UNIX Tutorial

11. Viewing processes

Commands covered in this section:   ps, grep, top

The basic unit of execution in UNIX (and many other operating systems) is called a process. In the "Redirecting input and output" section of the tutorial, you were asked to think of a process as a program you run from the shell. This is not far from the truth in most cases. What you think of as a program often consists of a single process. Your login shell and all the commands you've used in this tutorial run as single processes. In some cases, however, what you think of as a single program (e.g., a web or database server) actually consists of multiple processes communicating with each other. In this section, you will learn how to list the processes currently running on the system using the ps and top commands. In the next section, you'll learn how to manipulate processes.

Exercise 11.1

Use the ps command to see the processes associated with the current shell.

$ ps
  PID TTY      TIME     CMD
 8085 pts/15   00:00:00 bash

Until you've learned how to run processes in the background (covered in the next section), the output of ps is not terribly interesting, since there are no other processes besides the shell itself to display. However, by adding some options to ps, we can make things a bit more interesting. The "-e" option tells ps to list all processes running on the system, not just those associated with the current shell. The "-f" option creates a full listing, which includes more information about each process.

The pipe construct is very powerful, because it allows the user to join several small programs to create a custom tool to solve the problem at hand. This often leads to uses that the developers never imaged while creating the individual programs. We'll use another example to illustrate this idea further.

Exercise 11.2

Use ps -ef to get a full listing of all processes on the system. Since there are generally many processes to be listed, you'll want to pipe the output into a pager, such as more. 

$ ps -ef | more
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 Jan22 ?        00:00:38 /sbin/init
root         2     0  0 Jan22 ?        00:00:00 [kthreadd]
root         3     2  0 Jan22 ?        00:00:12 [ksoftirqd/0]
root         5     2  0 Jan22 ?        00:00:00 [kworker/0:0H]
root         6     2  0 Jan22 ?        00:00:02 [kworker/u:0]
root         7     2  0 Jan22 ?        00:00:00 [kworker/u:0H]
root         8     2  0 Jan22 ?        00:00:20 [migration/0]
root         9     2  0 Jan22 ?        00:00:08 [watchdog/0]
.            .     .  . .     .        .        .
.            .     .  . .     .        .        .
.            .     .  . .     .        .        .

The ps command under most versions of BSD requires different arguments to produce a full listing. Instead of "ps -ef", you would enter "ps aux". Linux and many versions of UNIX support both the standard UNIX arguments (with a "-") and the BSD-style arguments (without a "-"). The output of ps varies somewhat between UNIX versions, but you will generally see something similar to the output shown above. Table 11.1 shows the meaning of each field displayed in the full listing for ps in the last exercise.

Table 11.1
field description
UID the user who owns the process
PID the process id, a unique identifier assigned to each process
PPID the parent process id, the process that spawned the current process
C this field is obsolete
STIME the start time for the current process
TTY the controlling terminal for the current process
TIME the amount of CPU time accumulated by the current process
CMD the command used to invoke the process

In some cases, you may want to restrict the listing to a few processes — perhaps all processes belonging to a given user, or all occurrences of a certain program. You can use the grep command to do the filtering. It prints lines matching a specified pattern in its input while discarding lines that don't match.

Exercise 11.3

Create a pipeline using ps -ef to get a full listing of all processes and grep look for all occurrences of the pine e-mail program.

$ ps -ef | grep pine
  boris 12089  7171  0 22:27:36 pts/2    0:00 grep pine
sherman  5183  5178  0 20:14:09 pts/3    0:03 pine
peabody 25996 25985  0 08:18:04 pts/14   0:01 pine
natasha 27244 17083  0 17:43:27 pts/15   0:02 pine
  rocky  8009  8879  0 21:09:36 pts/6    0:00 pine

The top program also lists processes, but adds the ability to sort by various criteria (CPU utilization by default) and provides a continuously updated display. It also gives a useful summary of the status of the system, including memory and CPU utilization.

$ top
load averages:  0.01,  0.03,  0.05   22:46:49
81 processes:  80 sleeping, 1 on cpu
CPU states: 99.4% idle,  0.4% user,  0.2% kernel,  0.0% iowait,  0.0% swap
Memory: 256M real, 27M free, 61M swap in use, 451M swap free

  PID USERNAME THR PRI NICE  SIZE   RES STATE   TIME    CPU COMMAND
13066 boris      1  33    0 1472K 1384K cpu     0:00  0.16% top
  164 root       6   7    0 7952K 4088K sleep  25:32  0.15% automountd
13072 www        4  24    0 5928K 3288K sleep   0:00  0.09% httpd
 8084 www        4  33    0 7840K 6216K sleep   3:22  0.05% httpd
 7837 www        4  33    0 7840K 6264K sleep   2:54  0.05% httpd
   .   .         .   .    .   .     .     .       .     .     .
   .   .         .   .    .   .     .     .       .     .     .
   .   .         .   .    .   .     .     .       .     .     .

Note that top also displays additional fields not shown by ps, including the scheduling priority and "nice" level. We'll talk about these in the next section.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.