Linux+ TechNotes - Processes


Manipulating Processes
Process I/O
Automating Processes


Every operating system exists to run programs for its users and Linux is no exception. In Linux, a program that is being executed is called a process. Each process is assigned a unique number to identify it, called the Process ID (PID). A running process can spawn off other processes, called child processes that in turn can spawn other child processes. Each process keeps track of not only its own PID but also its parent’s PID (PPID).

When a Linux system boots, the kernel executes a program called init to facilitate starting all other operating system programs and services. Since init is always the first process to be executed, its PID is always 1. All processes in Linux are descendents of init. Linux maintains two separate areas in memory for processes, kernel space and user space. Kernel space is used by device drivers, modules, and other processes initiated by the kernel. All other services and programs are executed in user space. The majority of processes that an administrator will work with are user space processes.

Manipulating processes

The ps command is used to display information about running processes such as the PID, PPID, amount of CPU time used, the terminal from which the process is being executed and the user who owns the process. There are dozens of options that can be passed to ps to display different process selections and output formats. ps is frequently used with the –ef switches to display all available information for all running processes. This output contains the following columns:


The name of the user who owns the process


The unique number that identifies this process


The PID of the parent of this process


Amount of CPU utilization


Time the process was started


Controlling terminal of the process


Total execution time of the process


The command that is being run

A process can be terminated using the kill command. The syntax of this command is:

kill –signal pid(s)

The signal is one of 30 different signals that can be sent to a process in order to stop it. The most common kill signals are listed below:






Traditionally used to indicate that a controlling terminal has hung up and the process and children should terminate. Most daemons recognize this as a signal to re-read configuration files or restart.



Terminates a process forcibly.



Terminates a process nicely by allowing it to perform clean up operations, such as deleting temporary files, before quitting.

If there are several instances of the same process running, the killall command can be used to stop them all without having to specify each PID. For example, the following command will forcibly terminate all smbd processes:

killall –9 smbd

Processes can run either in the foreground or the background. A foreground process blocks the terminal from which it is run, meaning that other commands cannot be entered until the process is finished. Background processes run without blocking the terminal and are generally used for processes that do not require any user input. A job is executed in the foreground by default. To start a process in the background, add a ‘ & ’ to the end of the command. For example:

[root@linuxserver /root]# &
[1] 32434

When you start a job in the background, the kernel returns a job number and a PID. You can check the status of active jobs by using the jobs command. When dealing with processes, a % indicates that you are referring to the job number instead of the PID so the characters %1 refer to job number 1, not process ID 1. The fg command is used to move a specified job number to the foreground. The bg command will resume a stopped or suspended foreground job in the background. The Ctrl-Z key combination is used to suspend a job running in the foreground and returns you to a shell prompt.

Linux supports process prioritization allowing you to grant some processes uninterrupted CPU time, such as a CD burning application, while other processes can be given a lower priority so they run only when the CPU is idle. Priority values range from –20 (highest priority) to +19 (lowest priority). The nice command is used start a process at a priority other than the default. The following command will start updating the slocate database in the background with a priority of –3:

nice –n-3 updatedb &

The renice command is used to adjust the priority of a job that has already been started. Assuming the PID of the previous command is 12523, to change this command to run at a priority of –5 you would type:

renice –5 12523

Process I/O

Each process in Linux maintains three streams for data: stdin, stdout, and stderr. Stdin allows the process to accept input from the keyboard. Stdout allows the process to output data to the terminal. Stderr allows the process to output system generated error messages to the terminal. Each of these data streams can be redirected to a different device such as a file or another process.

Output redirection is commonly used to save the output of a program to a file for viewing at a later time. Redirecting stdout is done using the ‘ > ’ symbol: > log.txt

If the file log.txt does not exist, it will be created. If the file already exists, it will be overwritten. To append stdout to the end of a file, use the ‘ >> ’ symbol: >> log.txt

In most cases you will also want to redirect stderr to record error messages in case your program is terminated unexpectedly, tries to perform an operation on a file that does not exist, or performs some other error. There are different ways to accomplish this, for example: > log.txt 2> log.err &> log.txt

Redirecting stdin uses a similar syntax. When a process expects input from the keyboard, input redirection allows you to use the contents of a file to supply the input: < file.txt

You can also use redirection to link the output of one program to the input of another. The pipe symbol allows you to string commands together to perform complex operations in a single step. For example:

ps –ef | grep httpd

This command will generate a full listing of all running processes and then search the output for all lines containing ‘httpd’. The following table summarizes I/O redirection symbols:






Stdout (overwrites existing files)


Stdout (appends to existing files)


Stderr (overwrite)


Stderr (append)


Stdout and Stderr (overwrite)


Stdout and Stderr (append)


Stdout from one process to stdin of another

Automating processes

Every system administrator has programs and tasks that need to be run on a regular basis or at a time when no one is around to execute them. Linux provides two utilities for scheduling processes to run automatically. Cron is used to schedule jobs that should run on a regular basis. At is used to schedule jobs to run once at a specific time in the future.

Cron consists of two parts, the crond daemon that processes commands and crontab, the listing of which commands to run at what times. Each user maintains their own crontab which is simply a file containing a list of scheduled tasks. The crontab command can be used with the following options:


Edit (or create) a crontab file


List the crontab file


Remove the crontab file

A basic crontab entry contains six fields separated by spaces: minute, hour, day, month, day of the week, command. The following values are permitted for the first five fields:









0-23 (0 = midnight)






1-12 or Jan-Dec


Day of the Week

0-6 (0 = Sunday) or Sun-Sat

An asterisk (*) is used to indicate that every instance (every hour, every weekday, etc.) of the particular time period will be used. If you want a process to run only on specific instances of a particular time period, separate the times by a comma. If you wish to use a range of times, the start and stop items are separated by a dash. For example, if you wanted to run your command at 5 and 35 minutes past the hour, every hour, Monday through Friday, then your crontab entry would look like this:

5,35 * * * 1-5 command

The sixth position indicates which task will be run at the given time(s). For example, if you wanted to remove all of the files in the /tmp directory every morning at 4:45 AM, your command would look:

45 4 * * * /bin/rm /tmp

When you need to schedule jobs that only need to run once, use the at command. To schedule a job using at , create a text file that contains the command(s) you wish to run. Then use at to execute the command(s) in this file at a specific time:

at –f file time

The time can be given in virtually any format. Each of the following examples is acceptable: 16:30 12/31/05, 4pm tomorrow, now + 3 days, midnight Jul 12. Unlike cron, there is a single queue that contains at jobs for all users. The atq command is used to check the status of queued at jobs. The atrm command can be used to delete pending tasks.



Current related exam topics for the Linux+ exam:

DOMAIN 2.0 Management

2.11 Identify, execute, manage and kill processes (for example: ps, kill, killall, bg, fg, jobs, nice, renice, rc)

2.12 Differentiate core processes from non-critical services (for example: init, [kernel processes], PID, and PPID values)

2.22 Schedule jobs to execute in the future using "at" and "cron" daemons

2.23 Redirect output (for example: piping, redirection)

Date: July 05, 2005
Author: Drew Miller
Comptia A+ Network+ I-net+ Linux+ MCP