Linux Processes: A Complete Guide
What is a Process in Linux?
A process in Linux is a running instance of a program. When you execute a command or run an application, the operating system creates a process to manage that program’s execution. Think of it as a container that holds all the resources, memory, and execution context needed to run a specific program.
Every process in Linux has several key characteristics:
- Unique Process ID (PID): A numerical identifier assigned by the kernel
- Parent Process ID (PPID): The PID of the process that created this process
- Memory space: Virtual memory allocated to the process
- File descriptors: Handles to open files, sockets, and devices
- Environment variables: Configuration settings inherited or set for the process
- Process state: Current status (running, sleeping, stopped, zombie, etc.)
Process Lifecycle
1. Process Creation
Processes are created through system calls, primarily:
- fork(): Creates an exact copy of the parent process
- exec(): Replaces the current process image with a new program
- clone(): Creates a new process with shared resources
# Example: When you run a command, the shell forks and execs
$ ls -la
# Shell process forks → creates child → child execs 'ls' program
2. Process States
Linux processes can be in several states:
| State | Symbol | Description |
|---|---|---|
| Running | R | Currently executing on CPU or waiting for CPU |
| Sleeping | S | Waiting for an event (interruptible sleep) |
| Uninterruptible Sleep | D | Waiting for I/O operations |
| Stopped | T | Process execution suspended |
| Zombie | Z | Process finished but parent hasn’t collected exit status |
3. Process Termination
Processes can terminate through:
- Normal completion (exit())
- Signal termination (SIGTERM, SIGKILL)
- Parent process termination
- System shutdown
Process Hierarchy and Relationships
Init Process (PID 1)
Every Linux system starts with the init process (PID 1), which is the ancestor of all other processes. Modern systems typically use systemd as the init system.
# View the init process
$ ps -p 1
PID TTY TIME CMD
1 ? 00:00:02 systemd
Process Tree Structure
Processes form a hierarchical tree structure where each process (except init) has a parent:
# View process tree
$ pstree
systemd─┬─ModemManager───3*[{ModemManager}]
├─NetworkManager───3*[{NetworkManager}]
├─accounts-daemon───3*[{accounts-daemon}]
├─avahi-daemon───avahi-daemon
├─bluetoothd
...
Process Identification and Information
Process IDs (PIDs)
Each process has several important identifiers:
# Get current shell's PID
$ echo $$
51727
# Get parent PID
$ echo $PPID
3798
# Get process group ID
$ ps -o pgid= $$
51727
Process Information Files
Linux exposes process information through the /proc filesystem:
# Process information directory
$ ls /proc/$$
arch_status coredump_filter gid_map maps oom_adj sched statm wchan
...
# View process status
$ cat /proc/$$/status
Name: bash
Umask: 0002
State: S (sleeping)
Tgid: 51727
...
Essential Process Management Commands
1. ps - Process Status
The ps command displays running processes:
# Basic process list
$ ps
PID TTY TIME CMD
51727 pts/1 00:00:00 bash
52473 pts/1 00:00:00 ps
# Detailed process information
$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 24004 15156 ? Ss Oct05 0:04 /sbin/init splash
root 2 0.0 0.0 0 0 ? S Oct05 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S Oct05 0:00 [pool_workqueue_release]
root 4 0.0 0.0 0 0 ? I< Oct05 0:00 [kworker/R-rcu_gp]
root 5 0.0 0.0 0 0 ? I< Oct05 0:00 [kworker/R-sync_wq]
...
# Process tree view
$ ps -ef --forest
UID PID PPID C STIME TTY TIME CMD
root 2 0 0 Oct05 ? 00:00:00 [kthreadd]
root 3 2 0 Oct05 ? 00:00:00 \_ [pool_workqueue_release]
root 4 2 0 Oct05 ? 00:00:00 \_ [kworker/R-rcu_gp]
root 5 2 0 Oct05 ? 00:00:00 \_ [kworker/R-sync_wq]
2. top - Real-time Process Monitor
# Interactive process monitor
$ top
# Key commands within top:
# q - quit
# k - kill process
# r - renice process
# P - sort by CPU usage
# M - sort by memory usage
# 1 - show individual CPU cores
3. htop - Enhanced Process Viewer
# Install htop (if not available)
$ sudo apt install htop # Debian/Ubuntu
$ sudo yum install htop # RedHat/CentOS
# Run htop
$ htop
4. pgrep/pkill - Process Search and Kill
# Find processes by name
$ pgrep spotify
49024
49120
# Kill processes by name
$ pkill spotify
# Kill with specific signal
$ pkill -TERM spotify
5. jobs - Shell Job Management
# Run command in background
$ sleep 100 &
[1] 52663
# List background jobs
$ jobs
[1]+ Running sleep 100 &
# Bring job to foreground
$ fg %1
Advanced Process Management
Process Priority and Nice Values
Linux uses priority levels (-20 to 19) where lower numbers mean higher priority:
# Run command with lower priority
$ nice -n 10 intensive_task
# Change priority of running process
$ renice -n 5 -p 1234
# View process priorities
$ ps -eo pid,ppid,ni,comm
PID PPID NI COMMAND
1 0 0 systemd
1234 1 0 bash
5678 1234 10 sleep
Process Signals
Signals are used for inter-process communication and control:
# Common signals
kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1
11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM
16) SIGSTKFLT
...
# Send signals to processes
$ kill -TERM 1234 # Graceful termination
$ kill -KILL 1234 # Force kill (cannot be ignored)
$ kill -STOP 1234 # Suspend process
$ kill -CONT 1234 # Resume process
Process Monitoring and Debugging
# Monitor process resource usage
$ pidstat -p 1234 1 # 1-second intervals
# Trace system calls
$ strace -p 1234
# Monitor file access
$ lsof -p 1234
# Check process memory maps
$ cat /proc/1234/maps
# Monitor process in real-time
$ watch -n 1 'ps -p 1234 -o pid,ppid,%cpu,%mem,stat,start,time,command'
Process States in Detail
Zombie Processes
Zombie processes occur when a child process completes but its parent hasn’t read the exit status:
# Find zombie processes
$ ps aux | grep -i zombie
$ ps -eo pid,ppid,state,comm | grep Z
# Prevent zombies with proper signal handling in parent process
Orphan Processes
When a parent process dies before its children, the children become orphans and are adopted by init:
# Example: Create an orphan process
$ (sleep 60 &) && exit
# The sleep process becomes an orphan and is adopted by init (PID 1)
Process Resource Management
Memory Management
# View process memory usage
$ cat /proc/1234/status | grep -i mem
VmPeak: 123456 kB # Peak virtual memory size
VmSize: 123400 kB # Current virtual memory size
VmRSS: 45678 kB # Resident set size (physical memory)
# Detailed memory breakdown
$ cat /proc/1234/smaps
# Memory limits
$ ulimit -v # Virtual memory limit
$ ulimit -m # Physical memory limit
File Descriptors
# View open file descriptors
$ ls -la /proc/1234/fd/
lrwx------ 1 user user 64 Oct 16 10:30 0 -> /dev/pts/0
lrwx------ 1 user user 64 Oct 16 10:30 1 -> /dev/pts/0
lrwx------ 1 user user 64 Oct 16 10:30 2 -> /dev/pts/0
# Count open file descriptors
$ ls /proc/1234/fd/ | wc -l
# File descriptor limits
$ ulimit -n # Max number of open files
Process Groups and Sessions
Process Groups
Process groups allow managing multiple related processes together:
# Create a process group
$ sleep 100 | sleep 200 &
[1] 1234
# Send signal to entire process group
$ kill -TERM -1234 # Negative PID targets process group
Sessions
Sessions group related process groups, typically associated with a terminal:
# View session information
$ ps -eo pid,sid,pgid,comm
PID SID PGID COMMAND
1234 1234 1234 bash
5678 1234 5678 sleep
# Start new session
$ setsid command
Practical Examples and Use Cases
1. Finding Resource-Heavy Processes
# Top CPU consumers
$ ps aux --sort=-%cpu | head -10
# Top memory consumers
$ ps aux --sort=-%mem | head -10
# Processes using most file descriptors
$ lsof | awk '{print $2}' | sort | uniq -c | sort -nr | head -10
2. Background Process Management
# Run long-running task in background
$ nohup long_running_command &
# Detach from terminal session
$ screen -S session_name
$ tmux new-session -d -s session_name
# Monitor background processes
$ jobs -l
3. Process Resource Monitoring
# Real-time process monitoring
$ watch -n 1 'ps aux --sort=-%cpu | head -10'
# Resource usage summary
$ pidstat -u -r -d 1 5 # CPU, memory, and disk stats
Troubleshooting Common Issues
High CPU Usage
# Identify high CPU processes
$ top -bn1 | grep "Cpu(s)"
$ ps aux --sort=-%cpu | head -5
# Analyze specific process
$ strace -p PID -c # Count system calls
$ perf top -p PID # Performance profiling
Memory Leaks
# Monitor memory usage over time
$ while true; do
echo "$(date): $(ps -p PID -o %mem --no-headers)%"
sleep 60
done
# Check for memory growth
$ watch -n 1 'cat /proc/PID/status | grep VmRSS'
Too Many Open Files
# Check current file descriptor usage
$ lsof -p PID | wc -l
# Check file descriptor limit
$ cat /proc/PID/limits | grep "Max open files"
# Increase limit temporarily
$ ulimit -n 2048