This chapter discusses how Linux handles applications running on the system. Linux must keep track of lots of different programs, all running at the same time. Your goal as the Linux administrator is to make sure everything runs smoothly! This chapter shows just how Linux keeps track of all the active programs and how you can peek at that information. You’ll also see how to use command-line tools to manage the programs running on your Linux system.
At any given time there are lots of active programs running on the Linux system. Linux calls each running program a process. A process can run in the foreground, displaying output on a console display or graphical desktop window, or it can run in background, working on data behind the scenes. The Linux system assigns each process a process id (PID) and manages how the process uses memory and CPU time based on that PID.
When a Linux system first boots, it starts a special process called the init process. The init
process is the core of the Linux system; it runs scripts that start all of the other processes running on the system, including the processes that start the text consoles and graphical windows you use to log in (see Chapter 6).
You can watch just which processes are currently running on your Linux system by using the ps command. The default output of the ps
command looks like this:
$ ps
PID TTY TIME CMD
2797 pts/0 00:00:00 bash
2884 pts/0 00:00:00 ps
$
By default, the ps
command only shows the processes that are running in the current user shell. In this example, we only had the command prompt shell running (Bash) and, of course, the ps
command itself.
The basic output of the ps
command shows the PID assigned to each process, the terminal (TTY) that they were started from, and the CPU time that the process has used.
The tricky feature of the ps
command (and the reason that makes it so complicated) is that at one time there were two versions of it in Linux. Each version had its own set of command-line parameters controlling the information it displayed. That made switching between systems somewhat complicated.
Recently, the GNU developers decided to merge the two versions into a single ps
program, and of course, they added some additional parameters of their own. The current ps
program used in Linux supports three different styles of command-line parameters:
This makes for lots of possible parameters and options to use with the ps
command. You can consult the ps
manual page to see all of the possible parameters that are available. Most Linux administrators have their own set of commonly used parameters that they remember for extracting pertinent information. For example, if you need to see every process running on the system, use the Unix-style -ef
parameter combination, like this:
$ ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 09:02 ? 00:00:02 /sbin/init
root 2 0 0 09:02 ? 00:00:00 [kthreadd]
root 3 2 0 09:02 ? 00:00:00 [ksoftirqd/0]
root 4 2 0 09:02 ? 00:00:00 [kworker/0:0]
root 5 2 0 09:02 ? 00:00:00 [kworker/0:0H]
root 6 2 0 09:02 ? 00:00:00 [kworker/u2:0]
root 7 2 0 09:02 ? 00:00:02 [rcu_sched]
root 8 2 0 09:02 ? 00:00:01 [rcuos/0]
root 9 2 0 09:02 ? 00:00:00 [rcu_bh]
root 10 2 0 09:02 ? 00:00:00 [rcuob/0
...
$
This format provides some useful information about the processes running:
Also notice in the -ef
output that some process command names are shown in brackets. That indicates processes that are currently swapped out from physical memory into virtual memory on the hard drive. Processes that are swapped into virtual memory are called sleeping. Often the Linux kernel places a process into sleep mode while the process is waiting for an event.
When the event triggers, the kernel sends the process a signal. If the process is in interruptible sleep mode, it will receive the signal immediately and wake up. If the process is in uninterruptible sleep mode, it only wakes up based on an external event, such as hardware becoming available. It will save any other signals sent while it was sleeping and act on them once it wakes up.
If a process has ended but its parent process hasn’t acknowledged the termination signal because it’s sleeping, the process is considered a zombie. It’s stuck in a limbo state between running and terminating until the parent process acknowledges the termination signal.
The ps
command is a great way to get a snapshot of the processes running on the system, but sometimes you need to see more information to get an idea of just what’s going on in your Linux system. If you’re trying to find trends about processes that are frequently swapped in and out of memory, it’s hard to do that with the ps
command.
Instead, the top command can solve this problem. The top
command displays process information similar to the ps
command, but it does it in real-time mode. Figure 21.1 shows a snapshot of the top
command in action.
The first section of the top
output shows general system information. The first line shows the current time, how long the system has been up, the number of users logged in, and the load average on the system.
The load average appears as three numbers, the 1-minute, 5-minute, and 15-minute load averages. The higher the values, the more load the system is experiencing. It’s not uncommon for the 1-minute load value to be high for short bursts of activity. If the 15-minute load value is high, your system may be in trouble.
The second line shows general process information (called tasks in top
): how many processes are running, sleeping, stopped, or in a zombie state.
The next line shows general CPU information. The top display breaks down the CPU utilization into several categories depending on the owner of the process (user versus system processes) and the state of the processes (running, idle, or waiting).
Following that, there are two lines that detail the status of the system memory. The first line shows the status of the physical memory in the system, how much total memory there is, how much is currently being used, and how much is free. The second memory line shows the status of the swap memory area in the system (if any is installed), with the same information.
Finally, the next section shows a detailed list of the currently running processes, with some information columns that should look familiar from the ps
command output:
By default, when you start top
it sorts the processes based on the %CPU
value. You can change the sort order by using one of several interactive commands. Each interactive command is a single character you can press while top
is running and changes the behavior of the program. These commands are shown in Table 21.1.
Table 21.1 The top
interactive commands
Command | Description |
1 |
Toggles the single CPU and Symmetric Multiprocessor (SMP) state |
b |
Toggles the bolding of important numbers in the tables |
I |
Toggles Irix/Solaris mode |
z |
Configures color for the table |
l |
Toggles display of the load average information line |
t |
Toggles display of the CPU information line |
m |
Toggles display of the MEM and SWAP information lines |
f |
Adds or removes different information columns |
o |
Changes the display order of information columns |
F or O |
Selects a field on which to sort the processes (%CPU by default) |
< or > |
Moves the sort field one column left (<) or right (>) |
r |
Toggles normal or reverse sort order |
h |
Toggles showing of threads |
c |
Toggles showing of the command name or the full command line (including parameters) of processes |
i |
Toggles showing of idle processes |
S |
Toggles showing of the cumulative CPU time or relative CPU time |
x |
Toggles highlighting of the sort field |
y |
Toggles highlighting of running tasks |
z |
Toggles color and mono mode |
u |
Shows processes for a specific user |
n or # |
Sets the number of processes to display |
k |
Kills a specific process (only if process owner or if root user) |
r |
Changes the priority (renice) of a specific process (only if process owner or if root user) |
d or s |
Changes the update interval (default three seconds) |
W |
Writes current settings to a configuration file |
q |
Exits the top command |
You have lots of control over the output of the top
command. Use the F
or O
command to toggle which field the sort order is based on. You can also use the r
interactive command to reverse the current sorting. Using this tool, you can often find offending processes that have taken over your system.
While not specifically process oriented, the Linux time
command can come in handy when troubleshooting applications. Running an application as a parameter to the time
command displays the amount of CPU time the application consumed:
$ time ./test.sh
...
real 0m3.453s
user 0m0.161s
sys 0m0.119s
$
This can provide some useful information when troubleshooting application issues.
One of the jobs of a Linux system administrator is to be on the watch for runaway processes that can take down the Linux system. You’ve already seen how to use the ps
and top
commands to monitor how processes are doing on the system; the next step is to see how to stop a runaway process.
By default, all processes running on the Linux system are created equal; that is, they all have the same priority to obtain CPU time and memory resources. However, you may run some applications that either don’t need to have the same level of priority or may need a higher level of priority.
The nice and renice commands allow you to set and change the priority level assigned to an application process. The nice
command allows you to start an application with a non-default priority setting. The format looks like this:
nice -n value command
The kernel is the final judge in determining whether it can start an application with a different priority level, even if you tell it to. If the Linux system is heavily loaded the kernel can choose to ignore any nice or renice commands.
The value
parameter is a numeric value from -20 to 19. The lower the number, the higher priority the process receives. The default priority is zero. The command
parameter indicates the program to start at the specified priority:
$ nice -n 10 ./myscript.sh
$
To change the priority of a process that’s already running, use the renice
command:
renice priority [-p pids] [-u users] [-g groups]
The renice
command allows you to change the priority of multiple processes based on a list of PID values, all of the processes started by one or more users, or all of the processes started by one or more groups.
$ renice 15 -p 3178
$
Only the root user account can set a priority value less than 0 or decrease the priority value (increase the priority) of a running process.
Sometimes a process gets hung up and just needs a gentle nudge to either get going again or stop. Other times, a process runs away with the CPU and refuses to give it up. In both cases, you need a command that will allow you to control a process. To do that, Linux follows the Unix method of inter-process communication.
In Linux, processes communicate with each other using process signals. A process signal is a predefined message that processes recognize and may choose to ignore or act on. The developers program how a process handles signals. Most well-written applications have the ability to receive and act on the standard Unix process signals. These signals are shown in Table 21.2.
Table 21.2 Linux process signals
Number | Name | Description |
1 | HUP |
Hangs up |
2 | INT |
Interrupts |
3 | QUIT |
Stops running |
9 | KILL |
Unconditionally terminates |
11 | SEGV |
Segments violation |
15 | TERM |
Terminates if possible |
17 | STOP |
Stops unconditionally, but doesn’t terminate |
18 | TSTP |
Stops or pauses, but continues to run in background |
19 | CONT |
Resumes execution after STOP or TSTP |
While a process can send a signal to another process, there are two commands available in Linux that allow you to send process signals to running processes.
The kill command allows you to send signals to processes based on their process ID (PID). By default, the kill
command sends a TERM
signal to all the PIDs listed on the command-line. Unfortunately, you can only use the process PID instead of its command name, making the kill
command difficult to use sometimes.
To send a process signal, you must either be the owner of the process or be logged in as the root user.
$ kill 3940
-bash: kill: (3940) - Operation not permitted
$
The TERM
signal only asks the process to kindly stop running. Unfortunately, if you have a runaway process, most likely it will ignore the request. When you need to get forceful, the -s
parameter allows you to specify other signals (either using their name or using their signal number).
The generally accepted procedure is to first try the TERM
signal. If the process ignores that, try the INT
or HUP
signal. If the program recognizes these signals, it will try to gracefully stop doing what it was doing before shutting down. The most forceful signal is the KILL
signal. When a process receives this signal, it immediately stops running. Use this as a last resort, as it can lead to corrupt files.
One of the scary things about the kill
command is that there’s no output from it:
$ sudo kill -s HUP 3940
$
To see if the command was effective, you’ll have to perform another ps
or top
command to see if the offending process stopped.
Be careful of killing processes that may have open files. Files can be damaged and unrepairable if the process is abruptly stopped. It’s usually a good idea to run the lsof
command first to see a list of the open files and their processes.
The pkill command is a powerful way to stop processes by using their names rather than the PID numbers. The pkill
command allows you to use wildcard characters as well, making it a very useful tool when you’ve got a system that’s gone awry:
$ sudo pkill http*
$
This example will kill
all of the processes that start with http, such as the httpd
services for the Apache Web server.
Be careful with the search capability of the pkill
command. It’s usually a good idea to check the search term against the currently running processes to make sure you don’t accidentally kill any other processes that match the search. The pgrep
command allows you to display all processes that match the search term.
This exercise demonstrates how to monitor the running processes on your Linux system and how to remove a process you no longer want running.
sleep 1000
.pgrep sleep
.kill
command to stop it prematurely by typing sudo kill -HUP pid
, where pid
is the PID of the sleep program you found in step 3.pgrep sleep
.Managing applications running on Linux systems is a crucial job for administrators. The Linux system allocates CPU time and memory for each process, and knowing how each process consumes those resources is helpful. You can view the running applications and the resources they consume by using the ps
command. There are many different ways to view process information using the ps
command, allowing you to customize the display exactly how you like.
For real-time monitoring of applications, use the top
command. With the top
command, you can view a real-time display of applications, their system state, and the resources they consume. The top
command allows you to sort the display based on many different features, such as CPU usage or memory usage.
For managing applications as they run on the system, you can use the nice
and renice
commands. The nice
command allows you to start an application at a different priority level than the applications that are already running. This allows users to run applications in the background at a lower priority or allows the system administrator to start applications with a higher priority. With the renice
command, you can change the priority of an application that’s already running.
If an application causes problems and needs to be stopped, you can use the standard Linux kill
command, but you need to know the process ID assigned to the application by the system. The pkill
command is customized for stopping applications by their name instead of process ID. You can also use wildcard characters to stop multiple applications, but that can be dangerous. To test which applications would be stopped, use the pgrep
command to search for running applications using the wildcard search.
Explain how to view the status of applications running on the Linux system. The ps
and top
commands display the status of applications running on the system. Both commands display the status of each application, whether it’s running, sleeping, or waiting for resources.
Explain how you would find what applications are using the most resources on your system. The top
command allows you to monitor the applications running on the Linux system in real time. It displays the amount of CPU and memory each application is consuming and allows you to sort the display on any of the displayed data fields. This allows you to easily monitor which applications are using the most CPU time or the most memory at any given moment.
Describe how you can stop an application that’s causing problems on the Linux system. Linux applications are programmed to respond to Linux signals. The kill
command allows you to send Linux signals to running applications. If you send a KILL
signal to an application, it will stop running on the system. Alternatively, you can send an INT
signal to interrupt the application, allowing you to close it down gracefully if the application responds. The pkill
application allows you to send Linux signals to applications based on their process name and allows you to specify the process name using wildcard characters. This combination can come in handy if you need to stop multiple applications spawned from a single parent application.
What are the three types of option styles available for the ps
command? (Choose three.)
How do you identify the legacy Unix style options for the ps
command?
By default, if you specify no command-line options, what does the ps
command display?
Charles noticed that his Linux system is running slow and needs to find out what application is causing the problem. What tool should he use to show the current CPU utilization of all the processes running on his system?
top
ps
lsof
pkill
kill
What top
command displays cumulative CPU time instead of relative CPU time?
l
F
r
y
S
Shelly thinks that one of the applications on her Linux system is taking up too much physical memory and may have a problem. What column of data from the top
display should she focus on?
VIRT
RES
SHR
S
%MEM
Jessica has an application that crunches lots of numbers and uses a lot of system resources. She wants to run the application with a lower priority so it doesn’t interfere with other applications on the system. What tool should she use to start the application program?
renice
pkill
nice
kill
pgrep
Jimmy noticed his Linux system was running slow. He ran the top
command and found out that a data-intensive application was consuming most of the CPU time. He doesn’t want to kill the application but wants to give it a lower priority so it doesn’t take up too much CPU time. What tool should he use to change the priority of the running application?
renice
pkill
nice
kill
pgrep
Hank needs to stop an application from running on his Linux system. He knows the name of the application file, but not the process ID assigned to it. What tool can he use to stop the application?
renice
pkill
nice
kill
pgrep
Frankie used the ps
command to find the process ID of an application that he needs to stop. What command-line tool should he use to stop the application based on its process ID?
renice
pkill
nice
kill
pgrep