Process and Service Management
When any command is run on the Linux system, a resulting
process is created to carry out the requested work for that
command. Some commands start and complete so quickly they seem
instant, others may start when the system is booted and run until
it shuts down.
Services are processes, often started when the system starts
up, that run in the background in order to provide some additional
functionality. These are often called daemons (pronounced like
demon) and provide facilities such as SSH, email and automatic
mounting of disks.
Examining Running Processes
The first step to managing processes
is being able to identify what processes are running. Even if the
system has just been started up and nothing else, there will be
dozens of processes running. These are mostly daemons started
from the init scripts at system startup. Daemons will be covered
in further detail later in this chapter.
Several attributes are tracked for each process running on the
system. When it is started, each process receives a process
number to uniquely identify it on the system. The owner and the
process number of the process that starts it (the parent process)
is are also tracked as well as the start time.
The ps commandis used to
report the processes currently running on the system. If no
options are given, ps reports minimal information on processes
owned by the current user. To get more information, the -e and -f
options may be used. The -e option
requests every process and the -f option is for full information
on processes listed. These may be combined as '??ef, causing all
running processes to be reported in a long output format.
$ ps -ef
UID
PID PPID C STIME TTY TIME CMD
root 1 0 0 06:45 ? 00:00:12 init [3]
root 2 1 0 06:45 ? 00:00:00 [migration/0]
root 3 1 0 06:45 ? 00:00:00 [ksoftirqd/0]
...
oracle 2718 2716 0 06:50 ? 00:00:00 sshd:
oracle@pts/0
oracle 2719 2718 0 06:50 pts/0 00:00:00 -bash
root 2897 2361 0 07:14 ? 00:00:00 sshd: oracle [priv]
oracle 2899 2897 0 07:14 ? 00:00:00 sshd:
oracle@pts/1
oracle 2900 2899 0 07:14 pts/1 00:00:00 -bash
oracle 2967 2900 0 07:20 pts/1 00:00:00 ps -ef
All running processes are reported, from the init
process which is the first process started on the system right up
to the ps command you are running to report the running
processes. There can easily be hundreds or thousands of processes
running on a system, so you will typically want to restrict which
processes you see.
Each line of the ps output represents a currently running
process. With the -f option,
the following attributes are displayed:
Column label |
Value |
UID |
The owner of this process |
PID |
The unique process ID for this process |
PPID |
The process ID of the parent to this process
(the process that started this process) |
C |
The percentage of CPU time used by this process
since it was started |
STIME |
The time (and date if before today) that this
process was started |
TTY |
The terminal associated with this process (if
any) |
TIME |
The total time this process has spent being
processed |
CMD |
The command and arguments executed |
Table 10.1: Attributes with the '??f option
There are several options to change the output format of the ps
command, but for most purposes, the standard -f output is
sufficient.
WARNING: Commands and
arguments can be viewed by any user on the system, so it is
important not to reveal any passwords or other sensitive
information in command names or arguments.
One way to restrict the output of the ps command is to use the
-u option which causes ps to
report on a specific user's processes. It is shown here with the
-f option to give additional information about each process.
$ ps -fu oracle
UID
PID PPID C STIME TTY TIME CMD
oracle 2718 2716 0 06:50 ? 00:00:00 sshd:
oracle@pts/0
oracle 2719 2718 0 06:50 pts/0 00:00:00 -bash
oracle 2899 2897 0 07:14 ? 00:00:00 sshd:
oracle@pts/1
oracle 2900 2899 0 07:14 pts/1 00:00:00 -bash
oracle 3079 2900 0 07:40 pts/1 00:00:00 -bash
oracle 3122 3079 0 07:40 pts/1 00:00:00 -bash
oracle 3172 3122 0 07:40 pts/1 00:00:00 sqlplus
oracle 3179 1 0 07:41 ? 00:00:00 ora_pmon_TEST
oracle 3181 1 1 07:41 ? 00:00:00 ora_vktm_TEST
oracle 3185 1 0 07:41 ? 00:00:00 ora_diag_TEST
oracle 3187 1 0 07:41 ? 00:00:00 ora_dbrm_TEST
oracle 3189 1 0 07:41 ? 00:00:00 ora_psp0_TEST
oracle 3193 1 0 07:41 ? 00:00:00 ora_dia0_TEST
oracle 3195 1 1 07:41 ? 00:00:00 ora_mman_TEST
oracle 3197 1 0 07:41 ? 00:00:00 ora_dbw0_TEST
oracle 3201 1 0 07:41 ? 00:00:00 ora_lgwr_TEST
oracle 3203 1 0 07:41 ? 00:00:00 ora_ckpt_TEST
oracle 3205 1 1 07:41 ? 00:00:00 ora_smon_TEST
oracle 3207 1 0 07:41 ? 00:00:00 ora_reco_TEST
oracle 3209 1 2 07:41 ? 00:00:00 ora_mmon_TEST
oracle 3211 1 0 07:41 ? 00:00:00 ora_mmnl_TEST
oracle 3213 1 0 07:41 ? 00:00:00 ora_d000_TEST
oracle 3215 1 0 07:41 ? 00:00:00 ora_s000_TEST
oracle 3222 3172 11 07:41 ? 00:00:01 oracleTEST
(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))
oracle 3224 1 1 07:41 ? 00:00:00 ora_fbda_TEST
oracle 3226 1 0 07:41 ? 00:00:00 ora_smco_TEST
oracle 3228 1 1 07:41 ? 00:00:00 ora_qmnc_TEST
oracle 3230 1 1 07:41 ? 00:00:00 ora_w000_TEST
oracle 3234 2719 0 07:41 pts/0 00:00:00 ps -fu oracle