Process management: ps

- [Instructor] On a Linux system, programs run within a process. A process allows us to keep track of a program that's running, and programs can start up sub-processes, or child processes, as they need to. The processes for a particular program are all related and can be managed individually or as a group. A common tool for finding out some information about processes that are running is called PS. If I run PS by itself, I can see the processes that are running inside the shell. Here's the shell, and here's PS. Because when it was running, it had a process of its own.

The columns here start out with the PID, or process ID, the number that the system assigns to new processes. When a process ends, the number it was using is released, and the system can reuse it. Depending on your system, there's different limits for the number of processes that a particular user can start, though the user is generally not constrained within a limit. Every process takes resources though, so there are practical, not just theoretical, limits to how much stuff you can run. The next column is the terminal where a process is running. These are all in PTS one, because that's my pseudo-terminal that I'm running here.

Time is how much time each command has taken so far. And CMD is the command that invoked the process. There's quite a few different options for changing the output and the scope of what's displayed. And I encourage you to take a look through the PS man page for more details. Let's look at a few options here though. I'll start up a series of nested bash shells. PS dash C and a command name will show you the processes that have that command name. I'll use bash, because I know I have a few of those running. And here they are. Combining that with the F option gives a more full listing.

I'll write PS dash F capital C bash. This shows the user ID that started a command and the time that it was started up in addition to the parent process ID. And following through these, I can see that this process is the parent of this one. This process is the parent of this one, and so on. Modifying this can make it a little more helpful, like with the J and H options to make a tree format. I'll write PS dash J capital H C and bash.

Capital H shows a hierarchical listing, and J shows output in the jobs format where we get process group ID and session ID values as well. You can see how that lines up with the groups of processes that are running under other processes or session leaders. The SID, or session ID, is the process ID of the session leader, which is responsible for all the processes, or jobs, underneath it in the tree. We can also take a look at what a particular user is running with the dash U or dash capital U option. Lowercase U shows the effective user, and capital U shows the real user.

Let's see what my user has started here outside of just this shell. Alright, that's a lot of stuff, mostly from my desktop manager and the VirtualBox software. We can make this a little more readable, again, with F for full output, capital H for a hierarchical view, and U and the username. And that gives us a bit more of a picture of what processes are going on for this particular user. I can see all of the processes on a system with PS dash E for everything, which is kind of useful, especially in conjunction with some of the other options we saw earlier, like H for hierarchical view.

PS is often used in conjunction with the kill command which sends interrupt signals to processes. There are various signals that kill can send to a process, some of which request that a process do whatever cleanup it needs to do before exiting or simply requesting that the process do whatever it's designed to do in response to an interrupt signal, which in some cases, doesn't end the process at all. The default signal is called sig term, which asks the process it's sent to to exit. Usually that will work to end a running process unless that process is stuck or, for some other reason, doesn't respond to this polite request.

In that case, we can send a much more forceful signal called sig kill to the process instead, which immediately ends the process without waiting for it to respond. We can take a look at all of the signals available with kill dash lowercase L. Here's sig term, and here's sig kill. To specify the signal to use, we use dash and then the number. So dash nine is sig kill. Let's see what process my shell is here with PS dash capital C bash. Let's go for 2858. That's the parent process for these processes below it.

I'll use kill dash nine to end that process, which will end all of the processes underneath it as well. And there goes my terminal. Using PS to track down a process is a great skill to have, and it can help you gain more insight as to what a system is doing.