CIS126RH | RHEL System Administration 1
Mesa Community College
PIDs, parent/child relationships, states, and ownership
View system-wide process information in real time
Use &, jobs, fg, bg, and nohup effectively
Use kill, killall, pkill, nice, and renice
A process is a running instance of a program. Every process has a unique Process ID (PID), is owned by a user, has a parent process, and maintains its own memory space.
| State | Symbol | Meaning |
|---|---|---|
| Running | R | Actively using CPU or in run queue |
| Sleeping | S | Waiting for an event (interruptible) |
| Disk Sleep | D | Waiting for I/O (uninterruptible — cannot kill) |
| Stopped | T | Paused — Ctrl+Z or SIGSTOP signal |
| Zombie | Z | Terminated but not reaped by parent |
D state (uninterruptible sleep) cannot be killed with SIGKILL while waiting for I/O. This is typically temporary — it resolves when the I/O completes.
# View the process tree
[user@host ~]$ pstree
systemd─┬─NetworkManager───3*[{NetworkManager}]
├─agetty
├─auditd───{auditd}
├─crond
├─sshd───sshd───sshd───bash───pstree
└─systemd-journal
# Show PIDs in the tree
[user@host ~]$ pstree -p
systemd(1)─┬─sshd(1234)───sshd(5678)───sshd(5680)───bash(5681)───pstree(5700)
# Show tree for a specific process
[user@host ~]$ pstree -p 1234systemd is the first process and the parent or ancestor of every other process. When systemd stops, the system shuts down.
# Basic ps — shows processes in current terminal
[user@host ~]$ ps
PID TTY TIME CMD
5681 pts/0 00:00:00 bash
5700 pts/0 00:00:00 ps
# Show all processes (BSD style — most common)
[user@host ~]$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.3 171820 13256 ? Ss 09:00 0:02 /usr/lib/systemd/systemd
root 2 0.0 0.0 0 0 ? S 09:00 0:00 [kthreadd]
apache 1234 0.2 1.5 550000 62000 ? S 09:15 0:45 /usr/sbin/httpdtop instead.
# Unix style — shows PPID (parent PID)
[user@host ~]$ ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 09:00 ? 00:00:02 /usr/lib/systemd/systemd
student 5681 5680 0 10:30 pts/0 00:00:00 -bash| Field | Meaning |
|---|---|
PID | Process ID — unique identifier |
PPID | Parent process ID |
%CPU / %MEM | Resource usage percentages |
VSZ / RSS | Virtual / resident memory (KB) |
STAT | Process state (R, S, D, T, Z) |
TIME | Cumulative CPU time used |
| Code | Meaning | Typical cause |
|---|---|---|
R | Running or runnable | Actively computing, in run queue |
S | Sleeping | Waiting for input, timer, or event |
D | Uninterruptible sleep | Waiting for disk I/O |
T | Stopped | Ctrl+Z or SIGSTOP signal |
Z | Zombie | Finished but parent not waiting |
s | Session leader | First process in session group |
| Code | Meaning | Typical cause |
|---|---|---|
+ | Foreground process group | Running in current terminal |
l | Multi-threaded | Many services use threads |
N | Low-priority (nice) | niceness value greater than 0 |
< | High-priority | niceness value less than 0 |
I | Idle kernel thread | Kernel worker waiting for work |
Ss | Sleeping session leader | SSH daemon, shell process |
Ss = sleeping + session leader (typical for SSH connections and terminal shells)
# Find processes by name
[user@host ~]$ ps aux | grep httpd
root 1234 0.0 0.5 275000 20000 ? Ss 09:15 0:00 /usr/sbin/httpd
apache 1235 0.0 0.3 275500 12000 ? S 09:15 0:01 /usr/sbin/httpd
# Exclude grep itself from results
[user@host ~]$ ps aux | grep [h]ttpd# Find by user
[user@host ~]$ ps -u apache
# Custom output — sorted by CPU usage
[user@host ~]$ ps -eo pid,user,%cpu,%mem,cmd --sort=-%cpu | head
PID USER %CPU %MEM CMD
3456 mysql 45.2 12.5 /usr/libexec/mysqld
1234 apache 8.3 2.1 /usr/sbin/httpd# Start top (press q to quit)
[user@host ~]$ top
# Start top sorted by memory
[user@host ~]$ top -o %MEM
# Monitor specific PID
[user@host ~]$ top -p 1234
# Monitor multiple PIDs
[user@host ~]$ top -p 1234,5678load average: — 1, 5, and 15-minute CPU load%id: — idle CPU percentage (high is good)MiB Mem/Swap: — memory usage summary
P | Sort by CPU |
M | Sort by memory |
T | Sort by time |
R | Reverse sort order |
k | Kill a process |
r | Renice (change priority) |
u | Filter by user |
? | Help |
q | Quit |
M to find the biggest memory consumer. Press k then enter the PID to kill a runaway process — all without leaving top.
# htop — enhanced interactive viewer (if installed)
[user@host ~]$ htop
# Better visual interface, mouse support, easier to use
# pidof — find PID by exact process name
[user@host ~]$ pidof httpd
1236 1235 1234
# pgrep — search processes by pattern
[user@host ~]$ pgrep -l http
1234 httpd
1235 httpd
# pgrep with full command line
[user@host ~]$ pgrep -a httpd
1234 /usr/sbin/httpd -DFOREGROUND# lsof — list open files (and sockets) by process
[user@host ~]$ lsof -p 1234 | head
# What process is using a specific file?
[user@host ~]$ lsof /var/log/messages
# What process is listening on a port?
[user@host ~]$ lsof -i :80
# Show all network connections
[user@host ~]$ lsof -i
# Show open files by a user
[user@host ~]$ lsof -u student# Run command in foreground (default) — blocks terminal
[user@host ~]$ sleep 60
# Terminal is blocked for 60 seconds
# Run command in background (add &)
[user@host ~]$ sleep 60 &
[1] 5800 # [job number] PID
# Suspend foreground process (Ctrl+Z)
[user@host ~]$ sleep 60
^Z
[1]+ Stopped sleep 60
# Resume in background / bring to foreground
[user@host ~]$ bg
[1]+ sleep 60 &
[user@host ~]$ fg
sleep 60# List current jobs
[user@host ~]$ jobs -l
[1]- 5800 Running sleep 100 &
[2]+ 5810 Stopped vim file.txt
# Bring specific job to foreground by number or name
[user@host ~]$ fg %1 # Job number
[user@host ~]$ fg %vim # Job start string
# Resume specific job in background
[user@host ~]$ bg %2
# Disown — remove job from shell tracking
[user@host ~]$ disown %1
# Process continues but shell no longer tracks it# nohup — ignore SIGHUP signal (survive logout)
[user@host ~]$ nohup long-running-script.sh &
nohup: ignoring input and appending output to 'nohup.out'
[1] 5850
# Redirect output explicitly
[user@host ~]$ nohup ./backup.sh > backup.log 2>&1 &
# Safe to log out — process continues
[user@host ~]$ exit# Alternative: screen for interactive long-running sessions
[user@host ~]$ screen -S mysession
# Work inside screen session...
# Detach: Ctrl+A, D
# Reattach later:
[user@host ~]$ screen -r mysession| Signal | Number | Meaning | Can be caught? |
|---|---|---|---|
SIGHUP | 1 | Hangup — reload config | Yes |
SIGINT | 2 | Interrupt (Ctrl+C) | Yes |
SIGQUIT | 3 | Quit with core dump | Yes |
SIGKILL | 9 | Force kill — immediate | No |
SIGTERM | 15 | Graceful terminate | Yes |
SIGSTOP | 19 | Pause process | No |
SIGCONT | 18 | Continue (resume) | Yes |
SIGUSR1/2 | 10/12 | User-defined signals | Yes |
# Default: send SIGTERM (signal 15)
[root@host ~]# kill 1234
# By name or number
[root@host ~]# kill -SIGTERM 1234
[root@host ~]# kill -15 1234# Force kill (last resort — cannot be caught)
[root@host ~]# kill -9 1234
[root@host ~]# kill -SIGKILL 1234
# Send to multiple processes
[root@host ~]# kill 1234 1235 1236
# List all available signals
[user@host ~]$ kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL
9) SIGKILL 15) SIGTERM 18) SIGCONT 19) SIGSTOP ...# killall — kill all processes with exact name
[root@host ~]# killall httpd
# Sends SIGTERM to all processes named exactly "httpd"
# Force kill with specific signal
[root@host ~]# killall -9 httpd
[root@host ~]# killall -SIGHUP httpd # Reload config# pkill — kill by pattern (more flexible than killall)
[root@host ~]# pkill http
# Matches any process containing "http"
# pkill by user
[root@host ~]# pkill -u student
# Kill all processes owned by student
# Force kill by user
[root@host ~]# pkill -9 -u baduser
# ALWAYS preview first with pgrep!
[user@host ~]$ pgrep -l http
1234 httpd
1235 httpd
# Then: pkill httppgrep -l pattern first to see what pkill pattern would kill.
Nice values influence scheduling priority. Range: -20 (highest priority) to +19 (lowest priority). Default is 0.
Nice = -20 to -1
Gets more CPU time
Root only for negative values
Nice = 1 to 19
Gets less CPU time
Any user can increase niceness
# Start process with lower priority (nice value 10)
[user@host ~]$ nice -n 10 ./long-task.sh
# Only root can set negative (high priority)
[root@host ~]# nice -n -5 ./important-task.sh# Change nice value of running process
[root@host ~]# renice -n 15 -p 1234
1234 (process ID) old priority 0, new priority 15
# Renice all processes owned by a user
[root@host ~]# renice -n 10 -u student
# Regular users can only increase nice (lower priority)
[user@host ~]$ renice -n 5 -p 5678 # OK
[user@host ~]$ renice -n -5 -p 5678 # Denied
renice: failed to set priority for 5678: Permission deniedtop for real-time monitoringEvery process has a PID, parent (PPID), owner, and state. Use ps aux for a snapshot, top for real-time view.
Use & for background, Ctrl+Z to suspend, fg/bg to manage. Use nohup to survive logout.
Send signals with kill (by PID), killall (by name), or pkill (by pattern). Try SIGTERM first, SIGKILL last.
Adjust CPU priority with nice (at launch) and renice (running). Regular users can only lower priority.
ps aux to find processes owned by a specific usertop to identify the highest CPU-consuming processnice and observe priority in ps