As you may know, there are many programs in Linux, and all of them spawn one or several processes. Sometimes it is important to know the state of these processes. For example, you may be interested in how much memory they occupy, whether the system is overloaded, there are any errors that occur during an operation.
To properly navigate processes, you should learn how to parse a list of Linux processes. There are several ways to do it. In this topic, we will consider two of them: the proc folder and the ps command.
First, we will look at the proc file system, its structure, and where to find the information you need. Then, we will analyze the ps command.
What is proc
proc is a virtual folder that provides full detailed information about the system and lets you fine-tune many aspects of its configuration. For example, you may find out how much swap memory is currently being used, how large the processor cache size is, which kernel modules are loaded, how many disks or partitions are available, and so on.
Since proc is a virtual file system, it doesn't exist on disk or even in RAM. All subdirectories, files, and information stored in them are generated by the kernel at runtime. Therefore, any file from this folder contains new information each time.
The /proc directory is present on all Unix systems, regardless of distribution and architecture.
To get to the proc folder, type cd /proc in the console. If we list the folder content with ls -l command, we will see something like this:
dr-xr-xr-x 9 root root 0 Sep 1 00:08 99
dr-xr-xr-x 9 root root 0 Aug 31 16:17 991
dr-xr-xr-x 3 root root 0 Aug 31 16:17 acpi
dr-xr-xr-x 5 root root 0 Aug 31 16:17 asound
-r--r--r-- 1 root root 0 Sep 1 09:49 buddyinfoSo, we get the list of directories and files. You can switch to the proc directories and view their contents using the same cd and ls -l commands respectively. To view a file you can use the cat command, cat <filename>, since all the files are in a plain text format.
Almost all files are read-only, we can only receive information from them. But there are also writable ones, in particular /proc/sys with which you can configure various kernel parameters.
Next, we will take a closer look at what directories are in /proc and which of them contain information about the processes.
Directories types
As you may have noticed above, the directories in the proc folder are named differently. The directory name consists of either letters or numbers. Let's see what that means.
The directories and files with letter names contain general information about the system and its devices. In the proc documentation you can find more specific information about them.
The directories with numbers as names represent processes you may need to track. The numbers stand for their PIDs. Inside these directories, there are various pseudo-files with information about processes and the environment associated with them. To get information about a process state from such a directory you should read the /proc/PID/status file. As the result, you will see, for example, the process command name, and its id, state, memory size, and so on.
Also, information about processes can be obtained using the ps command; we will analyze it below.
What is ps
There is a lot of information in the proc folder, and it requires a lot of time to navigate. To speed things up, it is easier to use special utilities.
The ps command is one of the frequently used utilities for viewing the list of processes in Linux. It takes information from the proc folder and gives out an abbreviated version of that data.
The easiest way to see a list of processes running in the current shell command is to use the ps command without parameters:
$ ps
PID TTY TIME CMD
26627 pts/1 00:00:00 bash
26653 pts/1 00:00:00 psSo, now we see the table where:
PID is the process identifier,
TTY displays the number of a terminal,
TIME is the total process execution time (user + system),
CMD is the command that started the process. If the program cannot read the arguments of the process, it will be displayed in square brackets.
To learn more, we need to use parameters.
ps parameters
In order to view all processes, add the -e option, and for the most detailed information, add the -F option:
$ ps -eF
UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
root 1 0 0 56515 7392 3 Aug31 ? 00:00:52 /sbin/init splas
root 2 0 0 0 0 2 Aug31 ? 00:00:00 [kthreadd]
root 4 2 0 0 0 0 Aug31 ? 00:00:00 [kworker/0:0H]
root 6 2 0 0 0 0 Aug31 ? 00:00:00 [mm_percpu_wq]As a result, we get a table where the most informative columns among those described above are:
UID, the user name,
RSS, the real size that the process occupies in memory,
STIME, the time when the process was started.
Also, you may use the -f option for this purpose. The result will be almost the same but it will exclude SZ, RSS, and PSR columns.
To view the list of processes with threads, use the -efL options combination:
$ ps -efL
UID PID PPID LWP C NLWP STIME TTY TIME CMD
root 1 0 1 0 1 Aug31 ? 00:00:57 /sbin/init splash
root 2 0 2 0 1 Aug31 ? 00:00:00 [kthreadd]This way the following columns will be added:
LWP, which is short for LightWeight Process, i.e. Stream ID,
NLWP, which is the number of threads for this process.
These are the most informative options of the ps command; to deal with other parameters and columns, use, for example, the man ps command.
Conclusion
To sum up, we have analyzed two ways for you to track processes in Linux and get the information you need on them. The first way is to look through the proc folder and learn how to navigate it. The second way is to use the ps utility, which works on a proc basis.