In this tutorial, we’ll walk you through one of the most important aspects of any operating system, the processes. This is because every time our system needs to start a task or a user issues a command, a program is run and one or more processes are generated.
We will be using the command line instead of graphical tools, because in many cases, specially when troubleshooting, they won’t be available.
It is essential to have a good understanding of how processes and their hierarchies are generated because this information is vital for monitoring and troubleshooting your system.
Processes have a well-defined hierarchy. The first process is initiated after the Kernel is loaded in memory on boot, which in turn, starts other processes, and so on.
- Basic Command-line commands for working with processes in Linux.
- Understanding the importance of monitoring processes in Linux
- How to search and identify processes.
- How to start, stop and kill processes and jobs .
- How to work with processes in foreground and background.
- How to work with priorities.
- 25 minutes of your time
- Basic command-line knowledge (cat, grep, less, more, etc)
- Ubuntu 20.04
If you are a beginner, you should read this Command Line Tutorial.
ⓘ Note: This tutorial also works for any Linux Distribution.
- Only read through it
- Read it and complete the exercises
When we talk about processes in our system, its important to know that an existing process makes an exact copy of itself in memory. The child process will have the same environment as its parent, but only the process ID number is different, so we have a PID (process identifier) and the PPID (parent process identifier). These are positive integers that are assigned in sequential order.
Well, that’s enough theory for now, Lets start with some basic commands…
Let’s open our terminal and run the ps command
This is very simple but powerful command. ps shows a snapshot of processes.
We see here two results, the ps command itself that we just issued and the fact that we are in a bash shell environment. Each of these has a number of columns.
Unique Process Identifier
Identifies from which the process was spawned
The cumulative CPU time of the process
Identifies which generated that process
Notice that with the most basic form of the ps command we get useful information. We said earlier that this command is very powerful and it is, it has many options that we can combine it with other tools in order to get more specific information about the processes in out system.
Let’s use some options and see some of the power of ps …
ps aux | less
Ok, let’s stop here for a moment and see these results in more detail.
Shows processes attached to a TTY terminal
Display user-oriented format
Show processes that are not attached to a tty or terminal
and what about the columns?. Almost all of these are very intuitive to understand, for example :
cpu utilization of the process
If we don’t know or remember the meaning of one of them we can always use the man pages of the ps command and search for that specific column:
man ps | grep %CPU
we should see an output similar to this in our terminal:
%CPU cpu utilization of the process
The Information displayed in the terminal when we run this command can be too much, specially if we are working in a server with a lot of applications and processes running. That is why is very important and useful to use other tools like pagers, search and sorting commands that will help us get the results that we need.
Lets see how this works!
Say we want to see information about the sshd service
ps aux | grep sshd | grep -v grep
With these tools we can be as specific as we need so that we can get better and more useful results.
Shows running processes as a tree. This command is very useful as it helps us to easily understand the hierarchies of the processes in our system. In addition it also contains many important options.
Lets see it in action!
We can see our first initial operating system issued process systemd and further from that we can see everything that branches from it and as we go further down through we can see all of the various hierarchies as a result of spawning processes and subprocesses.
Of course, we can ask the pstree command to be more specific, for example, we want to see the processes that belong to a specific user with their corresponding PIDs.
pstree -pa fiorella
In this result, we can se that the user
fiorella is using a bash shell, and from that opened the nano editor to work on a file named
testfile.txt, after that ran the su command to change to user
oe-alb, and so on.
Its very important that we can recongnize what is the foreground and background process and how to control them. In Linux, if we execute any program a process will be created with a unique ID (PID ) and by default, the process runs in the foreground and that could be a problem because our current terminal gets dedicated to that command. We can’t continue using the terminal, and we also can’t close it, because that will end the command that’s currently being run.
Before we continue, we must differentiate the terms, processes and jobs. This may be a topic for another tutorial, but we can say that a process is started by the system and a job is started and related to the shell. We can say that not all processes are jobs but all jobs are processes.
Lets see how to work control the behavior of our processes with a basic example…
Open a text editor from the terminal.
The editor opened normally and without problem but notice that our terminal promt has disappeared.
To free up your terminal, we can press
Ctrl + Z on the keyboard to stop the process.
If we have a lot of background processes running and want to see them all we can can use the
jobs -l command
To bring our job back to the foreground, we can use the
fg command. We would need to use a percent sign and specify the job ID to bring the appropriate one back to the foreground.
To make our stopped job resume, while keeping it in the background, we can use the
bg command, followed by an percent sign and the job ID.
Now we have control of our terminal while the editor is running in background.
With the top command we can view the processes in our system dynamically every 3 seconds by default.
Let’s see it in action…!
As you can see the output is divided in two portions, the top portion has statistics about the system such as the number of users, the load average over the last 1,5 and 15 minutes, total of running, sleeping and zombie tasks (task that were not shut down properly) the Botton half is a live updating list of running processes.
We can customize and change the behavior of this output, these are some examples:
while we are in the top screen press:
To change the interval delay (seconds)
To change the columns we see in the output
The columns we see are highlighted in bold, lets say we don’t want to see the
NI,RES AND PR columns, also we want to sort the results using the %MEM column.
To do that we need to select them with the
arrow keys and press the
space bar for each one, after that we use again the
arrow keys to go to the %MEM field and press the
s key to select the sort field. Finally press
q to go back to the output. Finally we get the results we need:
batch mode means that we can save the output of the top command into a file.
Here is an example:
Say we want to save 3 iterations
-n 3 of the top command and write it on a file named processes.txt
-b > in our home directory.
top -n 3 -b > processes.txt
At this time, we need to wait for the 3 iterations to complete. After that the processes.txt file will be created and available for us.
Starting a process is simply typing the command, for example we can try the
who command, this will show us the current user and ends very quickly. However there are some other process that last a very long time or they need to be explicitly closed by us. Lets try again with our text editor in the background and run the command:
Let’s see how to terminate this process using the terminal… run this command:
This is list of the various ways we can send a kill signal to a running process. The signal kill 15 SIGTERM is the default and the correct way of gracefully terminate an application or a process. However if we send the signal 9 SIGKILL is the most unsafe way because it will kill the process without saving anything. So this should be used only if the process in not responding.
Lets terminate our text editor the right way using SIGKILL and the PID of the process …
kill -15 3003
ⓘ Note: In this case is not necessary to specify the kill signal because we are using the default. We can also use the signal name.
To kill a process by name, we use the
pkill -15 gedit
Terminating System processes!
Regular users can’t kill background processes started by the operating system
Another kill signal worth mentioning is 1 SIGHUP. This is because it will allow a background process to continue to run even if we exit the shell or logout the system. We use this syntax:
kill -1 cmd &
ⓘ Note: We need to make sure that this command or script doesn’t depend
on some interaction with the user.
Before we start, its very important that we understand how to read processes priorities and to do that we must be clear about certain aspects:
Linux reserves static priorities ranging from 0 to 99 for real-time processes.
Normal processes are assigned to static priorities ranging from 100 to 139, meaning that there are 39 different priority levels for normal processes.
Lower values mean higher priority.
The standard priority for normal processes is 120, so that it can be decreased to 100 or increased to 139
The static priority of an active process can be found in the sched file, located in its respective directory inside the /proc filesystem.
Now that we understand how to read the processes values we can continue.
Lets start our text editor in the background again …
Now Let’s use the PID number assigned to the gedit process to search the priority in the /proc directory and sched file
As we can see, the priority assigned is 120.
Now let’s use the
ps command to check this value …
ps -el | grep gedit
Note, however, that the priority value displayed by ps is 80 and differs from that obtained in the previous command. Due to historical reasons, priorities displayed by ps range from -40 to 99 by default, so the actual priority is obtained by adding 40 to it (in our case, 80 + 40 = 120)
Every normal process begins with a default nice value of 0 (priority 120). The nice name comes from the idea that “nicer” processes allow other processes to run before them in a particular execution queue.
Nice numbers range from:
-20 (less nice, high priority) to
19 (more nice, low priority)
It is used to start a process with a non-standard priority
Lets see how this works…!
We already know how to kill a process, no let’s kill our edit process with
Now we can start it again but with a lower priority, lets say 130…
nice -n 10 gedit &
Lets verify that …
grep ^prio /proc/4136/sched
Let’s double check with the
ps -el | grep gedit
Remember that your PID number should be different in your system …
The NI column in ps output indicates the nice number
Yes, indeed we have our process started with a priority of 90+40=130
Here is the sequence …
ⓘ Note: Only the root user can decrease the niceness of a process below zero
It is used to change the priority of a running process
Lets change the priority of our gedit process and verify the results …
renice 20 -p 4136
We now have our gedit process running at a priority of 139.
You made it!
You should have now a better understanding of what’s happening under the hood on your system.
This tutorial can be considered as brief introduction to the operation of the processes in Linux. There are many control and monitoring tools available such as htop for example. However, the main objective is to understand how the processes work and how they are related. It is recommended to use the help tools of the commands themselves, such as the man pages or the help command --help. There, we can find detailed information of all the available options and uses, many of them with examples. This topic can be complex and even boring in many cases, but it is essential to improve the performance, maintenance and troubleshooting of the system.