A process is created in memory when a program or command is initiated. A unique identification number, known as the process identification (PID), is assigned to it and is used by the kernel to manage the process until the program or command it is associated with terminates. For example, when a user logs on to the system, the shell (which is a process) is started. Similarly, when a user executes a command or opens up an application, a process is created. Thus, a process is any program, application, or command that runs on the system.

Several processes are spawned at system boot-up, many of which sit in the memory and wait for an event to trigger a request to use their service. These background system processes are called daemons and are critical to system functionality.

Viewing Processes

There are two commands commonly used to view currently running processes. These are ps (process status) and top.The ps command without any options or arguments, lists processes specific to the terminal where this command is run:

$ ps
PID   TTY          TIME CMD
17655 pts/0    00:00:00 bash
17703 pts/0    00:00:00 ps

The output has four columns that show the PID of the process in the first column, the terminal the process belongs to in the second column, the cumulative time the process is given by the system CPU in the third column, and the name of the actual command or program being executed in the last column.

Two options -e (every) and -f (full) are popularly used to generate detailed information on every process running on the system. There are a number of additional options available with the ps command. Check the man pages for details.

$ ps -ef
root         1     0  0 Feb04 ?        00:00:03 /sbin/init
root         2     0  0 Feb04 ?        00:00:00 [kthreadd]
root         3     2  0 Feb04 ?        00:00:01 [ksoftirqd/0]
root         5     2  0 Feb04 ?        00:00:00 [kworker/0:0H]
root         7     2  0 Feb04 ?        00:00:21 [rcu_sched]
root         8     2  0 Feb04 ?        00:00:16 [rcuos/0]

The output shows more details about the running processes. Below Table describes the content type of each column.

Heading Description
UID User ID of the process owner.
PID Process ID of the process.
PPID Process ID of the parent process.
C The process priority.
STIME The process start time.
TTY The terminal on which the process was started. Console represents the system console and ? indicates that the process is a daemon.
TIME Total execution time for the process.
CMD The name of the command or the program.

Notice that in the ps output above there are scores of daemon processes running in the background that have no association with any terminals. Also, notice the PID and PPID numbers. The smaller the number, the earlier it is started. The process with PID 0 is started first at system boot, followed by the process with PID 1, and so on. Each PID has an associated PPID in the 3 rd column. The owner of each process is also shown along with the name of the command or program.

Information about each running process is kept and maintained in a process table, which the ps and other commands read to display information. The second method for viewing the process information is the “top command”, which also displays the CPU, memory, and swap utilization. A sample output from a running top session is shown below:

top command output in Linux

Press q or Ctrl+c to quit top.

Apart from the top command, there are other command-line utilities like htop & atop which can also be used to see process info, Memory & CPU utilization.

Sample Output both htop and atop are shown below :

Listing a Specific Process

The pidof command can be used to list the PID of a specific process if you know the name of the process. For example, to list the PID of the crond daemon, run the command as follows:

Determining Processes by Ownership

Processes can be listed by their ownership or group membership. The pgrep command is used for this purpose. For example, to list all the processes owned by root, use any of the following:

# ps -U root
# pgrep -U root

The first command lists PID, TTY, Time, and process name for all the running processes owned by the root user, while the pgrep command only lists the PIDs. With the -G option, both commands list all the processes owned by the specified group.

Example: List all the processes owned by geek user.

$ ps -U geek
  PID TTY          TIME CMD
 2770 ?        00:00:00 gnome-keyring-d
 2772 ?        00:00:00 init
 2857 ?        00:00:00 ssh-agent
 2862 ?        00:00:03 dbus-daemon
 2870 ?        00:00:00 upstart-event-b
 2875 ?        00:00:00 window-stack-br
 2885 ?        00:00:00 upstart-file-br
 2887 ?        00:00:01 upstart-dbus-br

Process States

After a process is spawned, it does not run continuously. It may be in a non-running condition for a while or waiting for some other process to feed it with information so that it can continue to run.

There are five process states and each process is in one state at any given time. These states are running, sleeping, waiting, stopped, and zombie, and are explained below:

  • The running state determines that the process is currently being executed by the system CPU.
  • The sleeping state shows that the process is currently waiting for input from a user or another process.
  • The waiting state means that the process has received the input it has been waiting for and it is now ready to run as soon as its turn arrives.
  • The stopped state indicates that the process is currently halted and will not run even when its turn comes, unless it is sent a signal.
  • The zombie state designates that the process is dead. A zombie process exists in the process table just as any other process entry, but takes up no resources. The entry for a zombie process is retained until the parent process permits it to die. A zombie process is also called a defunct process.

Process Niceness & How to Set it

The priority of a process (niceness) is determined using the nice value. The system assigns a nice value to a process at initiation to establish a priority. There are 40 nice values with -20 being the highest and +19 the lowest. Most system-started processes use the default nice value of 0. A child process inherits the nice value of its parent process.

Use the ps command and specify the -l option to determine the niceness of running processes. See the associated nicenesses for each process under the NI column:

$ ps -efl
4 S root         1     0  0  80   0 -  8536 poll_s Feb15 ?        00:00:02 /sbin/init
1 S root         2     0  0  80   0 -     0 kthrea Feb15 ?        00:00:00 [kthreadd]
1 S root         3     2  0  80   0 -     0 smpboo Feb15 ?        00:00:03 [ksoftirqd/0]
1 S root         5     2  0  60 -20 -     0 worker Feb15 ?        00:00:00 [kworker/0:0H]
1 S root         7     2  0  80   0 -     0 rcu_gp Feb15 ?        00:00:07 [rcu_sched]
1 S root         8     2  0  80   0 -     0 rcu_no Feb15 ?        00:00:12 [rcuos/0]
1 S root         9     2  0  80   0 -     0 rcu_no Feb15 ?        00:00:03 [rcuos/1]
1 S root        10     2  0  80   0 -     0 rcu_no Feb15 ?        00:00:04 [rcuos/2]

To determine the default niceness, use the nice command without any options or arguments:

A different priority may be assigned to a program or command at its startup. For example, to run the top command at a lower priority of +2:

Use the ps command with the -l option, or view the output of the top command, and validate the niceness of the process. It should be +2. To run the same program at a higher priority with the niceness of -2, specify the value with a pair of dashes:

Verify the new value with the ps command or view the output of the top command. It should be -2.

Altering Niceness of a Running Process

The niceness of a running program may be altered using the renice command. For example, to change the nice value of top while it is running from -2 to -5, specify the PID (11908) with the renice command:

$ sudo renice -5 11908
11908 (process ID) old priority 2, new priority -5

To alter the nice values of all the processes owned by members of a particular group, use the -g option with renice. Similarly, to alter the nice values of all the processes owned by a particular user, use the -u option with it. Run the renice command without any options to view its usage.

Listing Open Files

A file is opened when the process or program stored in it is executed and closed when it is no longer required or the associated process or program has terminated. To determine the information such as which files are open, which processes are using them, and who the owners are, the lsof (list open files) command is used. Without any options, this command displays a list of all open files.

# lsof
COMMAND     PID   TID            USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
init          1                  root  cwd       DIR                8,1      4096          2 /
init          1                  root  rtd       DIR                8,1      4096          2 /
init          1                  root  txt       REG                8,1    265848    3801191 /sbin/init

The command generated nine columns in the output; these are listed and explained in the below table:

Column Description
COMMAND Displays the first nine characters of the command or process name.
PID Displays the PID of the process.
USER Displays the owner of the process.
FD Displays the file descriptor of the file. Some of the values in this field would be:
FD cwd = current working directory; rtd = root directory;
FD txt = text file; mem = memory-mapped file; pd = parent directory
TYPE Displays the node type of the file.
DEVICE Displays the major and minor numbers of the device on which the file is located
SIZE Displays the file size or offset in bytes.
NODE Displays the inode number of the file.
NAME Displays the file name or the file system name where the file resides.