Processes in Linux

Processes in Linux

ยท

9 min read

Introduction

In the Linux operating system, processes play a vital role in executing tasks and managing system resources. A process can be thought of as an instance of a running program. It represents a single unit of work and consists of executable code, data, and system resources. In this blog, I have discussed important concepts of the processes which will help you in your DevOps journey.

Processes

  • Process are nothing but programs running in the system. These processes are managed by the kernel, and each process has its own specific process ID (PID).

  • To check all the process which is running in the system write ps on the terminal

Screenshot_2022-06-23_11_18_08.jpg

lets devide the output Let's divide the output into parts:

  1. PID: It shows the process ID (PID) of each process, which is a unique numerical identifier assigned to it.

  2. TTY: The TTY field indicates the controlling terminal associated with the process. It represents the terminal or console through which the process is being executed.

  3. CMD: The CMD field displays the name of the executable file or command that is being executed. For example, if you ran the "ps" command itself, it would show "ps" in this field. Similarly, if you are using the "zsh" shell, it would be displayed as "zsh" in this field.

Flags:

  • "a" flag: It includes all processes in the output, not just the ones associated with the current terminal.

  • "u" flag: It provides more detailed information about each process, including the user associated with the process, CPU usage, memory usage, etc.

  • "x" flag: It displays all processes that do not have a controlling terminal (TTY) associated with them. These processes are typically background processes or daemons.

10.jpg

    • User: It tells the user who has access to the process.

      • PID: It tells the process ID which is associated with the process.

      • %CPU: It shows the CPU time which is being used by the process to run.

      • %Memory: It shows the memory usage by the process out of the total usage of the system.

      • VSZ (Virtual Memory Usage): It is the total memory allocated to the process.

      • RSS (Real Memory Usage): It is the memory used by the process.

      • TTY: If "?" is marked, it means no terminal is associated with the process. If it is not empty, it means a terminal is associated with it. If you are using the terminal, the process is running. However, if you close it, the process associated with "?" will continue running.

      • Stats: It tells us the status of the process.

      • Start: It tells the time when the process started running.

      • Time: It indicates for how long the process has been running in the system.

"ps aux" command provides a snapshot of the processes. If you want to see real-time processes, you can use the "top" command in the shell. In the system, there are two types of terminals: "tty" and "pts". "tty" represents a regular terminal without any GUI, while "pts" (pseudo-terminal slave) represents the shell that the user is using.

As processes run, they require memory. The kernel is responsible for allocating memory and loading the code of the processes into that memory.

What happens when process is created.

    1. Suppose the system already has a running process called "ps1", and a new process named "ps2" is created.

      1. The process creation can occur in two ways:

        • Fork system call: The new process, "ps2", is created as a clone of the parent process, "ps1". It inherits the parent's memory, file descriptors, and other attributes.

        • Execve system call: The new process, "ps2", is created by executing a new program using the execve system call. This replaces the current process with a new one, running a different executable file.

      2. System calls are requests made by a program to the kernel of the operating system. They serve as a way for the program to interact with the underlying system and access its resources.

      3. When a new process is created, it is assigned a process ID (PID) and a parent process ID (PPID). The PID uniquely identifies the process, while the PPID represents the ID of its parent process (the process from which "ps2" is created).

To examine the process and its associated information, you can use the "ps -l" command, which provides a detailed output of the processes, including their PIDs, PPIDs, and other attributes.

Process killing

  • To kill a process, you can use the kill command in Linux. The kill command sends a termination signal to the specified process, which, in turn, sends the exit system call. Then, the resources of the process will be freed by the system.

    Here's the syntax for the kill command:

kill PID
  • but if you use -9 with it, it will destroy the process without freeing all the resources of the process
kill -9 PID

Init(Mother process)

When the system boots up, the kernel creates a process called the init process, also known as the mother process, with a PID of 1. You can verify this by using the command ps -aux, which displays a list of processes. The first process in the list would be the /sbin/init process with a PID of 1.

The init process is responsible for initializing the system and starting other processes. It acts as the parent process for all other processes in the system. Processes that are spawned from the init process and are not associated with a terminal, indicated by a "?" under the TTY column, are typically daemon processes.

Terminate processes

  • Exit system call: Whenever a child process ends, it informs the kernel about the reason for its termination by sending the exit system call along with a termination status. The termination status indicates how the process ended. For example, a status of 0 means the process terminated successfully, while other status codes represent different outcomes. After receiving the exit system call, the kernel frees the resources that were being used by the process so that they can be utilized by other processes.

  • Wait system call: When a process ends, the parent process acknowledges the termination of its child process by using the wait system call. This signal allows the parent process to wait for the child process to finish execution and retrieve its termination status.

  • Orphan process: In the event that the parent process dies before its child process, the child process is referred to as an orphan process. In such cases, the kernel transfers the orphan process under the protection of the init process. The init process then sends the wait system call to the kernel to handle the termination of the orphan process.

  • Zombie process: A zombie process occurs when a child process terminates, but its parent process fails to send the wait system call to collect its termination status. The zombie process remains in the system, occupying system resources, but without an active parent. If the parent process eventually sends the necessary signal, the zombie process undergoes reaping. If the parent process still fails to send the call, the zombie process is eventually assigned to the init process, which then handles the termination call to the kernel.

Signals

  • Signals are notifications sent to processes to inform them that something has occurred. For example, when you press Ctrl+C to terminate a process, it sends a signal to the kernel, which then ends the process and frees up its resources.

    Here are some common signals and their meanings:

    • SIGHUP/HUP/1: Hang up signal. It is used to indicate that the controlling terminal has been closed.

    • SIGINT/INT/2: Interrupt signal. It is generated when you press Ctrl+C.

    • SIGKILL/KILL/9: Kill signal. It is used to forcefully terminate a process.

    • SIGSEGV/SEGV/11: Segmentation violation signal. It is generated when a process tries to access inaccessible memory, resulting in a segmentation fault.

    • SIGTERM/TERM/15: Terminate signal. It is similar to the Kill signal, but it allows the process to free up its

    • SIGSTOP/STOP/19: Stop signal. It suspends the execution of a program, which can later be resumed.

Time slice

The processes in a system do not run simultaneously; they run for a limited time known as a time-slice. Let's consider an example with three processes running. Each process is allocated a specific time-slice during which it can utilize the CPU. After one cycle, the first process completes its time-slice, and then the next process, ps2, gets a chance to use the CPU. This cycle continues, and eventually, ps1 will have another turn to use the CPU.

The kernel is responsible for allocating CPU usage to processes based on various scheduling algorithms. The user can influence the kernel's scheduling algorithm by using the "nice" command. By adjusting the nice value, the user can prioritize processes. Higher nice values result in the process requiring less CPU time. The nice value can be modified using the "renice" command, followed by the desired nice value and the process ID (PID).renice -10 -p PID

State of process

R = Process is running.

S = Interruptible sleep. When a process is waiting for an event or resource and can be resumed when the event occurs or the resource becomes available. For example, if a process is waiting for user input, it will enter the interruptible sleep state until the input is received.

D = Uninterruptible sleep. Certain processes cannot be easily resumed or interrupted. In such cases, the process is in an uninterruptible sleep state, and the system may need to be restarted to recover from this state.

Z = Zombie process. When a child process ends but its parent process has not yet acknowledged its termination by using the wait system call, the child process becomes a zombie process. Zombie processes still have an entry in the process table but do not consume system resources. They exist until the parent process retrieves the termination status of the child process using the wait system call.

T = Stopped. The process execution has been suspended or stopped, often due to a signal received by the process. The kernel keeps track of the process's status and resources, and the process can be resumed later.

Everything in the linux is file

  • Everything in the linux is file even the process to see all the process which is running is the system use the following command
ls /proc

it will show you all the process currently running in the system and the data which all the process is using kernel see whole system from the process to get an idea of all the process and the resources which is being used by the system

Jobs

  • Job is a process that is being executed in the background rather than in the foreground

  • In order to create a job user just have to put &(ampersand) at the end of the file name for example

Create a python file and execute it using python3

  • Here [1] is the job id and 101813 is the processid of the job

  • You can also check the jobs active by simply running jobs it will show all the jobs currently active

ย