Updated on January 8th, 2023 – In this article, we will introduce you to processes in Linux and will discuss simple aspects of process handling and management using simple commands.
What is a process
A process is a separate task in the operating system that performs specific functions, using system resources such as CPU, memory, and filesystems. It may also interact with physical devices. Processes enable interaction with the system at a higher level, while the Linux kernel handles the lower level tasks. A process is similar to a computer program in action and includes the program’s data, instructions, program counter, and CPU registers. During its lifetime, a process may use multiple CPUs and allocate physical memory for data storage.
Linux assigns a unique five digit number to every process. This is called the process identification number or PID. No two processes have the same PID at one given time.
In order to find the PID of a specific process, open up your terminal and run the command below :
For instance to see the PID of the Firefox process, execute the command :
Another alternative would be to use the command pidof as follows
for instance for dhclient process:
If you do not know the name of the process, you can refer to the section further below about how to list out the active processes along with their PIDs.
Read: The structure of Linux operating system
Types of processes
There are two types of processes in Linux:
- Background processes
Background processes are automatic or non-interactive, meaning they do not require input or interaction from a user. These processes, such as daemons and services, run independently and do not display or output results to users.
- Frontend processes: frontend processes are interactive, meaning they are launched directly by a user. These processes may run in the foreground, such as programs invoked from the terminal or graphical user interfaces, and prevent other tasks from being run in the same terminal.
Real-life example on foreground and background processes
Let’s open up the terminal and run the ping command. This will be a foreground process :
We will see every few milliseconds the status of the communication with the domain’s server. This is as expected. The terminal window will be scrolling automatically while the ping command is running. In order to terminate the command press Ctrl+C.
The Ctrl+C event is shown as highlighted in the screenshot above. Ping stops after providing a short summary.
Now let us do that again. This time however we will press Ctrl+Z instead while the window is scrolling. This will not terminate the task wince It will be transformed into a background task. We can take control of the terminal .
Linux stop process
As you can see in the last line above the effect of hitting Ctrl+Z. This means that the process is stopped. Stopped however doesn’t mean it is no longer running, it means that the process has become a background job.
To see this, run the command job in your terminal:
The jobs command executed above, will list all the jobs that have been launched in the current terminal session. Here are some details about the output :
 : Is the job number.Means that it is the default job, i.e. always the most recently added job to the list.
Stopped : The process is not currently running.
ping net2.com : The command that started the process.
The jobs command will list the jobs that have been started in the current terminal session. And because jobs are (inevitably) processes, we can also use the ps command to see them. Let’s use both commands and compare their outputs. We’ll use the T option (terminal) option to only list the processes that are running in this terminal window. Note that there is no need to use a hyphen – with the T option.
We can also use the ‘ps T’ command to see these jobs in the current terminal (hence the ps T) window:
Linux list processes
This means the following :
PID: The process ID (see previous sections)
TTY: The terminal window the process was executed from.
STAT: The process state (see section below on process states) .
TIME: How much amount of CPU time the process has consumed.
COMMAND: The command that started the process.
Notice the small case values that follow the STAT column upper case indicators above, .i.e Ss or R+ . These can be any of the following :
<: High priority task .
N: Low-priority .
L: process has pages that are locked into memory (typically real time processes).
s: A session leader or a process that has started process groups. A shell for instance is a session leader.
l: Multi threaded process.
+: A foreground process .
The ps T command has the state R, .i.e Running. The + indicates, as mentioned above, that this process belongs to the foreground group which means that ps T command was started in the foreground.
The Bash has the state of Ss. The “S” stands for Sleeping and the process is interruptible. It will respond when needed. The “s” informs us that the shell is a session leader.
Finally, the ping command has the state T which indicates that a job control signal (Ctrl+Z) has stopped the ping command.
Resuming a background process: the bg command
The bg command is used to resume suspended background jobs. While the job runs, It will return the user to the shell prompt and it will not be possible to send any input to it.
If we return to our example :
As shown above, the ping command is running in the background. Let’s run the command bg :
Linux run process in background
The ping command has resumed its background task and the scrolling output is now visible to the user. Notice the result of the execution of bg above, the name of the restarted command is displayed, .i.e. ping net2.com
If you try to stop the scrolling by press Ctrl+C, it will not halt the execution of the background process as shown below :
How to stop it then?
To halt the execution of a background task, it must first be brought to the foreground using the fg command. This will allow any input from the user to take effect. In the example above, keystrokes and scrolling will not be registered as the task is running in the background.
Bringing a process from darkness to the light of day using the fg command
Bringing a background task to the foreground can be done with the fg command. In the example given, typing fg will bring the ping command into the foreground and mix it with the command line prompt.Rest assured that this will be taken into account by the shell like a standard command line prompt.
See below the effect of typing fg while the output is scrolling :
Now to kill, it hit Ctrl+C since it is a foreground process :
Child and parent processes
In Linux, every running instance of a program is known as a process. Each process is identified by a unique PID (Process ID) and a PPID (Parent Process ID). Parent processes are those that spawn other processes during runtime, while child processes are those that are created by other running processes. If a child process is killed before its parent, it becomes a zombie until the parent receives information about it or decides that it is no longer necessary. If the parent process is terminated before the child, the child is adopted by the init process or may be reassigned to a different process.
States of a Process
It is important to understand the various states that a process can be in when troubleshooting a Linux system. The scheduler is responsible for dividing the CPU cores among the running processes, and the kernel communicates with these processes and handles inter-process communication. Understanding these states can aid in identifying and resolving issues in the system:
- Running/Runnable – (R): these are running processes that are currently using a CPU core. A runnable process means that a process has everything it needs in order to run and is waiting for an available CPU core slot (ready to run).
- Waiting (or sleeping): this is a process that is waiting for a specific resource to be available (for instance, I/O operation to complete) or an event to occur (an amount of time to pass for example). These can be categorized even further into :
a – interruptible waiting processes: these are processes whose tasks can be disrupted or interrupted by signals . They can be killed before the wake-up condition is met or fulfilled without further consequences.
b – uninterruptible waiting processes: these are processes whose tasks cannot be interrupted by any signal or event. While waiting for the result, I/O operations for instance switch to an uninterruptible waiting state, .i.e. when the operation is ready, they will wake up to handle the result and check for any pending signal to manage.
- Stopped : A process is stopped when it receives the signal SIGSTOP (like for example when you hit <ctrl>+z in the terminal). The process execution is then suspended and it will manage only the SIGKILL and SIGCONT signals. For instance, a process that is being debugged is in a stopped state.
- Zombie: here the process is neither alive nor dead. It has finished its assigned task with exit() system call. It still has an entry in the process table though.
To see the different system process states, refer to the section below which discusses how to view running processes.
When you want to halt a foreground process, .e.g a ping command, you press Ctrl+C or if it is a background process you hit Ctrl+Z. In this case you are actually sending signals to the process. In fact kill can send 64 different signals. In order to display these signals, run the command kill -l :
or execute the command :
man signal :
Processes communicate between each other and with the kernel using signals. These signals can be issued using the system call kill as well as the commands pkill and killall.
Here are the most commonly used signals:
SIGTERM: Signal 15. Is the default signal sent by the command kill.
SIGKILL: Signal 9. unlike SIGTERM, it kills the process immediately. This can’t be handled or blocked.
SIGCONT: if the process current state is ‘stopped’, this signal will switch its state to a running/runnable state.
SIGSTOP: This will cause the process execution to be suspended, switching it to a stopped state. This can be issued by typing Ctrl>+Z in the terminal (see section above about background and foreground processes).
SIGQUIT: Signal 3. . This is generated when the user sends a quit signal using Ctrl+D in the terminal. This will force the process to trigger a core dump before dying.
SIGINT: Signal 2. This is triggered when you press Ctrl+C in the terminal. The process is interrupted and asked to terminate.
SIGWINCH: When the terminal size changes, this signal is generated.
SIGHUP: Signal 1. when the terminal running the process is disconnected, this signal is sent to the process. In case you do not want the process to terminate when the terminal is closed, you can use the nohup command. Check also our article about the screen command and how to keep a process running even if the remote connection breaks.
SIGCHLD: This is sent from a child process to its corresponding parent process in the event when its state changes .
Read: How to kill a process in Linux – guide for beginners
The init process
Init process is the father of all processes in linux. it is the first process (in general it has a PID of 1) that is launched when Linux boots up and will remain alive until the next shutdown. It has the primary role of creating processes from a script which is stored in /etc/inittab. Since it is started by the kernel, it does not have a parent process and it cannot be terminated.
Viewing running processes
Many Linux utilities allow users to view running processes. For the example the most commonly used is the ps command :
How to check running processes in linux
Other Linux tools are able to show additional information about processes, for instance:
- htop command : this is the process viewer (interactive). Refer to our htop related article.
- atop command : this is the advanced system and process monitoring tool.
- top command : shows an updates information about processes.
- pstree command : shows a tree of processes.
- pgrep command : fetches signal processes using only their names along with other attributes.
- glances: is a recent monitoring tool : See its github page or read our article on it.
For more on these and other monitoring tools, refer to our article here.
In Linux, processes are given a priority value known as niceness. Higher-priority processes receive more CPU time than those with lower priority. This priority can be modified by a root user using the nice and renice commands. The output of the top command includes a column showing the process’ niceness value NI.
list processes Linux
You can use the nice utility to assign a nice value to a process. Normal users can ascribe a nice value between zero and 20 to their own processes.
To execute a new program with a given nice value, use the nice command below:
nice -n 10 command_to_run
In order to renice a running process priority, run the renice command as shown below:
renice +10 17544
Linux processes can be divided into two categories: those that run in the foreground and those that run in the background. Foreground processes are those that are currently being executed, while background processes are those that are running but not currently in focus. There are several tools that allow users to see and manage processes, such as the kill command, which terminates a process, and the fg command, which brings a background process into the foreground. Signals are used to communicate between processes and the kernel, and the kill command sends a specific signal to a process to terminate it. Understanding how to manage processes is an important skill for both beginners and advanced users.
If you like the content, we would appreciate your support by buying us a coffee. Thank you so much for your visit and support.