Processes are tasks or program that is running, these processes might as well be a daemon (background task). In this guide, you will learn how to determine the process running on your system, as well as some other useful nuggets.
First, fire up your console and issue the ps command (Note that I am issuing the command over an SSH, so, the output would differ if you are running it using an actual virtual terminal, more explanation below):
ps
Output
user@devsrealm:~$ ps PID TTY TIME CMD 1346 pts/0 00:00:00 bash 1387 pts/0 00:00:00 ps user@devsrealm:~$
When you execute the ps command, it will show a list of processes run by the user that called the command, in the above example, I have bash session and the ps itself.
Let's try switching the current user to root while running the ps command again:
sudo su - ps
Output
root@devsrealm:~# sudo su - root@devsrealm:~# ps PID TTY TIME CMD 1420 pts/0 00:00:00 sudo 1421 pts/0 00:00:00 su 1422 pts/0 00:00:00 bash 1457 pts/0 00:00:00 ps root@devsrealm:~#
You can see when I switched the user to the root user, it has more running processes, in this case, we have the sudo and the su session running, let's learn the meaning of those outputs:
On the left side we have the PID's and the TTY, while on the right side, we have the time and the CMD, starting with PID:
PID
PID, which is also known as the Process ID is a number assigned to a given process on your system, while humans can easily reference a process by name (e.g bash), the system knows processes by their ID, so, each program you open is given a different PID.
Another way you can find the PID of a process if you know the name is using the pidof command. for example, to find the PID of sudo, you run the following command:
pidof sudo
Which would output 1420, same as the one we saw when we executed the ps command.
Note that pidof would only show the pid if the program or process is currently running.
TTY/PTS
The TTY tells us which TTY the process is attached to. Not too dive too deep into the meaning of tty, the tty is your terminal and is used for text-based input and output, in fact, you are currently working on a terminal, for example, if I log in directly to the virtual console (not via ssh, but your actual server terminal), you'll see the tty you are currently logged in to:
Now, if you try using Ctrl + Alt F(1-6), you will see a new instance of a virtual terminal, which are independent of one another and can contain their own running processes. This is similar to offering a multi-user environment and up to six users can work on them at the same time.
For simplicity, If I press Ctrl + Alt + F2, I'll be taken to a new instance of the virtual terminal (tty2):
By pressing Ctrl + Alt + F1, I will be taken back to the first virtual terminal (tty1):
If you try to run the ps command again, you'll see any process you start on those TTYs show up in the output as a tty session, for example:
If you are connected over an SSH, the tty section would be different, and you would instead see something similar as below:
The pts stands for a pseudo-terminal slave, the simplest way I understand pts is that they aren't an actual terminal, but a terminal emulator that can perform most thing you can do on an actual terminal such reading and displaying data.
TIME
The time is the amount of CPU time in hours, minutes and seconds the process has been running, however, if you are a curious soul like me, you might have been pondering why the time never goes above 00:00:00. The thing is, a process that shows time 0 means a tiny bit of CPU time has been utilized, for example, a process could have .003 seconds of actual CPU usage, so, the system would round that to Zero (0).
What if we could simulate a process that runs indefinitely, so, we can know if the CPU time is actually been utilized, fortunately, there is a command name yes which repeatedly outputs a line with all specified STRING(s) or 'y' until killed, run the following command, and keep issuing ps command, for example:
yes > /dev/null &
yes command can also be used for maxing out your CPU core if not stopped or killed, it would keep incrementing the time value, which will reflect the total CPU time allotted for yes.
Use kill + number of PID to kill the yes process. (e.g kill 2223).
CMD
CMD is the name of the command that launched the process.
Going on...
Adding an a or au option to the ps command would show you more detailed information about processes, for example, if you use the au variation:
ps au
Output
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 997 0.0 0.0 14888 1916 tty1 Ss+ Mar27 0:00 /sbin/agetty -o -p -- u --noclear tty1 lin
pascal 2369 0.0 0.2 21468 5176 pts/0 Ss Mar27 0:00 -bash
pascal 2444 0.0 0.1 36076 3144 pts/0 R+ 00:56 0:00 ps au
This would show the process for both the root user and the current user, and some information about the memory been used, the CPU and more.
To check all running process, whether it is a pseudo-terminal slave or a tty, you can issue the following command:
ps aux
This would show you a long list of running processes including system-level processes. To find a specific process, for example, let's say you want to see a list of all ssh processes, you can execute the following command:
ps aux | grep ssh
This would pipe the output into grep:
root 979 0.0 0.2 72300 5584 ? Ss Mar27 0:00 /usr/sbin/sshd -D root 2250 0.0 0.3 112156 7136 ? Ss Mar27 0:00 sshd: pascal [priv] pascal 2368 0.0 0.2 112156 4612 ? S Mar27 0:00 sshd: pascal@pts/0 pascal 2450 0.0 0.0 13136 1052 pts/0 S+ 01:03 0:00 grep --color=auto ssh
As you can see, it looks for lines of output that strings ssh.
To display or sort the processes that utilize more CPU, you can issue the following command:
ps aux --sort -pcpu
To shorten the output to a minimum lines, you can use the head option, for example, the following command would only list the top 3 processes that are using the most CPU:
ps aux --sort -pcpu | head -n 3
To sort by most used memory, use the following instead:
ps aux --sort -pmem | head -n 3
If you want to change the layout of how the information is structured, say, you want the output info to only display relevant headings, you can use the -eo flag along with the name of the heading you want to display, for example, if I want to display only the command and CPU output, I would use the following command:
ps -eo comm,pcpu --sort -pcpu | head -3
or to include the memory heading:
ps -eo comm,pcpu --sort -pcpu | head -3
There are more examples you can try out when you consult the man page, see you in future guides ;)