Skip to main content

Learn Linux

Chapter #5: Linux Process Management: ps, top, kill, nice & More

In this chapter, you'll learn what Linux processes are, how they're created and managed by the system, and how to interact with them using essential commands like ps, top, kill, nice, and renice.

Chapter #5: Linux Process Management: ps, top, kill, nice & More
Complete Guide to Linux Process Monitoring and Prioritization

In the previous chapter, you learned how to search, identify, and interact with files in a Linux system - a vital skill for navigating large or complex directory structures.

You now know how to locate files based on names, permissions, ownership, size, and more. You even learned how to take actions on matching files, like updating timestamps or checking file types - all without ever opening them.

But what happens when those files run? Or more importantly, what’s actually happening behind the scenes when you launch a program, execute a script, or even just open a terminal?

That’s where processes come in.

What is a Process?

A process is a running instance of a program. Every time you launch an application, start a command, or run a background service, Linux spawns a process.

Processes are at the heart of how Linux (and all operating systems) work - they use system resources, execute code, and can be controlled, monitored, or even terminated by users or other programs.

What You’ll Learn in This Chapter

In this chapter, we’ll take a deep dive into Linux processes - what they are, how they behave, and how you can manage them like a pro.

Here’s what you’ll explore:

  • What exactly is a process, and how does Linux treat it?
  • The special class of background services known as daemons.
  • How processes interact with each other and the system using signals (like SIGTERM or SIGKILL).
  • How to use essential commands like:
    • ps - to list currently running processes
    • top - to monitor system resource usage in real time
    • nice and renice - to manage process priority levels
    • kill and killall - to stop runaway or unwanted processes
  • Hands-on exercises to reinforce your understanding.

The Process Lifecycle in Linux: Start, Run, Terminate

Every program that runs on our Linux system is a process. The normal life cycle of a process includes starting, executing, and dying, and is automatically managed by the kernel, without need for user intervention.

However, once in a while one (or more) of the following exceptions may occur:

  • The process dies due to a known or an unknown reason and needs to be restarted.
  • The process β€œruns wild” and consumes system resources at an abnormal level and needs to be terminated.
  • The process needs to be restarted in order for it to reread its configuration file after it has been modified.

Knowing how to handle those situations is at the very center of the Linux administration skills that every system administrator needs to posses.

To begin, let’s introduce the following concepts related with processes:

  • Every process has a number assigned to it when it starts. It is called Process ID (PID) and is an integer unique among all running processes.
  • Processes must have associated privileges, and a process’ UID (User ID) and GID (Group ID) are associated with the user who started it, and only have access to the system resources owned by it and also others, depending on the file permissions.
  • The first process started by the kernel at boot time is a program called systemd. This process has PID 1 and is the parent process of all other processes on the system. The parent process ID (PPID) is the PID of the process that created the process in question.

At any time, there could be tens or even hundreds of processes running on our Linux system. Monitoring these processes is done using three convenient tools: ps, pstree, and top.

Reporting Current Processes with ps

The ps command allows us to take a snapshot of processes currently running on our system. Depending on the options used, it can return different types of information as we will see in the examples.

Without options, ps will list the processes owned by the current user. On the other hand, it is important to note that you can combine several options into one. For example, instead of typing ps -e -f you can do ps -ef.

To display the full list of processes using the standard format, do ps -ef as shown in the following image where the output has been truncated for the sake of brevity:

Snapshots of Running Processes in Linux

In the above image, the TIME column indicates the accumulated CPU time used by the process. You’ll learn the meaning of the other columns in the Exercises section in this chapter.

It is important to note that you can filter the output of ps -ef using a pipeline followed by the grep command and a filter pattern.

For example, to display all the processes with the word firefox in the associated command, do: