So now you know how to switch back and forth between several processes that you've started from the command line. And you also know that there are lots of processes running all the time. So how do you list all of these programs? Well, you make use of the ps(1) command. This command has a lot of options, so we'll only cover the most important ones here. For a complete listing, see the man page for ps. Man pages are covered in-depth in Section 2.1.1.
Simply typing ps will get you a listing of the programs running on your terminal. This incudes the foreground processes (which include whatever shell you are using, and of course, ps itself). Also listed are backgrounded processes you may have running. Many times, that will be a very short listing:
Even though this is not a lot of processes, the information is very typical. You'll get the same columns using regular ps no matter how many processes are running. So what does it all mean?
Well, the PID is the process ID. All running processes are given a unique identifier which ranges between 1 and 32767. Each process is assigned the next free PID. When a process quits (or is killed, as you will see in the next section), it gives up its PID. When the max PID is reached, the next free one will wrap back around to the lowest free one.
The TTY column indicates which terminal the process is running on. Doing a plain ps will only list all the programs running on the current terminal, so all the processes give the same information in the TTY column. As you can see, both processes listed are running on ttyp0. This indicates that they are either running remotely or from an X terminal of some variety.
The TIME column indicated how much CPU time the process has been running. This is different from the actual amount of time that a process runs. Remember that Linux is a multitasking operating system. There are many processes running all the time, and these processes each get a small portion of the processor's time. So, the TIME column should show much less time for each process than it actually takes to run. If you see more than several minutes in the TIME column, it could mean that something is wrong.
Finally, the CMD column shows what the program actually is. It only lists the base name of the program, not any command line options or similar information. To get that information, you'll need to use one of the many options to ps. We'll discuss that shortly.
You can get a complete listing of the processes running on your system using the right combination of options. This will probably result in a long listing of processes (fifty-five on my laptop as I write this sentence), so I'll abbreviate the output:
% ps -ax PID TTY STAT TIME COMMAND 1 ? S 0:03 init  2 ? SW 0:13 [kflushd] 3 ? SW 0:14 [kupdate] 4 ? SW 0:00 [kpiod] 5 ? SW 0:17 [kswapd] 11 ? S 0:00 /sbin/kerneld 30 ? SW 0:01 [cardmgr] 50 ? S 0:00 /sbin/rpc.portmap 54 ? S 0:00 /usr/sbin/syslogd 57 ? S 0:00 /usr/sbin/klogd -c 3 59 ? S 0:00 /usr/sbin/inetd 61 ? S 0:04 /usr/local/sbin/sshd 63 ? S 0:00 /usr/sbin/rpc.mountd 65 ? S 0:00 /usr/sbin/rpc.nfsd 67 ? S 0:00 /usr/sbin/crond -l10 69 ? S 0:00 /usr/sbin/atd -b 15 -l 1 77 ? S 0:00 /usr/sbin/apmd 79 ? S 0:01 gpm -m /dev/mouse -t ps2 94 ? S 0:00 /usr/sbin/automount /auto file /etc/auto.misc 106 tty1 S 0:08 -bash 108 tty3 SW 0:00 [agetty] 109 tty4 SW 0:00 [agetty] 110 tty5 SW 0:00 [agetty] 111 tty6 SW 0:00 [agetty] [output cut]
Most of these processes are started at boot time on most systems. I've made a few modifications to my system, so your mileage will most likely vary. However, you will see most of these processes on your system too. As you can see, these options display command line options to the running processes. Recently, a kernel vulnerability in ptrace facilitated a fix which no longer shows command line options for many running processes. These are now listed in brackets like PIDs 108 through 110. It also brings up a few more columns and some other interesting output.
First, you'll notice that most of these processes are listed as running on tty “?”. Those are not attached to any particular terminal. This is most common with daemons, which are processes which run without attaching to any particular terminal. Common daemons are sendmail, BIND, apache, and NFS. They typically listen for some request from a client, and return information to it upon request.
Second, there is a new column: STAT. It shows the status of the process. S stands for sleeping: the process is waiting for something to happen. Z stands for a zombied process. A zombied processes is one whose parent has died, leaving the child processes behind. This is not a good thing. D stands for a process that has entered an uninterruptible sleep. Often, these processes refuse to die even when passed a SIGKILL. You can read more about SIGKILL later in the next section on kill . W stands for paging. A dead process is marked with an X. A process marked T is traced, or stopped. R means that the process is runable.
If you want to see even more information about the running processes, try this out:
% ps -aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 344 80 ? S Mar02 0:03 init  root 2 0.0 0.0 0 0 ? SW Mar02 0:13 [kflushd] root 3 0.0 0.0 0 0 ? SW Mar02 0:14 [kupdate] root 4 0.0 0.0 0 0 ? SW Mar02 0:00 [kpiod] root 5 0.0 0.0 0 0 ? SW Mar02 0:17 [kswapd] root 11 0.0 0.0 1044 44 ? S Mar02 0:00 /sbin/kerneld root 30 0.0 0.0 1160 0 ? SW Mar02 0:01 [cardmgr] bin 50 0.0 0.0 1076 120 ? S Mar02 0:00 /sbin/rpc.port root 54 0.0 0.1 1360 192 ? S Mar02 0:00 /usr/sbin/sysl root 57 0.0 0.1 1276 152 ? S Mar02 0:00 /usr/sbin/klog root 59 0.0 0.0 1332 60 ? S Mar02 0:00 /usr/sbin/inet root 61 0.0 0.2 1540 312 ? S Mar02 0:04 /usr/local/sbi root 63 0.0 0.0 1796 72 ? S Mar02 0:00 /usr/sbin/rpc. root 65 0.0 0.0 1812 68 ? S Mar02 0:00 /usr/sbin/rpc. root 67 0.0 0.2 1172 260 ? S Mar02 0:00 /usr/sbin/cron root 77 0.0 0.2 1048 316 ? S Mar02 0:00 /usr/sbin/apmd root 79 0.0 0.1 1100 152 ? S Mar02 0:01 gpm root 94 0.0 0.2 1396 280 ? S Mar02 0:00 /usr/sbin/auto chris 106 0.0 0.5 1820 680 tty1 S Mar02 0:08 -bash root 108 0.0 0.0 1048 0 tty3 SW Mar02 0:00 [agetty] root 109 0.0 0.0 1048 0 tty4 SW Mar02 0:00 [agetty] root 110 0.0 0.0 1048 0 tty5 SW Mar02 0:00 [agetty] root 111 0.0 0.0 1048 0 tty6 SW Mar02 0:00 [agetty] [output cut]
That's a whole lot of information. Basically, it adds information including what user started the process, how much of the system resources the process is using (the %CPU, %MEM, VSZ, and RSS columns), and on what date the process was started. Obviously, that's a lot of information that could come in handy for a system administrator. It also brings up another point: the information now goes off the edge of the screen so that you cannot see it all. The -w option will force ps to wrap long lines.
It's not terribly pretty, but it does the job. You've now got the complete listings for each process. There's even more information that you can display about each process. Check out the very in-depth man page for ps. However, the options shown above are the most popular ones and will be the ones you need to use the most often.