Viewing and Monitoring Processes in Linux


Duration 2:00

In this tutorial, we’ll walk you through one of the most important aspects of any operating system, the processes. This is because every time our system needs to start a task or a user issues a command, a program is run and one or more processes are generated.

We will be using the command line instead of graphical tools, because in many cases, specially when troubleshooting, they won’t be available.

It is essential to have a good understanding of how processes and their hierarchies are generated because this information is vital for monitoring and troubleshooting your system.

Processes have a well-defined hierarchy. The first process is initiated after the Kernel is loaded in memory on boot, which in turn, starts other processes, and so on.

What you’ll learn

  • Basic Command-line commands for working with processes in Linux.
  • Understanding the importance of monitoring processes in Linux
  • How to search and identify processes.
  • How to start, stop and kill processes and jobs .
  • How to work with processes in foreground and background.
  • How to work with priorities.

What you’ll need

  • 25 minutes of your time
  • Basic command-line knowledge (cat, grep, less, more, etc)
  • Ubuntu 20.04

If you are a beginner, you should read this Command Line Tutorial.

Note: This tutorial also works for any Linux Distribution.

How will you use this tutorial?

  • Only read through it
  • Read it and complete the exercises

0 voters

What is your current level of experience?

  • Novice
  • Intermediate
  • Proficient

0 voters

2. List and Identify Processes

Duration 3:00

When we talk about processes in our system, its important to know that an existing process makes an exact copy of itself in memory. The child process will have the same environment as its parent, but only the process ID number is different, so we have a PID (process identifier) and the PPID (parent process identifier). These are positive integers that are assigned in sequential order.

Well, that’s enough theory for now, Lets start with some basic commands…

The ps command

Let’s open our terminal and run the ps command


This is very simple but powerful command. ps shows a snapshot of processes.

We see here two results, the ps command itself that we just issued and the fact that we are in a bash shell environment. Each of these has a number of columns.

PID column
Unique Process Identifier

TTY column
Identifies from which the process was spawned

Time column
The cumulative CPU time of the process

Command column
Identifies which generated that process

Notice that with the most basic form of the ps command we get useful information. We said earlier that this command is very powerful and it is, it has many options that we can combine it with other tools in order to get more specific information about the processes in out system.

Let’s use some options and see some of the power of ps …

ps aux | less

Ok, let’s stop here for a moment and see these results in more detail.


Shows processes attached to a TTY terminal

Display user-oriented format

Show processes that are not attached to a tty or terminal

and what about the columns?. Almost all of these are very intuitive to understand, for example :

cpu utilization of the process

If we don’t know or remember the meaning of one of them we can always use the man pages of the ps command and search for that specific column:

man ps | grep %CPU

we should see an output similar to this in our terminal:

%CPU      cpu utilization of the process

The Information displayed in the terminal when we run this command can be too much, specially if we are working in a server with a lot of applications and processes running. That is why is very important and useful to use other tools like pagers, search and sorting commands that will help us get the results that we need.

Lets see how this works!

Say we want to see information about the sshd service

ps aux | grep sshd | grep -v grep

With these tools we can be as specific as we need so that we can get better and more useful results.

The pstree command

Shows running processes as a tree. This command is very useful as it helps us to easily understand the hierarchies of the processes in our system. In addition it also contains many important options.

Lets see it in action!


We can see our first initial operating system issued process systemd and further from that we can see everything that branches from it and as we go further down through we can see all of the various hierarchies as a result of spawning processes and subprocesses.

Of course, we can ask the pstree command to be more specific, for example, we want to see the processes that belong to a specific user with their corresponding PIDs.


pstree -pa fiorella

In this result, we can se that the user fiorella is using a bash shell, and from that opened the nano editor to work on a file named testfile.txt, after that ran the su command to change to user oe-alb, and so on.

3. Recognizing processes

Duration 4:00

Its very important that we can recongnize what is the foreground and background process and how to control them. In Linux, if we execute any program a process will be created with a unique ID (PID ) and by default, the process runs in the foreground and that could be a problem because our current terminal gets dedicated to that command. We can’t continue using the terminal, and we also can’t close it, because that will end the command that’s currently being run.

Before we continue, we must differentiate the terms, processes and jobs. This may be a topic for another tutorial, but we can say that a process is started by the system and a job is started and related to the shell. We can say that not all processes are jobs but all jobs are processes.

Lets see how to work control the behavior of our processes with a basic example…

Open a text editor from the terminal.


The editor opened normally and without problem but notice that our terminal promt has disappeared.

To free up your terminal, we can press Ctrl + Z on the keyboard to stop the process.

If we have a lot of background processes running and want to see them all we can can use the jobs -l command

To bring our job back to the foreground, we can use the fg command. We would need to use a percent sign and specify the job ID to bring the appropriate one back to the foreground.

fg %1

To make our stopped job resume, while keeping it in the background, we can use the bg command, followed by an percent sign and the job ID.

Now we have control of our terminal while the editor is running in background.

4. Monitor processes with Top

Duration 4:00

With the top command we can view the processes in our system dynamically every 3 seconds by default.

Let’s see it in action…!

As you can see the output is divided in two portions, the top portion has statistics about the system such as the number of users, the load average over the last 1,5 and 15 minutes, total of running, sleeping and zombie tasks (task that were not shut down properly) the Botton half is a live updating list of running processes.

We can customize and change the behavior of this output, these are some examples:

while we are in the top screen press:

To change the interval delay (seconds)

To change the columns we see in the output

The columns we see are highlighted in bold, lets say we don’t want to see the
NI,RES AND PR columns, also we want to sort the results using the %MEM column.

To do that we need to select them with the arrow keys and press the space bar for each one, after that we use again the arrow keys to go to the %MEM field and press the s key to select the sort field. Finally press q to go back to the output. Finally we get the results we need:

Top command in batch mode

batch mode means that we can save the output of the top command into a file.

Here is an example:

Say we want to save 3 iterations -n 3 of the top command and write it on a file named processes.txt -b > in our home directory.

top -n 3 -b > processes.txt

At this time, we need to wait for the 3 iterations to complete. After that the processes.txt file will be created and available for us.

cat processes.txt

5. Start and Stop Processes

Duration 4:00

The Kill command

Starting a process is simply typing the command, for example we can try the who command, this will show us the current user and ends very quickly. However there are some other process that last a very long time or they need to be explicitly closed by us. Lets try again with our text editor in the background and run the command:

gedit &

Let’s see how to terminate this process using the terminal… run this command:

kill -l

This is list of the various ways we can send a kill signal to a running process. The signal kill 15 SIGTERM is the default and the correct way of gracefully terminate an application or a process. However if we send the signal 9 SIGKILL is the most unsafe way because it will kill the process without saving anything. So this should be used only if the process in not responding.

Lets terminate our text editor the right way using SIGKILL and the PID of the process …

kill -15 3003

Note: In this case is not necessary to specify the kill signal because we are using the default. We can also use the signal name.

To kill a process by name, we use the pkill command.

pkill -15 gedit

:warning: Terminating System processes!
Regular users can’t kill background processes started by the operating system

Another kill signal worth mentioning is 1 SIGHUP. This is because it will allow a background process to continue to run even if we exit the shell or logout the system. We use this syntax:

kill -1 cmd &

Note: We need to make sure that this command or script doesn’t depend
on some interaction with the user.

6.Processes Priorities

Duration 5:00

Before we start, its very important that we understand how to read processes priorities and to do that we must be clear about certain aspects:

  • Linux reserves static priorities ranging from 0 to 99 for real-time processes.

  • Normal processes are assigned to static priorities ranging from 100 to 139, meaning that there are 39 different priority levels for normal processes.

  • Lower values mean higher priority.

  • The standard priority for normal processes is 120, so that it can be decreased to 100 or increased to 139

  • The static priority of an active process can be found in the sched file, located in its respective directory inside the /proc filesystem.

Now that we understand how to read the processes values we can continue.

Lets start our text editor in the background again …

gedit &

Now Let’s use the PID number assigned to the gedit process to search the priority in the /proc directory and sched file

As we can see, the priority assigned is 120.

Now let’s use the ps command to check this value …

ps -el | grep gedit

Note, however, that the priority value displayed by ps is 80 and differs from that obtained in the previous command. Due to historical reasons, priorities displayed by ps range from -40 to 99 by default, so the actual priority is obtained by adding 40 to it (in our case, 80 + 40 = 120)

Process Niceness

Every normal process begins with a default nice value of 0 (priority 120). The nice name comes from the idea that “nicer” processes allow other processes to run before them in a particular execution queue.

Nice numbers range from:

-20 (less nice, high priority) to
19 (more nice, low priority)

The nice command

It is used to start a process with a non-standard priority

Lets see how this works…!

We already know how to kill a process, no let’s kill our edit process with pkill

pkill edit

Now we can start it again but with a lower priority, lets say 130…

nice -n 10 gedit &

Lets verify that …

grep ^prio /proc/4136/sched

Let’s double check with the ps command.

ps -el | grep gedit

Remember that your PID number should be different in your system …

The NI column in ps output indicates the nice number

Yes, indeed we have our process started with a priority of 90+40=130

Here is the sequence …

Note: Only the root user can decrease the niceness of a process below zero

The renice command

It is used to change the priority of a running process

Lets change the priority of our gedit process and verify the results …

renice 20 -p 4136

We now have our gedit process running at a priority of 139.

7 That’s all folks!

Easy, wasn’t it?


You made it!

You should have now a better understanding of what’s happening under the hood on your system.

This tutorial can be considered as brief introduction to the operation of the processes in Linux. There are many control and monitoring tools available such as htop for example. However, the main objective is to understand how the processes work and how they are related. It is recommended to use the help tools of the commands themselves, such as the man pages or the help command --help. There, we can find detailed information of all the available options and uses, many of them with examples. This topic can be complex and even boring in many cases, but it is essential to improve the performance, maintenance and troubleshooting of the system.

1 Like