Processes in Linux – Guide for beginners

In this article, we will introduce you to processes in Linux and will discuss simple aspects of process handling and management using simple commands.

What is a process ?

In Linux, when a command is invoked, it immediately gives rise to a new process. A process is similar to a computer program in action since it performs tasks within the operating system. It includes the program’s data and instructions as well as the program counter, the CPU’s registers along with other parameters. It is a separate task with its own responsibilities and rights.

During its lifetime, a process will use several system resources like the CPUs to execute its instructions and the physical memory to store its data in. It will also use the filesystems’ files and may as well interact with the physical devices.

Processes allow the interaction with the system to manage it from a higher level while Linux kernel will handle the lower level part .

Process PID

Linux assigns a unique five digit number to every process. This is called the process identification number or PID. No two processes have the same PID at one given time.

In order to find the PID of a specific process, open up your terminal and run the command below :

pgrep process_name

For instance to see the PID of the Firefox process, execute the command :

Another alternative would be to use the command pidof as follows

pidof process_name

for instance for dhclient process:

pidof dhclient

If you do not know the name of the process, you can refer to the section further below about how to list out the active processes along with their PIDs.

Types of processes

There are two types of processes in Linux:

  • Background processes

These are automatic or non-interactive processes. These are processes that were started automatically without any interaction or intervention with the user. They do not wait or expect any input from users. They do not even display or output tasks’ results to them. Background processes are independent entities since after their creation, they will be on their own to carry out their tasks without any interaction with the entity that gave rise to them. daemons and services are such background processes.

  • Frontend processes:These are interactive processes in the sense that they were started or launched directly by users. You may have noticed that when you execute a command in the terminal, it will not let you execute other commands and prevents you from running other tasks in the same terminal. Most programs, when invoked from the shell, start in the foreground. Other foreground processes may be started as graphical user interfaces which allow users to interact with them.

Real life example on foreground and background processes

Let’s open up the terminal and run the ping command. This will be a foreground process :


We will see every few milliseconds the status of the communication with the domain’s server. This is as expected. The terminal window will be scrolling automatically while ping command is running. In order to terminate the command press Ctrl+C.

The Ctrl+C event is shown as highlighted in the screenshot above. Ping stops after providing a short summary.

Now let us do that again. This time however we will press Ctrl+Z instead while the window is scrolling. This will not terminate the task wince It will be transformed into a background task. We can take control of the terminal .



Linux stop process

As you can see in the last line above the effect of hitting Ctrl+Z. This means that the process is stopped. Stopped however doesn’t mean it is no longer running, it means that the process has become a background job.

To see this, run the command job in your terminal:


The jobs command executed above, will list all the jobs that have been launched in the current terminal session. Here are some details about the output :

[1] : Is the job number.Means that it is the default job, i.e. always the most recently added job to the list.

Stopped : The process is not currently running.

ping : The command that started the process.

The jobs command will list the jobs that have been started in the current terminal session. And because jobs are (inevitably) processes, we can also use the ps command to see them. Let’s use both commands and compare their outputs. We’ll use the T option (terminal) option to only list the processes that are running in this terminal window. Note that there is no need to use a hyphen – with the T option.

We can also use the ‘ps T’ command to see these jobs in the current terminal (hence the ps T) window:

Linux list processes

This means the following :

PID: The process ID (see previous sections)

TTY: The terminal window the process was executed from.

STAT: The process state (see section below on process states) .

TIME: How much amount of CPU time the process has consumed.

COMMAND: The command that started the process.

Notice the small case values that follow the STAT column upper case indicators above, .i.e Ss or R+ . These can be any of the following :

<: High priority task .

N: Low-priority .

L: process has pages that are locked into memory (typically real time processes).

s: A session leader or a process that has started process groups. A shell for instance is a session leader.

l: Multi threaded process.

+: A foreground process .

The ps T command has the state R, .i.e Running. The + indicates, as mentioned above, that this process belongs to the foreground group which means that ps T command was started in the foreground.

The Bash has the state of Ss. The “S” stands for Sleeping and the process is interruptible. It will respond when needed. The “s” informs us that the shell is a session leader.

Finally, the ping command has the state T which indicates that a job control signal (Ctrl+Z) has stopped the ping command.

Resuming a background process: the bg command

The bg command is used to resume suspended background jobs. While the job runs, It will return the user to the shell prompt and it will not be possible to send any input to it.

If we return to our example :

As shown above, the ping command is running in the background. Let’s run the command bg :

Linux run process in background

The ping command has resumed its background task and the scrolling output is now visible to the user. Notice the result of the execution of bg above, the name of the restarted command is displayed, .i.e. ping

If you try to stop the scrolling by press Ctrl+C, it will not halt the execution of the background process as shown below :

How to stop it then ?

In the example above, we have seen that any keystroke will not be taken into account and the scrolling will not stop. Remember that any input from the user takes effect in the foreground. As you might have guessed, in order to stop this background task, it first need to be brought to the foreground using the fg command.

Brining a process from darkness to the light of day using the fg command

When a task runs in the background, using the fg command will bring it into the foreground.

If we return to our example and we type fg, the ping command will now run in the foreground. However when you type fg, it will get mixed up with the ping command output. Rest assured that this will be taken into account by the shell like a standard command line prompt.

See below the effect of typing fg while the output is scrolling :

Now to kill, it hit Ctrl+C since it is a foreground process :

Child and parent processes

Sine many users can work concurrently on Linux, they can execute different applications and commands or programs. To differentiate between these running instances, the kernel uniquely identifies each of these instance. A program can be identified by its PID or process ID (see previous sections) and also by its parent process ID or PPID.

Processes can therefore be split up further into parent processes which are processes that beget other processes at runtime and also child processes which are created by other running processes.

when a child process gets killed before its parent, it will become a zombie (see states of processes in the next section below) until the parent has acquired information about it or informed the kernel that it does not find that information useful. The child process resources will then be freed. If the parent process gets terminated before the child however, the latter will be adopted by init or sometimes will also be reassigned to a different process.

States of a Process

When troubleshooting a Linux system, it’s helpful to understand the process states or life cycle and how the CPU cores are divided by the scheduler between the running processes and the way the kernel communicates with these processes as well as the inter-process communication. In Linux, a process has the following possible states:

  • Running/Runnable – (R): these are running processes that are currently using a CPU core. A runnable process means that a process has everything it needs in order to run and is waiting for an available CPU core slot (ready to run).
  • Waiting (or sleeping): this is a process that is waiting for a specific resource to be available (for instance, I/O operation to complete) or an event to occur (an amount of time to pass for example). These can be categorized even further into :
    a – interruptible waiting processes : these are processes whose tasks can be disrupted or interrupted by signals . They can be killed before the wake up condition is met or fulfilled without further consequences.
    b – uninterruptible waiting processes : these are processes whose tasks cannot be interrupted by any signal or event. While waiting for the result, I/O operations for instance switch to an uninterruptible waiting state, .i.e. when the operation is ready, they will wake up to handle the result and check for any pending signal to manage.
  • Stopped : A process is stopped when it receives the signal SIGSTOP (like for example when you hit <ctrl>+z in the terminal). The process execution is then suspended and it will manage only the SIGKILL and SIGCONT signals. For instance, a process that is being debugged is in a stopped state.
  • Zombie: here the process is neither alive nor dead. It has finished its assigned task with exit() system call. It still has an entry in the process table though.

To see the different system process states, refer to the section below which discusses how to view running processes.


When you want to halt a foreground process, .e.g a ping command, you press Ctrl+C or if it is a background process you hit Ctrl+Z. In this case you are actually sending signals to the process. In fact kill can send 64 different signals. In order to display these signals, run the command kill -l :

or execute the command :

man signal :

Processes communicate between each other and with the kernel using signals. These signals can be issued using the system call kill as well as the commands pkill and killall.

Here are the most commonly used signals:

SIGTERM: Signal 15. Is the default signal sent by the command kill.

SIGKILL: Signal 9. unlike SIGTERM, it kills the process immediately. This can’t be handled or blocked.

SIGCONT: if the process current state is ‘stopped’, this signal will switch its state to a running/runnable state.

SIGSTOP: This will cause the process execution to be suspended, switching it to a stopped state. This can be issued by typing Ctrl>+Z in the terminal (see section above about background and foreground processes).

SIGQUIT: Signal 3. . This is generated when the user sends a quit signal using Ctrl+D in the terminal. This will force the process to trigger a core dump before dying.

SIGINT: Signal 2. This is triggered when you press Ctrl+C in the terminal. The process is interrupted and asked to terminate.

SIGWINCH: When the terminal size changes, this signal is generated.

SIGHUP: Signal 1. when the terminal running the process is disconnected, this signal is sent to the process. In case you do not want the process to terminate when the terminal is closed, you can use the nohup command. Check also our article about the screen command and how to keep a process running even if the remote connection breaks.

SIGCHLD: This is sent from a child process to its corresponding parent process in the event when its state changes .

To find out more about how to kill processes, refer to our article here.

The init process

Init process is the father of all processes in linux. it is the first process (in general it has a PID of 1) that is launched when Linux boots up and will remain alive until the next shutdown. It has the primary role of creating processes from a script which is stored in /etc/inittab. Since it is started by the kernel, it does not have a parent process and it cannot be terminated.

Viewing running processes

Many Linux utilities allow users to view running processes. For the example the most commonly used is the ps command :

ps ax                                        

How to check running processes in linux

Other Linux tools are able to show additional information about processes, for instance:

  • htop command : this is the process viewer (interactive). Refer to our htop related article.

  • atop command : this is the advanced system and process monitoring tool.

  • top command : shows an updates information about processes.

  • pstree command : shows a tree of processes.

  • pgrep command : fetches signal processes using only their names along with other attributes.

For more on these and other monitoring tools, refer to our article here.

Process Priority

On Linux, all running processes have a priority. Processes that have higher priority will get more CPU time than those with lower priority. Linux controls priority using a value which is called niceness.

High priority processes are supposed to be less nice, since they are bad at sharing resources. Low priority processes however, are considered nice because they take minimal resources.

A root user should be able to modify a process priority using nice and renice commands.

From the snapshot of the execution of the top command below, the NI column indicates the process nice value:

list processes Linux

You can use the nice utility to assign a nice value to a process. Normal users can ascribe a nice value between zero and 20 to their own processes.

To execute a new program with a given nice value, use the nice command below:

nice -n 10 command_to_run

In order to renice a running process priority, run the renice command as shown below:

renice +10 17544


Because in Linux every program you run, whether using the terminal or a GUI, is actually a process behind the scenes. Processes can run in the foreground like for instance executing a command on the terminal or they can also run in the background. during their lifetime, processes switch between different states. They can be running, stopped , sleeping or even half-dead. There are several tools which allow users to see and manage processes. For instance kill command can be used to terminate a process. The fg command can make a background process move to the foreground. Signals are used as a way to communicate between processes and also with the kernel. The kill command for example sends a specific signal to the process in order to terminate it.

Learning how to manage these processes is an important skill for both beginners are advanced users. Let us know if you feel we skipped some important stuff.

If you like the content, we would appreciate your support by buying us a coffee. Thank you so much for your visit and support.


amin nahdy

Amin Nahdy, an aspiring software engineer and a computer geek by nature as well as an avid Ubuntu and open source user. He is interested in information technology especially Linux based ecosystem as well as Windows and MacOS. He loves to share and disseminate knowledge to others in a transparent and responsible way.

Leave a Reply

Close Menu