Linux Process Lifecycle and Administration
Understanding Process Execution
In Linux environments, a clear distinction exists between a program and a process. A program is a static executable file stored on the disk, such as a binary located in /usr/sbin/. Conversely, a process represents the dynamic execution of that program. It has a lifecycle, consuming system resources like CPU and memory while active. A single executable file can spawn multiple concurrent process instances.
Process Hierarchy
Processes operate in a hierarchical structure. The initial process spawned during system boot acts as the ancestor. Subsequent processes are created as children.
- Parent Process: The primary process that spawns others.
- Child Process: Derived from a parent via system calls like
fork().
Note that process groups often share fate; if a parent session ends, associated child processes may receive termination signals.
Monitoring Active Processes
Static Snapshots with ps
The ps command provides a snapshot of current processes.
# Display all running processes with detailed metrics
$ ps -eo pid,user,%cpu,%mem,stat,start,cmd
PID USER %CPU %MEM STAT START CMD
1 root 0.0 0.1 Ss Jan01 /sbin/init
1542 www-data 0.5 1.2 S 10:00 nginx: worker process
1543 www-data 0.4 1.1 S 10:00 nginx: worker process
Key columns include:
- PID: Unique Process Identifier.
- STAT: State code (e.g.,
Sfor sleeping,Rfor running,Zfor zombie). - CMD: The command or binary path.
To filter specifically for daemon processes:
$ pgrep -a nginx
1541 nginx: master process /usr/sbin/nginx
1542 nginx: worker process
To visualize the hierarchy:
$ pstree -p
init(1)─┬─sshd(800)─┬─bash(1200)
└─nginx(1541)─┬─nginx(1542)
└─nginx(1543)
Dynamic Monitoring with top
For real-time analysis, top updates process statistics continuously.
# Refresh every 3 seconds, monitoring specific PID
$ top -d 3 -p 1541
Interactive commands within top:
Shift + P: Sort by CPU usage.Shift + M: Sort by Memory usage.k: Prompt to kill a process by PID.r: Adjust nice value (priority).
Batch mode output can be saved for logging:
$ top -b -n 5 > system_load.log
Process Control and Signals
Adjusting Priority
Process scheduling priority can be set at launch or modified during execution.
# Launch with lower priority (higher nice value)
$ nice -n 10 backup_script.sh &
# Modify an existing process (requires appropriate permissions)
$ renice -n 5 -p 1234
1234: old priority 0, new priority 5
Signal Transmission
Processes communicate via signals. The kill command sends these signals.
# List available signals
$ kill -l
1) SIGHUP 9) SIGKILL 15) SIGTERM
# Graceful termination (default is SIGTERM)
$ kill 1541
# Forceful kill (SIGKILL)
$ kill -9 1542
To terminate all instances of a specific program:
$ killall httpd
$ pkill -f python3
Practical example of reloading a service via signal:
$ pgrep sshd
800
$ kill -HUP 800
# Process reloads configuration without stopping
Network Process Mapping
Identifying which process owns a network port is critical for debugging.
# Show listening TCP ports with associated PIDs
$ netstat -tlnp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 2048/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 800/sshd
Analyzing connection states for a specific port:
$ netstat -an | grep :8080 | awk '{print $6}' | sort | uniq -c
10 ESTABLISHED
5 TIME_WAIT
1 LISTEN
Identifying high-frequency connections by IP:
$ netstat -an | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn | head
The /proc Virtual Filesystem
The /proc directory exposes kernel and process data as files. It does not consume disk space.
# Check CPU information
$ grep -c ^processor /proc/cpuinfo
4
# View memory statistics
$ cat /proc/meminfo | head -5
MemTotal: 8192000 kB
MemFree: 1024000 kB
System uptime and load are also available here:
$ cat /proc/uptime
12345.67 9876.54
If /proc is unmounted, system tools relying on it will fail:
$ umount /proc
$ free -m
Error: /proc must be mounted
# Remounting the filesystem
$ mount -t proc proc /proc
