Linux Processes: A Complete Guide

What is a Process in Linux?

A process in Linux is a running instance of a program. When you execute a command or run an application, the operating system creates a process to manage that program’s execution. Think of it as a container that holds all the resources, memory, and execution context needed to run a specific program.

Every process in Linux has several key characteristics:

  • Unique Process ID (PID): A numerical identifier assigned by the kernel
  • Parent Process ID (PPID): The PID of the process that created this process
  • Memory space: Virtual memory allocated to the process
  • File descriptors: Handles to open files, sockets, and devices
  • Environment variables: Configuration settings inherited or set for the process
  • Process state: Current status (running, sleeping, stopped, zombie, etc.)

Process Lifecycle

1. Process Creation

Processes are created through system calls, primarily:

  • fork(): Creates an exact copy of the parent process
  • exec(): Replaces the current process image with a new program
  • clone(): Creates a new process with shared resources
# Example: When you run a command, the shell forks and execs
$ ls -la
# Shell process forks → creates child → child execs 'ls' program

2. Process States

Linux processes can be in several states:

StateSymbolDescription
RunningRCurrently executing on CPU or waiting for CPU
SleepingSWaiting for an event (interruptible sleep)
Uninterruptible SleepDWaiting for I/O operations
StoppedTProcess execution suspended
ZombieZProcess finished but parent hasn’t collected exit status

3. Process Termination

Processes can terminate through:

  • Normal completion (exit())
  • Signal termination (SIGTERM, SIGKILL)
  • Parent process termination
  • System shutdown

Process Hierarchy and Relationships

Init Process (PID 1)

Every Linux system starts with the init process (PID 1), which is the ancestor of all other processes. Modern systems typically use systemd as the init system.

# View the init process
$ ps -p 1
  PID TTY          TIME CMD
    1 ?        00:00:02 systemd

Process Tree Structure

Processes form a hierarchical tree structure where each process (except init) has a parent:

# View process tree
$ pstree
systemd─┬─ModemManager───3*[{ModemManager}]
        ├─NetworkManager───3*[{NetworkManager}]
        ├─accounts-daemon───3*[{accounts-daemon}]
        ├─avahi-daemon───avahi-daemon
        ├─bluetoothd
	...

Process Identification and Information

Process IDs (PIDs)

Each process has several important identifiers:

# Get current shell's PID
$ echo $$
51727

# Get parent PID
$ echo $PPID
3798

# Get process group ID
$ ps -o pgid= $$
51727

Process Information Files

Linux exposes process information through the /proc filesystem:

# Process information directory
$ ls /proc/$$
arch_status  coredump_filter     gid_map            maps        oom_adj        sched         statm           wchan
...

# View process status
$ cat /proc/$$/status
Name:	bash
Umask:	0002
State:	S (sleeping)
Tgid:	51727
...

Essential Process Management Commands

1. ps - Process Status

The ps command displays running processes:

# Basic process list
$ ps
  PID TTY          TIME CMD
51727 pts/1    00:00:00 bash
52473 pts/1    00:00:00 ps

# Detailed process information
$ ps aux
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root           1  0.0  0.0  24004 15156 ?        Ss   Oct05   0:04 /sbin/init splash
root           2  0.0  0.0      0     0 ?        S    Oct05   0:00 [kthreadd]
root           3  0.0  0.0      0     0 ?        S    Oct05   0:00 [pool_workqueue_release]
root           4  0.0  0.0      0     0 ?        I<   Oct05   0:00 [kworker/R-rcu_gp]
root           5  0.0  0.0      0     0 ?        I<   Oct05   0:00 [kworker/R-sync_wq]
...

# Process tree view
$ ps -ef --forest
UID          PID    PPID  C STIME TTY          TIME CMD
root           2       0  0 Oct05 ?        00:00:00 [kthreadd]
root           3       2  0 Oct05 ?        00:00:00  \_ [pool_workqueue_release]
root           4       2  0 Oct05 ?        00:00:00  \_ [kworker/R-rcu_gp]
root           5       2  0 Oct05 ?        00:00:00  \_ [kworker/R-sync_wq]

2. top - Real-time Process Monitor

# Interactive process monitor
$ top

# Key commands within top:
# q - quit
# k - kill process
# r - renice process
# P - sort by CPU usage
# M - sort by memory usage
# 1 - show individual CPU cores

3. htop - Enhanced Process Viewer

# Install htop (if not available)
$ sudo apt install htop    # Debian/Ubuntu
$ sudo yum install htop    # RedHat/CentOS

# Run htop
$ htop

4. pgrep/pkill - Process Search and Kill

# Find processes by name
$ pgrep spotify 
49024
49120

# Kill processes by name
$ pkill spotify

# Kill with specific signal
$ pkill -TERM spotify

5. jobs - Shell Job Management

# Run command in background
$ sleep 100 &
[1] 52663

# List background jobs
$ jobs
[1]+  Running                 sleep 100 &

# Bring job to foreground
$ fg %1

Advanced Process Management

Process Priority and Nice Values

Linux uses priority levels (-20 to 19) where lower numbers mean higher priority:

# Run command with lower priority
$ nice -n 10 intensive_task

# Change priority of running process
$ renice -n 5 -p 1234

# View process priorities
$ ps -eo pid,ppid,ni,comm
  PID  PPID  NI COMMAND
    1     0   0 systemd
 1234     1   0 bash
 5678  1234  10 sleep

Process Signals

Signals are used for inter-process communication and control:

# Common signals
kill -l
 1) SIGHUP	 2) SIGINT	 3) SIGQUIT	 4) SIGILL	 5) SIGTRAP
 6) SIGABRT	 7) SIGBUS	 8) SIGFPE	 9) SIGKILL	10) SIGUSR1
11) SIGSEGV	12) SIGUSR2	13) SIGPIPE	14) SIGALRM	15) SIGTERM
16) SIGSTKFLT 
...

# Send signals to processes
$ kill -TERM 1234      # Graceful termination
$ kill -KILL 1234      # Force kill (cannot be ignored)
$ kill -STOP 1234      # Suspend process
$ kill -CONT 1234      # Resume process

Process Monitoring and Debugging

# Monitor process resource usage
$ pidstat -p 1234 1    # 1-second intervals

# Trace system calls
$ strace -p 1234

# Monitor file access
$ lsof -p 1234

# Check process memory maps
$ cat /proc/1234/maps

# Monitor process in real-time
$ watch -n 1 'ps -p 1234 -o pid,ppid,%cpu,%mem,stat,start,time,command'

Process States in Detail

Zombie Processes

Zombie processes occur when a child process completes but its parent hasn’t read the exit status:

# Find zombie processes
$ ps aux | grep -i zombie
$ ps -eo pid,ppid,state,comm | grep Z

# Prevent zombies with proper signal handling in parent process

Orphan Processes

When a parent process dies before its children, the children become orphans and are adopted by init:

# Example: Create an orphan process
$ (sleep 60 &) && exit
# The sleep process becomes an orphan and is adopted by init (PID 1)

Process Resource Management

Memory Management

# View process memory usage
$ cat /proc/1234/status | grep -i mem
VmPeak:	  123456 kB    # Peak virtual memory size
VmSize:	  123400 kB    # Current virtual memory size
VmRSS:	   45678 kB    # Resident set size (physical memory)

# Detailed memory breakdown
$ cat /proc/1234/smaps

# Memory limits
$ ulimit -v          # Virtual memory limit
$ ulimit -m          # Physical memory limit

File Descriptors

# View open file descriptors
$ ls -la /proc/1234/fd/
lrwx------ 1 user user 64 Oct 16 10:30 0 -> /dev/pts/0
lrwx------ 1 user user 64 Oct 16 10:30 1 -> /dev/pts/0
lrwx------ 1 user user 64 Oct 16 10:30 2 -> /dev/pts/0

# Count open file descriptors
$ ls /proc/1234/fd/ | wc -l

# File descriptor limits
$ ulimit -n          # Max number of open files

Process Groups and Sessions

Process Groups

Process groups allow managing multiple related processes together:

# Create a process group
$ sleep 100 | sleep 200 &
[1] 1234

# Send signal to entire process group
$ kill -TERM -1234    # Negative PID targets process group

Sessions

Sessions group related process groups, typically associated with a terminal:

# View session information
$ ps -eo pid,sid,pgid,comm
  PID   SID  PGID COMMAND
 1234  1234  1234 bash
 5678  1234  5678 sleep

# Start new session
$ setsid command

Practical Examples and Use Cases

1. Finding Resource-Heavy Processes

# Top CPU consumers
$ ps aux --sort=-%cpu | head -10

# Top memory consumers
$ ps aux --sort=-%mem | head -10

# Processes using most file descriptors
$ lsof | awk '{print $2}' | sort | uniq -c | sort -nr | head -10

2. Background Process Management

# Run long-running task in background
$ nohup long_running_command &

# Detach from terminal session  
$ screen -S session_name
$ tmux new-session -d -s session_name

# Monitor background processes
$ jobs -l

3. Process Resource Monitoring

# Real-time process monitoring
$ watch -n 1 'ps aux --sort=-%cpu | head -10'

# Resource usage summary
$ pidstat -u -r -d 1 5    # CPU, memory, and disk stats

Troubleshooting Common Issues

High CPU Usage

# Identify high CPU processes
$ top -bn1 | grep "Cpu(s)" 
$ ps aux --sort=-%cpu | head -5

# Analyze specific process
$ strace -p PID -c    # Count system calls
$ perf top -p PID     # Performance profiling

Memory Leaks

# Monitor memory usage over time
$ while true; do
    echo "$(date): $(ps -p PID -o %mem --no-headers)%"
    sleep 60
done

# Check for memory growth
$ watch -n 1 'cat /proc/PID/status | grep VmRSS'

Too Many Open Files

# Check current file descriptor usage
$ lsof -p PID | wc -l

# Check file descriptor limit
$ cat /proc/PID/limits | grep "Max open files"

# Increase limit temporarily
$ ulimit -n 2048

Quiz: Test Your Linux Process Knowledge

What is the PID of the init process in Linux?

Which command shows processes in a tree format?

What does the 'Z' state indicate in process status?

Which signal cannot be caught or ignored by a process?

What happens to child processes when their parent dies?

Which nice value gives the highest priority?

What does the /proc/PID/fd/ directory contain?

Which command can be used to change the priority of a running process?

What is a process group?

Which system call is used to create a new process?