11.3 ps

So now you know how to switch back and forth between several processes that you've started from the command line. And you also know that there are lots of processes running all the time. So how do you list all of these programs? Well, you make use of the ps(1) command. This command has a lot of options, so we'll only cover the most important ones here. For a complete listing, see the man page for ps. Man pages are covered in-depth in Section 2.1.1.

Simply typing ps will get you a listing of the programs running on your terminal. This incudes the foreground processes (which include whatever shell you are using, and of course, ps itself). Also listed are backgrounded processes you may have running. Many times, that will be a very short listing:

Figure 11-1. Basic ps output

% ps
   PID TTY          TIME CMD
  7923 ttyp0    00:00:00 bash
  8059 ttyp0    00:00:00 ps

Even though this is not a lot of processes, the information is very typical. You'll get the same columns using regular ps no matter how many processes are running. So what does it all mean?

Well, the PID is the process ID. All running processes are given a unique identifier which ranges between 1 and 32767. Each process is assigned the next free PID. When a process quits (or is killed, as you will see in the next section), it gives up its PID. When the max PID is reached, the next free one will wrap back around to the lowest free one.

The TTY column indicates which terminal the process is running on. Doing a plain ps will only list all the programs running on the current terminal, so all the processes give the same information in the TTY column. As you can see, both processes listed are running on ttyp0. This indicates that they are either running remotely or from an X terminal of some variety.

The TIME column indicated how much CPU time the process has been running. This is different from the actual amount of time that a process runs. Remember that Linux is a multitasking operating system. There are many processes running all the time, and these processes each get a small portion of the processor's time. So, the TIME column should show much less time for each process than it actually takes to run. If you see more than several minutes in the TIME column, it could mean that something is wrong.

Finally, the CMD column shows what the program actually is. It only lists the base name of the program, not any command line options or similar information. To get that information, you'll need to use one of the many options to ps. We'll discuss that shortly.

You can get a complete listing of the processes running on your system using the right combination of options. This will probably result in a long listing of processes (fifty-five on my laptop as I write this sentence), so I'll abbreviate the output:

% ps -ax
   1 ?        S      0:03 init [3]
   2 ?        SW     0:13 [kflushd]
   3 ?        SW     0:14 [kupdate]
   4 ?        SW     0:00 [kpiod]
   5 ?        SW     0:17 [kswapd]
  11 ?        S      0:00 /sbin/kerneld
  30 ?        SW     0:01 [cardmgr]
  50 ?        S      0:00 /sbin/rpc.portmap
  54 ?        S      0:00 /usr/sbin/syslogd
  57 ?        S      0:00 /usr/sbin/klogd -c 3
  59 ?        S      0:00 /usr/sbin/inetd
  61 ?        S      0:04 /usr/local/sbin/sshd
  63 ?        S      0:00 /usr/sbin/rpc.mountd
  65 ?        S      0:00 /usr/sbin/rpc.nfsd
  67 ?        S      0:00 /usr/sbin/crond -l10
  69 ?        S      0:00 /usr/sbin/atd -b 15 -l 1
  77 ?        S      0:00 /usr/sbin/apmd
  79 ?        S      0:01 gpm -m /dev/mouse -t ps2
  94 ?        S      0:00 /usr/sbin/automount /auto file /etc/auto.misc
 106 tty1     S      0:08 -bash
 108 tty3     SW     0:00 [agetty]
 109 tty4     SW     0:00 [agetty]
 110 tty5     SW     0:00 [agetty]
 111 tty6     SW     0:00 [agetty]
 [output cut]

Most of these processes are started at boot time on most systems. I've made a few modifications to my system, so your mileage will most likely vary. However, you will see most of these processes on your system too. As you can see, these options display command line options to the running processes. Recently, a kernel vulnerability in ptrace facilitated a fix which no longer shows command line options for many running processes. These are now listed in brackets like PIDs 108 through 110. It also brings up a few more columns and some other interesting output.

First, you'll notice that most of these processes are listed as running on tty “?”. Those are not attached to any particular terminal. This is most common with daemons, which are processes which run without attaching to any particular terminal. Common daemons are sendmail, BIND, apache, and NFS. They typically listen for some request from a client, and return information to it upon request.

Second, there is a new column: STAT. It shows the status of the process. S stands for sleeping: the process is waiting for something to happen. Z stands for a zombied process. A zombied processes is one whose parent has died, leaving the child processes behind. This is not a good thing. D stands for a process that has entered an uninterruptible sleep. Often, these processes refuse to die even when passed a SIGKILL. You can read more about SIGKILL later in the next section on kill . W stands for paging. A dead process is marked with an X. A process marked T is traced, or stopped. R means that the process is runable.

If you want to see even more information about the running processes, try this out:

% ps -aux
 root         1  0.0  0.0   344   80 ?        S    Mar02   0:03 init [3]
 root         2  0.0  0.0     0    0 ?        SW   Mar02   0:13 [kflushd]
 root         3  0.0  0.0     0    0 ?        SW   Mar02   0:14 [kupdate]
 root         4  0.0  0.0     0    0 ?        SW   Mar02   0:00 [kpiod]
 root         5  0.0  0.0     0    0 ?        SW   Mar02   0:17 [kswapd]
 root        11  0.0  0.0  1044   44 ?        S    Mar02   0:00 /sbin/kerneld
 root        30  0.0  0.0  1160    0 ?        SW   Mar02   0:01 [cardmgr]
 bin         50  0.0  0.0  1076  120 ?        S    Mar02   0:00 /sbin/rpc.port
 root        54  0.0  0.1  1360  192 ?        S    Mar02   0:00 /usr/sbin/sysl
 root        57  0.0  0.1  1276  152 ?        S    Mar02   0:00 /usr/sbin/klog
 root        59  0.0  0.0  1332   60 ?        S    Mar02   0:00 /usr/sbin/inet
 root        61  0.0  0.2  1540  312 ?        S    Mar02   0:04 /usr/local/sbi
 root        63  0.0  0.0  1796   72 ?        S    Mar02   0:00 /usr/sbin/rpc.
 root        65  0.0  0.0  1812   68 ?        S    Mar02   0:00 /usr/sbin/rpc.
 root        67  0.0  0.2  1172  260 ?        S    Mar02   0:00 /usr/sbin/cron
 root        77  0.0  0.2  1048  316 ?        S    Mar02   0:00 /usr/sbin/apmd
 root        79  0.0  0.1  1100  152 ?        S    Mar02   0:01 gpm
 root        94  0.0  0.2  1396  280 ?        S    Mar02   0:00 /usr/sbin/auto
 chris      106  0.0  0.5  1820  680 tty1     S    Mar02   0:08 -bash
 root       108  0.0  0.0  1048    0 tty3     SW   Mar02   0:00 [agetty]
 root       109  0.0  0.0  1048    0 tty4     SW   Mar02   0:00 [agetty]
 root       110  0.0  0.0  1048    0 tty5     SW   Mar02   0:00 [agetty]
 root       111  0.0  0.0  1048    0 tty6     SW   Mar02   0:00 [agetty]
 [output cut]

That's a whole lot of information. Basically, it adds information including what user started the process, how much of the system resources the process is using (the %CPU, %MEM, VSZ, and RSS columns), and on what date the process was started. Obviously, that's a lot of information that could come in handy for a system administrator. It also brings up another point: the information now goes off the edge of the screen so that you cannot see it all. The -w option will force ps to wrap long lines.

It's not terribly pretty, but it does the job. You've now got the complete listings for each process. There's even more information that you can display about each process. Check out the very in-depth man page for ps. However, the options shown above are the most popular ones and will be the ones you need to use the most often.