The ps command in Linux generates a list of all running processes and their attributes.
There was a time in Linux when two versions of the ps command coexisted in different distributions. Not long ago, the developers decided to combine the two versions of PS into a single version, but left the options of both different versions coexisting.
Thus, when entering a parameter in the PS, the results will be different:
There is no right or wrong, just historical preference.
The most common options for ps are:
See the ps command help for more options.
In this example, PS only shows the processes of the user logged in and connected to the terminal:
$ ps PID TTY TIME CMD 1415 pts/0 00:00:00 ps 30019 pts/0 00:00:00 bash
To show all processes for all users connected to a terminal:
$ ps to
PID TTY STAT TIME COMMAND
1628 pts/0 R+ 0:00 ps to
3297 tty1 Ss+ 0:00 /sbin/agetty --noclear tty1 linux
27159 pts/0 T 0:00 sudo find/-iname backup.sh
Notice how the “-a” option is different from the “a”:
$ ps -a PID TTY TIME CMD 1675 pts/0 00:00:00 ps 27159 pts/0 00:00:00 sudo 27160 pts/0 00:00:00 find
The “u” option adds some process attributes:
$ ps au
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 3297 0.0 0.0 121336 1600 tty1 Ss+ ago15 0:00 /sbin/ agetty --noclear tty1 Linux
root 3298 0.0 0.1 120984 2064 ttyS0 Ss+ ago15 0:00 /sbin/agetty --keep-baud 115200,38400,9600
ec2-user 3414 0.0 0.1 164440 4032 pts/0 R+ 18:38 0:00 ps au
root 27159 0.0 0.3 216984 6608 pts/0 T 17:46 0:00 sudo find/-iname backup.sh
root 27160 0.0 0.1 128308 3944 pts/0 T 17:46 0:00 find/-iname backup.sh
ec2- user 30019 0.0 0.2 127120 4348 pts/0 Ss 14:48 0:00 -bash
To get a complete list of running processes, not just those that are connected to the terminal, add the “x” option:
$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.2 199452 4968? If ago15 9:23 /usr/lib/systemd/systemd --switched-root --
root 2 0.0 0.0 0 0? And ago15 12:00 [kthreadd]
(...)
ec2-user 30018 0.0 0.2 152864 4384? S 14:48 0:00 sshd: ec2-user @pts /0
ec2-user 30019 0.0 0.2 127120 4348 pts/0 Ss 14:48 0:00 -bash
postfix 30391 0.0 0.3 90536 6928? S 18:06 0:00 pickup -l -t unix -u
Processes whose commands are wrapped in keys, such as in the [ktheradd] highlight, indicate that they were removed from RAM and placed in virtual disk memory. When processes are in virtual disk memory, they are referred to as sleeping.
The Kernel often puts processes to sleep while they are waiting for an event, which may be, for example, loading data from the disk, or a network connection. When the event is triggered, the Kernel sends a signal to the process.
The “eFH” options show all processes, with their hierarchy in the form of a tree:
$ ps -eFh
UID PID PPID C ESTIMATE TTY TIME CMD
root 3252 1 0 Aug15? 00:00:00 /usr/sbin/sshd -D
root 29998 3252 0 14:48? 00:00:00 sshd: ec2-user [priv]
ec2-user 30018 29998 0 14:48? 00:00:00 sshd: ec2-user @pts /0
It is possible to play with the commands, such as, for example, knowing which processes consume the most CPU:
$ ps aux | sort -nrk 3.3 | head -n 5
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
nginx 3342 0.2 1.6 426976 34048? On Aug 15 133:04 amplify-agent
rpc 2729 0.0 0.1 73828 3276? If ago15 0:02 /sbin/rpcbind -w
root 9421 0.0 0.0 0 0? I set13 0:01 [kworker/u 30:1]
root 9 0.0 0.0 0 0? On Aug 15 12:00 [rcu_bh]
A very interesting option for programmers is to see the processes running ordered by memory consumption. To do this, simply change the sort column to 4:
$ ps -aux | sort -nk 4 | head -5
chrony 745 0.0 0.0 80736 2988? If mar17 00:52 /usr/sbin/chronyd
dbus 727 0.0 0.0 8872 3668? If mar17 12:10 /usr/bin/dbus-daemon --system
ec2-user 24036 0.0 0.0 21720 5108? S 11:37 0:01 sshd: ec2-user @pts /0
ec2-user 24037 0.0 0.0 117164 6248 pts/0 Ss 11:37 0:00 -bash
ec2-user 32446 0.0 0.0 118552 3448 pts/0 R+ 16:51 0:00 ps -aux
Regardless of how you want to view the processes running, some attributes are important for a Linux administrator, such as:
It’s impossible to run a program on Linux without it having an owner user. This means that the program will have the disk access permissions and resources of the user who ran the program. This notion is important because it is possible to execute a program as another user other than the logged-in user.
Every running program is assigned a unique numeric ID. This number can be used to send signals to the running program.
Every program except init or systemd has a parent process that originated its execution. It is common for a server program, for example, to have a parent process (master) and several processes or threads (children).
Threads can be understood as pieces of the program that execute as if they were child processes, but are lighter, since they share a lot with the parent process. This technology is widely used in processors with several cores (cores) to allow several threads to run at the same time.
Each process gains a share of CPU time, which can be counted, and serves as a parameter for the administrator to know which processes consume a lot of CPU.
Each running process also gains a share of RAM, which can also be counted to let the administrator know the processes that consume a lot of RAM
Each process is also attributed to the time at which it was executed.
Each process also has as its attribute the CPU time accumulated during its execution.
The processes also maintain an attribute, which is the command line that was used in the execution.
Each process may or may not have an associated Terminal. As a curiosity, what the ps command actually does is to scan some information from the /proc directory. Take the sshd process as an example:
$ ps aux | grep ssh
root 3252 0.0 0.3 112928 7848? It's ago15 12:00 /usr/sbin/sshd -D
If we look at the /proc directory, it will have a subdirectory with the number 3252, which corresponds to the PID of the sshd program:
# cd /proc/3252
# ls
attr coredump_filter gid_map mem oom_adj root stack timerslack_ns
autogroup cpuset & nbsp; io mountinfo oom_score sched stat uid_map
auxv cwd latency mounts & nbsp; oom_score_adj schedulstat statm wchan
cgroup environ limits mountstats pagemap sessionid status
clear_refs exe ; loginuid net patch_state setgroups syscall
cmdline fd map_files ns personality smaps & nbsp; task
com dinfo maps numa_maps project_map smaps_rollup timers
For example, the program’s command line with PID 3252 can be consulted with a simple cat:
# cat cmdline /usr/sbin/sshd-d
Various information about a process can be viewed in the /proc/ directory [PID number]. The ps utility only organizes the information for a more humane reading.
The sudo command on Linux executes a given command as if it were another user.…
The ss command on Linux is extremely useful for investigating sockets, providing various information about…
Free Linux command shows the amount of total memory in use and available, as well…
The shell has structures for testing conditions and executing certain program sequences several times (loop),…
The /etc/fstab file stores the configuration of which devices should be mounted and what is…
The Netcat Command in Linux or nc is a utility used to do “almost anything”…
This website uses cookies.