file systems if specified.

    Then it goes on to identify the Plug’n’Play devices in the system and makes the operating system aware of them by executing some routines. Init finally checks if there are any RAID devices in the system and verifies them. Reaching the last stages, it mounts all the file systems defined in /etc/fstab. Of course, if there are any other tasks specified in the /etc/fstab, init executes them also.

Logging in

When all of the above are completed successfully, init executes the /sbin/mingetty processes, which shows the graphical login screen of the distribution. Reaching this state means that the system is up and running in graphical user interface mode and waiting to know which user will log in.