An operating system consists of processes. These processes are executed in a specific order and are related. There are two categories of processes, those focused on the user environment and those focused on the hardware environment.
When a program runs, the system will create a process by placing the program data and code in memory and creating a runtime stack. A process is an instance of a program with an associated processor environment (ordinal counter, registers, etc...) and memory environment.
Each process has:
a PID: P*rocess ID*entifier, a unique process identifier
a PPID: P*arent Process ID*entifier, unique identifier of parent process
By successive filiations, the init process is the father of all processes.
A parent process always creates a process
A parent process can have multiple child processes
There is a parent/child relationship between processes. A child process results from the parent calling the fork() primitive and duplicating its code to create a child. The PID of the child is returned to the parent process so that it can talk to it. Each child has its parent's identifier, the PPID.
The PID number represents the process at the time of execution. When the process finishes, the number is available again for another process. Running the same command several times will produce a different PID each time.
Note
Processes are not to be confused with threads. Each process has its memory context (resources and address space), while threads from the same process share this context.
The user's credentials are passed to the created process when a command is executed.
By default, the process's actual UID and GID (of the process) are identical to the actualUID and GID (the UID and GID of the user who executed the command).
When a SUID (and/or SGID) is set on a command, the actual UID (and/or GID) becomes that of the owner (and/or owner group) of the command and no longer that of the user or user group that issued the command. Effective and real UIDs are therefore different.
Each time a file is accessed, the system checks the rights of the process according to its effective identifiers.
A process cannot be run indefinitely, as this would be to the detriment of other running processes and would prevent multitasking.
Therefore, the total processing time available is divided into small ranges, and each process (with a priority) accesses the processor sequentially. The process will take several states during its life among the states:
ready: waiting for the availability of the process
in execution: accesses the processor
suspended: waiting for an I/O (input/output)
stopped: waiting for a signal from another process
zombie: request for destruction
dead: the parent process ends the child process
The end-of-process sequencing is as follows:
Closing of the open files
Release of the used memory
Sending a signal to the parent and child processes
When a parent process dies, their children are said to be orphans. They are then adopted by the init process, which will destroy them.
GNU/Linux belongs to the family of time-sharing operating systems. Processors work in a time-sharing manner, and each process takes up some processor time. Processes are classified by priority:
Real-time process: the process with priority of 0-99 is scheduled by real-time scheduling algorithm.
Ordinary processes: processes with dynamic priorities of 100-139 are scheduled using a fully fair scheduling algorithm.
Nice value: a parameter used to adjust the priority of an ordinary process. The range is -20-19.
By pressing the Ctrl+Z keys simultaneously, the synchronous process is temporarily suspended. Access to the prompt is restored after displaying the number of the process that has just been suspended.
The & statement executes the command asynchronously (the command is then called job) and displays the number of job. Access to the prompt is then returned.
Example:
$timels-lR/>list.ls2>/dev/null&[1]15430
$
The job number is obtained during background processing and is displayed in square brackets, followed by the PID number.
Whether it was put in the background when it was created with the & argument or later with the Ctrl+Z keys, a process can be brought back to the foreground with the fg command and its job number.
The command nice allows the execution of a command by specifying its priority.
niceprioritycommand
Example:
nice-n+15find/-name"file"
Unlike root, a standard user can only reduce the priority of a process. Only values between +0 and +19 will be accepted.
Tip
This last limitation can be lifted per-user or per-group by modifying the /etc/security/limits.conf file.
The renice command allows you to change the priority of a running process.
renicepriority[-gGID][-pPID][-uUID]
Example:
renice+15-p1664
Option
Description
-g
GID of the process owner group.
-p
PID of the process.
-u
UID of the process owner.
The renice command acts on processes already running. It is therefore possible to change the priority of a specific process and several processes belonging to a user or a group.
Tip
The pidof command, coupled with the xargs command (see the Advanced Commands course), allows a new priority to be applied in a single command:
The pgrep command searches the running processes for a process name and displays the PID matching the selection criteria on the standard output.
The pkill command will send each process the specified signal (by default SIGTERM).
pgrepprocess
pkill[option][-signal]process
Examples:
Get the process number from sshd:
pgrep-urootsshd
Kill all tomcat processes:
pkilltomcat
Note
Before you kill a process, it's best to know exactly what it is for; otherwise, it can lead to system crashes or other unpredictable problems.
In addition to sending signals to the relevant processes, the pkill command can also end the user's connection session according to the terminal number, such as:
This command's function is roughly the same as that of the pkill command. The usage is —killall [option] [ -s SIGNAL | -SIGNAL ] NAME. The default signal is SIGTERM.
orphan process: When a parent process dies, their children are said to be orphans. The init process adopts these special state processes, and status collection is completed until they are destroyed. Conceptually speaking, the orphanage process does not pose any harm.
zombie process: After a child process completes its work and is terminated, its parent process needs to call the signal processing function wait() or waitpid() to obtain the termination status of the child process. If the parent process does not do so, although the child process has already exited, it still retains some exit status information in the system process table. Because the parent process cannot obtain the status information of the child process, these processes will continue to occupy resources in the process table. We refer to processes in this state as zombies.
Hazard:
They are occupying system resources and causing a decrease in machine performance.
Unable to generate new child processes.
How can we check for any zombie processes in the current system?
ps-lef|awk'{print $2}'|grepZ
These characters may appear in this column:
D - uninterruptible sleep (usually IO)
I - Idle kernel thread
R - running or runnable (on run queue)
S - interruptible sleep (waiting for an event to complete)
T - stopped by job control signal
t - stopped by debugger during the tracing
W - paging (not valid since the 2.6.xx kernel)
X - dead (should never be seen)
Z - defunct ("zombie") process, terminated but not reaped by its parent