kb/processes ── Processes & resources ── beginner

Process and PID

A process is a running program with its own PID, memory, open descriptors, and UID. Every process forms a tree rooted at init (PID 1).

view as markdownaka: process, pid, ppid

What a process is

A process is a running instance of a program. It has:

PID (Process ID): a unique numeric identifier
PPID (Parent PID): who spawned it
UID/GID: whose identity it runs under (see file-permissions)
Virtual address space: heap, stack, mmaps, shared libraries
Open file descriptors (/proc/<pid>/fd/*)
Current working directory (cwd)
Control group (cgroups) and a set of namespaces that decide what it sees

fork + exec

A new process in Linux is always created by one of these pairs of system calls:

fork(): clone the current process. You get a child with the same code and state but a new PID
exec*(): replace the code and data in the current process with the contents of a binary; the PID stays the same

This is how the shell launches a command: fork() → the child does exec("/bin/ls"). The parent waits through wait().

The process tree

Every process descends from one: PID 1 (init, which on modern systems is systemd). If a parent dies before its child, the child is reparented to PID 1.

systemd

 ├─ sshd

 │   └─ sshd: alice@pts/0

 │       └─ bash

 │           └─ vim

 ├─ docker

 └─ ...

/proc/<pid>: the anatomy of a process

In Linux every live process is a directory /proc/<pid>/:

cmdline: what was in argv
exe → symlink to the binary
cwd → symlink to the CWD
fd/: all open file descriptors (as symbolic-link entries to their targets)
status: a card of metadata (UID, threads, memory)
cgroup: which cgroup the process is in
ns/: which namespaces it sees

Process states

R (Running/Runnable): on the CPU or in the CPU run queue
S (Sleeping): waiting for an event (interruptible: a signal can wake it)
D (Uninterruptible Sleep): waiting for I/O in kernel mode, cannot be interrupted. A high share of D usually means disk or NFS trouble, and it pulls load-average up
Z (Zombie): finished, but the parent has not called wait() yet. It holds a PID but no RAM
T (Stopped): suspended by signal SIGSTOP or Ctrl+Z

§ команды

bash

ps -ef | head

Every process in the system with PID, PPID, UID, and command

bash

ps -p $$ -o pid,ppid,comm,state

Information about the current shell ($$ = the shell's PID)

bash

pstree -p

The process tree with PIDs

bash

cat /proc/$$/status | head -10

The current shell's card from /proc

bash

ls -l /proc/self/fd/

Open file descriptors of the process (`self` always points at the reader)

§ см. также

§ упоминается в уроках

kb/processes ── Processes & resources ── beginner

Process and PID

A process is a running program with its own PID, memory, open descriptors, and UID. Every process forms a tree rooted at init (PID 1).

view as markdownaka: process, pid, ppid

What a process is

A process is a running instance of a program. It has:

PID (Process ID): a unique numeric identifier
PPID (Parent PID): who spawned it
UID/GID: whose identity it runs under (see file-permissions)
Virtual address space: heap, stack, mmaps, shared libraries
Open file descriptors (/proc/<pid>/fd/*)
Current working directory (cwd)
Control group (cgroups) and a set of namespaces that decide what it sees

fork + exec

A new process in Linux is always created by one of these pairs of system calls:

fork(): clone the current process. You get a child with the same code and state but a new PID
exec*(): replace the code and data in the current process with the contents of a binary; the PID stays the same

This is how the shell launches a command: fork() → the child does exec("/bin/ls"). The parent waits through wait().

The process tree

Every process descends from one: PID 1 (init, which on modern systems is systemd). If a parent dies before its child, the child is reparented to PID 1.

systemd

 ├─ sshd

 │   └─ sshd: alice@pts/0

 │       └─ bash

 │           └─ vim

 ├─ docker

 └─ ...

/proc/<pid>: the anatomy of a process

In Linux every live process is a directory /proc/<pid>/:

cmdline: what was in argv
exe → symlink to the binary
cwd → symlink to the CWD
fd/: all open file descriptors (as symbolic-link entries to their targets)
status: a card of metadata (UID, threads, memory)
cgroup: which cgroup the process is in
ns/: which namespaces it sees

Process states

R (Running/Runnable): on the CPU or in the CPU run queue
S (Sleeping): waiting for an event (interruptible: a signal can wake it)
D (Uninterruptible Sleep): waiting for I/O in kernel mode, cannot be interrupted. A high share of D usually means disk or NFS trouble, and it pulls load-average up
Z (Zombie): finished, but the parent has not called wait() yet. It holds a PID but no RAM
T (Stopped): suspended by signal SIGSTOP or Ctrl+Z

§ команды

bash

ps -ef | head

Every process in the system with PID, PPID, UID, and command

bash

ps -p $$ -o pid,ppid,comm,state

Information about the current shell ($$ = the shell's PID)

bash

pstree -p

The process tree with PIDs

bash

cat /proc/$$/status | head -10

The current shell's card from /proc

bash

ls -l /proc/self/fd/

Open file descriptors of the process (`self` always points at the reader)