|
|
To find out what processes are running, use the ps command (process status) which prints information about the processes associated with your terminal (that is, the processes from your current login session).
To find out all the processes running on the system, type the following:
$ ps -ef
UID PID PPID C STIME TTY TIME COMMAND
root 0 0 0 Sep 24 ? 0:00 sched
root 1 0 0 Sep 24 ? 110:56 /etc/init
root 2 0 0 Sep 24 ? 0:00 vhand
root 3 0 0 Sep 24 ? 5:52 bdflush
gavin 8501 1 0 17:59:05 004 0:03 -ksh
gavin 8972 8501 0 18:52:04 004 0:02 vi tmpfile
root 423 1 0 Sep 24 02 0:00 /etc/getty tty02 m
susanna 7903 1 0 17:29:01 015 0:04 -csh
perry 8608 1 0 18:12:27 006 0:06 -ksh
Note that there may be other processes running on the system that
you are not authorized to see. (You will probably have to pipe the
output of ps -ef through
more(C)
or
pg(C),
as several hundred processes may be reported on a large system.)
The listing contains the following columns:
As soon as it is created, each process is allocated a unique identifier called a process ID or PID, a decimal integer in the range 0-65535. Some of these are reserved for the system. On system startup, a process called sched is created by the kernel; this creates three other processes called /etc/init, vhand and bdflush. These four processes are automatically allocated process ID's 0, 1, 2 and 3 respectively. It is sched, the ``swapper'' process, that swaps other processes into main memory before the kernel scheduler can allocate CPU time to them.
Under the UNIX system, all processes (except sched) are created by a procedure known as ``forking''. The process that does this is known as the ``parent'' of the resulting ``child'' process. The relationship between a parent and a child can be identified by the process' parent process ID (PPID). Each process (except sched) has a single parent process, but may have many child processes. In the example, the vi process (8972) was created by process 8501, which was in turn created by /etc/init. init(M) is the ancestor of all other processes active on a UNIX system: among other things, it calls a program called getty(M), which is responsible for creating login processes, which in turn calls up a user shell such as ksh(C) or sh(C).
Process creation is known as forking because the calling process splits in two. The copy is created by calling the fork function. The child is an almost exact copy of its parent, made by assigning a slot in the process table to the new process, then copying information from the parent's process table slot to the child's slot. The obvious differences between the parent and its child are the PID and PPID. See fork(S) for more details. A successful process creation is signaled by the fork function passing a value of zero to the child process and the PID of the child to the parent.
PID allocation in the 0-65535 range is cyclical: once the upper limit has been reached, the lower numbers are reused, subject to the proviso that PIDs must be unique.
To see what processes a particular user is running, type ps -u login where login is the login of the user in question. For example:
$ ps -u charles
PID TTY TIME COMMAND
10170 008 0:07 ksh
9779 008 0:00 ksh
9780 008 9:23 pmview.r
9791 p0 0:12 oadaemon
9796 p1 7:47 email
9797 p2 0:03 ksh
9802 p6 0:02 ksh
19027 p5 0:02 ksh
19980 p6 0:20 vi
21275 p6 0:00 ps
$
Note that this user is running several Korn shell processes, each
with a unique PID, but derived from the single program
/bin/ksh.