Processes

The control group of a process can be retrieved from the /proc directory. We only need to know the PID of the process, which can be found using ps or pidof.

Usage

If we know that our PID is 1234, then showing the cgroup is as easy as using cat to see the contents of the ‘cgroup’ file.

The ps command can show the control group of a process using the -o option, followed by the right column names.

Usage

To show processes and the control group, we can filter the output columns.

# ps -e -o pid,cgroup:64,args
    PID CGROUP                                                           COMMAND
      1 0::/init.scope                                                   /lib/systemd/systemd --system --deserialize 58
      2 -                                                                [kthreadd]
      3 -                                                                [rcu_gp]
<snip>
    576 -                                                                [xprtiod]
    634 0::/system.slice/dbus.service                                    @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
    640 0::/system.slice/networkd-dispatcher.service                     /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
    645 -                                                                [nfsiod]
    653 0::/system.slice/systemd-logind.service                          /lib/systemd/systemd-logind
    696 0::/system.slice/system-getty.slice/getty@tty1.service           /sbin/agetty -o -p -- \u --noclear tty1 linux

In this example the PID is displayed, with the control group, and the command with its arguments. By specifying the width of 64 characters, we can properly see the full name of the control group.

Killing processes with a filter

The kill command is used on Linux to send a process signals. This can be a numeric value or its defined name (e.g. SIGTERM).

Zombies…

Killing zombies, for fun?

Search for PID and process name

Retrieve PIDs for a service

Linux uses signals to interact and define the state of a process. It uses POSIX reliable and real-time signals. The first are considered standard signals.

Many programs are build using glibc and therefore use functions like kill(2) to send a signal to a process or processes group, or even all processes on the system. A process can decide to ignore a signal or take an action after it is received by a signal handler, a routine to catch incoming signals.

Stop a process by searching for its name

A Linux systems without processes is not possible. So we collect tips to deal with processes and improve your skills.

Sometimes a process gets stuck and how often you try, it won’t respond to the combination of CTRL+C. One option is to open a second shell, then perform a kill.

kill 1234

Pushing a job to the background

While this works, there is usually a much easier way. This involves pushing a running process into the background by pressing CTRL+Z.

[1]+  Stopped                 ./runserver

Kill the process

To get it back to the foreground, we would normally run fg. Instead, we tell it to stop.

Introduction

Each Linux system has a bunch of processes running. Most of these processes might be familiar to you if you regularly use a command like ps or top to display them. Processes may look like just an item in a list. They are actually complicated pieces of code that are tamed by a memory manager. To truly understand how your system is running, knowledge of process (or memory) management is of great help. So let’s make a jump into the internals of Linux by learning the tools at our disposal.

Every operating system needs memory to store program code segments and data. This is also true for Linux systems. The problem: there is a lot of information available regarding memory usage and its behavior. Let’s discover how Linux manages its memory and how we can gather memory information.

After reading this guide, you will be able to:

• Show the total amount of memory
• Display all memory details
• Understand the details listed in /proc/meminfo
• Use tools like dmesg, dmidecode, free, and vmstat

Linux memory information

Random access memory

When we talk about memory in this article, we usually mean random access memory (RAM). This is the memory which can be used for both showing and storing data. Typically we will find in this type of memory the programs that are running on the system, including the Linux kernel itself. Besides the program code, memory also stores a lot of data. A good example is when you are running a MySQL database server. The program itself is relatively small, the data itself is huge. So we will also have a look at tuning programs and their memory usage, as this is typically a problem with memory-hungry programs.

From the initial start of the Linux operating system, the first processes are already born. In this article we have a look on dealing with processes. In particular we look at how to do process auditing. Whenever you are an auditor, system administrator or just a Linux enthusiast, you can’t ignore processes and should know how to deal with them.

Process listing

For most people working on Linux systems, it might be obvious to display running processes with ps. For Linux it’s common to use ps -ef, which shows effectively a list of all processes with a full listing. Those who are used to work on BSD machines will prefer using ps aux. On Linux with the POSIX tools, both will work, however with a slightly different output.