1. ps, top, uptime, free
The following lessons are about processes and how to monitor, terminate or recreate them. Let’s first look at the most important command. That is the ps command. I’ve used this one or the other time in the last few lessons without going into detail. ps stands for Processes and shows the ongoing processes in our system. So let’s take a quick look at the man page. Man report snapshot of the current processes. And we see here that we have a very large number of options in this area. The most common options are most likely the options E and F. So let me use them. ps the options E and F. The option E ensures that all processes that are currently running on the system are displayed. And the option F stands for full format printing.
So more details are displayed here. Scroll little bit up to the top if it’s possible. I don’t know yet. Okay, so we see a whole series of processes running here. In principle, we see a complete table here. The user who started the process is in the first column with the user ID. The second column contains the process ID of the process. Each process is assigned an ID. We already discussed the issue of in. It that each process receives the process ID. And init always has the process ID one, which is the first process that is started. We can see that. Wonderfully. Here was a command Psef process ID one. And we have here as been in it. In the third column we have the ppid, which means parent Process ID. This is the process ID of a process from which another process emerges.
We might take a look at this to make it a little bit clearer. So let’s look at the process ID of Bash with Psef. And then we grab it to Bash. And here we have Bash. It’s the process. ID 4516. Now we start another bash from this bash and then we will execute the ps command again. So. Bash and then the command pse. And now we see we have two bashes. In this case, these twos. These two ones here and the one from earlier. The first one which has the process ID 54516. This one here and the new bash has the Process ID 7372. And here you can see it has the parent Process ID 4516 so the same process ID as the first bash. That means that four 5116 is the Process ID from which the second bash emerges. Let me scroll up again.
Okay, in the fifth column in the fifth column this is not important. The C column. The fifth column we can see when a process was started. And in the 6th column from which terminal this process started, the last column shows the program itself or the command with which the program was started. ps is used in the administration exclusively to see whether a process is running and which process ID it has to see the processes in a tree view. We use the ps three command and from this we can see wonderfully which process is deviating from which process. You can see here system D, the first process and so on with ps three and the option P. The process tree also shows us the corresponding process ids. You can see here these process ids here.
Another possibility to take a look at the current processes is with the Top program. Top is a dynamic overview of the running processes in tabular form. It is often used to see at a glance whether there is currently a process that is using a lot of system resources. Program is Top and we have the list here, which is also constantly updated. If something happens on the system, you see that there was an update and another little update. You can see this changing here. And yeah, we can see the process ids here on the left. In addition, we see the user who started the process in the second column. In the third column priority scheduling. And in the fourth column the 9th value. We will come to that in more detail later.
In the fifth column the value Virtual, which shows how much memory is used here, including shared libraries and swap. In addition we have the value Rest which stands for Reserved and describes the physical main memory that is not swapped. Next to it the column shr which stands for Shared and it shows the memory that is shared with other processes. Next to it the column S which stands for Status. There are of course different states. R is here, r is for example, running. So it works as stands for sleep. So the program is not running, it’s waiting. Then we have for example a zet that stands for zombie. zombie is a process that is no longer running but still uses memory here. In this column we have person cpu.
It is the percentage of cpu the service is using. Here we have per cent mem, which is the amount of physical memory used here, the time, time plus. So the time that the process used and these values are displayed in seconds. Finally, of course, the corresponding command. So the command name here or the program name at the top of the actual process list. We also have some interesting values that you can look at here. At this one, the first line corresponds to the output of the uptime command. Take a close look at the first line here, sorry, top one, user load average and so on. And I will leave Top for a moment and I just use Uptime. And here you can compare that this line with this line and we see they are identical. On the far left is the current time.
The current time here, and next to it how long the system has been running. So my system is up since 29 minutes now. Next to it is how many users are currently locked into the system. And then three words on the topic of load average. The first value shows the average system utilization in the last minute. The second value shows the average system utilization in the last five minutes, and the third value shows the average system utilization in the last 15 minutes. How are these values to be understood? A value of zero would mean that the full system performance is available. The higher the value, the more the system is used. The value should not be higher than the number of cpu cores.
So if we, for example, or if you use a processor with four cores and uptime shows a value of five, then the processor is currently not able to process all tasks immediately. If the value were four, the system would be optimally utilized, and if the value was less than four, the system would not be fully utilized. So let’s come back to Top. Start that again. In the second line we see an overview of the number of tasks divided into running, sleeping, stopped and zombie. In the third line we see a few details about cpu. The value Us stands for user. So cpu time that is used for user processes depending on the language setting up top you can also use for benutza in German, or maybe in other words for other languages. And yeah, the value S Y stands for system.
So the cpu time used by system processes. The value. Ni stands for nice. So cpu time for processes that were nice. As I said, we will come back to this topic of Nice in the next few videos. The value ID stands for idle and shows the time the system is currently idle. WA stands for weight, more precisely io weight. So the time that is weighted for data processing. If this value is high, this could be an indication of a bottleneck in the hdd speed. Hi stands for hardware interacts. So how much time is spent processing hardware interruptions? si stands for software interacts and Is software cited equivalent to high and St stands for stolen. This shows the time that the hypervisor stole. For other tasks. This value only applies if we have several virtual machines installed and running them in parallel.
And in the next two lines we find a few more details about the working memory. I think we don’t have to go into each individual value here as these are actually self explanatory. Of course Top also have one or the other option. You can for example, only display a certain process in order to observe it in real time. If we for example for example only want to display the antenix process, if we had to have endo linux installed, we must first find out the process ID. We do this either directly via Top or ps. So I’m using ps now ps, ef, grep and linux and I have two processes displayed here now, and if we want these two processes to be displayed in Top. Then we use Top in connection with the option P followed by the process ID separated with Comma. So in this case Top with the option P.
And then this process ID six eight five comma and six eight six. And now here we only have the endo nix commands and we can have a closer look at these two processes over a period of time. In addition to the options, there are hot keys with which you can adjust the Top view. For example, with T you can sort by time. Let me just go out and start it without the P option. So with T you can sort it by time. With H we come to the help and can also see the individual hot keys. Here we have seen that Top also shows us details about the memory. But we can also use the free command for this. Free and the main memory and the swap memory are displayed here. We have various details here such as total memory, here free memory, used memory and since the display is in kilobytes, the result can be a bit confusing.
With the option B the result is displayed in bytes. With the option M the result is displayed in megabytes and I think you already know it. With the option G the result is displayed in gigabytes. And in my personal point of view, the best option here is the option H. H stands for Human readable. So the best display is automatically determined and displayed accordingly. So we can see here we have a total memory of 7. 8gb. 924 megabytes are used. And compare this please with the gigabytes free. In gigabytes we have here used zero. That is definitely wrong. So in my point of view, please always use the H option, it’s better or the M option. Then you have 924 megabytes and not 0gb. Then we have here 5. 7gb free and so on.
2. pgrep, kill
In the last video we searched for the Process ID of a process using PS. The command was as follows PS EF and then in our case grab nginx and in this case the respect Process ID of the two Nginx processes are displayed. The third one here has nothing to do with Nginx, by the way. It’s just the process behind the command we just entered. There is another possibility to find out the Process ID, namely with the command Pgrap. Let’s take a look at the man page. Man pgrap pgrapp pkill lookup or signal processes based on name and other attributes. We can see in the description that the command pkill is also listed here. That is, these two commands have the same syntax and belong together. Now let’s take a look at the Pgrap command in detail.
If we want to find out the Process ID of Nginx with Pgrap, we simply enter pgrap nginx and we get the respective Process ids here. 685686 we can compare them to these ones 684686 Andrew nix and linux if I now want the name of the process to be also displayed, this would work with the option l so pgrap l NX and so I can at least be sure that these are actually two Nginx processes. Let’s say our Nginx process crashed for some reason. The process can still be found in the process list, but the web server simply no longer works. If we try to restart it within it or systemctl, it doesn’t work, the process got stuck. So what do we do in such a case? We have to kill the corresponding process.
There are several options here. We have the command Kill, we have Pkill, we have x kill or we have Kill all. xkill is a program that we can use in graphical interfaces with the mouse, but that is not part of the exam, which is why I will not go into it. Most interestingly in our case is the command Kill. With the help of Kill, we send a so called shut down signal to the process or to a process which is then supposed to ensure that the process either shuts down properly or that it is completely unplugged. With Kill, you can send different signals to the process. Kill with the option L shows the possible signals and we see. We have a total of 64 different signals here.
But we don’t need to know the meaning of each signal, just a handful of more important ones. The syntax of Kill is a follow kill signal and then the process ID. So first the signal comes, so one of these signals here, and then the Process ID of the process that we would like to kill. The standard signal that kills Sands, unless we specify otherwise is signal 15 called Sick Term. Be sure to note sick term is the standard signal that kills sense if we don’t specify a different one. Please keep that in mind for the exam. Sick term should always be our first choice because sick term still gives the process the opportunity to end itself in an orderly manner.
So to complete any tasks that may still be running in the background or to write to the log file or something similar, we will just end the two Nginx processes. We still have the Process ids from the explanation of Pgrap up here. And we don’t have to do that again to check because Process ID don’t change unless you restart them or restart the entire computer. So pseudo kill and then sick term and the Process ID six eight five and six eight six, the two processes ended and since we used the sick term signal, we can assume that the process is ended in an orderly manner. We can check this with the following command pgrap Nginx and we don’t get any results.
So the processes are no longer running. I am starting nginx again. Pseudo system ctl start Nginx, Pgrap l and genix and we see that endo nix is running again. And we have now received two new Process ids. We now have several possibilities to end the process with this sick term signal. We can also enter the number so the 15 here instead of the word sick term. So let’s try it out with pseudo kill 15 and then 8257. So we have now only ended one of the two Process ID. If we now execute Pgrab lngx, then we see that both Nginx processes are ended, because these two processes are belonging together. I’m not sure if this is also the case when we are shutting down the second ndx process.
We could try that later again, but first of all, I have to restart Nginx again. So again Pgrap l Nginx. So now let’s try to kill the second Nginx process pseudo kill 15 and then 8305. We see that the process we have just killed was restarted automatically, which you can see, which we can see at the new Process ID here we had the Process ID 30 five. Now we have 8315. Since all possible signals that we can send to the process with kill start with a sick. So sick for signal, the word or the string sick can even be omitted. So in principle, let me just use Pgrap again. So for example, pseudo kill and then we omit sick and only use term and then 8315. This also works, I think. Pgrap Nginx and we see we have a new Process ID.
So the kill process was successful and this process was automatically restarted by the first Nginx process. As already mentioned, the sick term signal is the standard kill signal that is always used. If no other signal is passed, that means we can of course also use this without a signal value. So just pseudo we have a new Process ID here. In this way we can also pass on all other further signals that we have here. Which signets are still important. Let me show the signal list again which of the signals are also important. Signal nine. So sick kill is important. We send this signal if sick term was not successful. Sick term gives the process the opportunity to terminate itself in an orderly manner.
But if the process has crashed, it may also no longer work. In this case, only sick kill will help. Sickkill ensures that the process is terminated immediately. No consideration is given here to whether the process is doing something in the background or something similar. And accordingly, please only use this signal if you can no longer close a process at all, we can simulate this again using Nginx, even if the result will be the same, namely that the process will be terminated. Pseudo kill and then thick kill 8326, pgrap, l and linux. And we see, as expected, that the 8326 is gone and we have a new process ID 8343. So it was killed correctly. Kill does not necessarily mean that process will always end.
It always depends on the signal that we are handing over. We can also pass a signal that simply ensures that a process is only stopped. That would be accordingly, for example, pseudo kill and then the signal sick stop and then 8343. Now the Nginx process has not been completely deleted or restarted or stopped. It has just been stopped. So stopped in a way that it is not completely stopped, so only paused. We can also see this in the fact that the process ID is still present. So Pgrap. L and Gen X. You see here it’s the same process ID. And additionally we can see it with top so top P and 8304 and 8343. And here we can see S stands for sleep. So the ndx is running, but it is waiting for something to do.
And the T here stands for stopped by job control signal. You can see that in the main page up top, what the T exactly means. I’ve written it down. It means stopped by job control signal. So in order to let the stopped process continue, we dial in again with pseudo kill and then the signal sick cont for signal continue and then 8343 and let’s check it again with top p 8343. And now you see here the S again not T anymore, but S. So it is running fine. There are two other important signals, namely sickhub and sick int. Show that again here sick up with the one and sick int with the two. And I will come back to these two at a later point in time, because in order to understand these signals, we have to discuss a few other things.
