What are Processes in Linux? Internal working of Linux

So now many of you must be familiar with the commands in Linux, now we are going to see how Linux works internally and the various processes in Linux.

What are Processes?

Processes are the programs that are running in the machines.

Each program in Linux has PID(Process Id) that is used by the Kernel to identify the Process.

The ps command lets us know what are the processes that are running in the machine.

The command has many fields -

PID -> refers to process Id
TTY(Teletypewriter) -> refers to the controlling terminal of the process
Time -> refers to the total CPU usage time the process is taking
CMD/Command -> refers to the name of the executable that you are trying to run

Lets us now talk about one of the famous command ps aux This command shows a detailed view of all the processes. It has 3 flags -

a -> all the processes that are running in the system

u -> more details about the process

x -> list down all the processes that don't have terminal/tty associated with it.

The ps aux command has many fields associated with it -

User - who is the user to that process belongs.

PID -Process id

%CPU - how much % of CPU time, the system is using

%Mem - % of Memory process is taking out of entire physical memory

VSZ(Virtual Memory Size) - Virtual memory usage of the entire memory. It refers to the maximum amount of memory that is reserved for the process. It can use the entire memory that is allocated to it but not more than that.

RSS(Resident set size) - Amount of memory the process is using currently.Always VSZ >= RSS

TTY - What the value of the terminal is,? in TTY means that no terminal is associated with it.

Stat - Status of a process

Start - Start time of the process

Time

CMD

Another command is the top command

This command helps us in viewing the processes in real-time. It refreshes at intervals of 5-10s.

What is a Controlling Terminal?

The controlling terminal is the terminal that executed the command. There are 2 types of controlling terminal -

Regularterminal - No GUI, entirely based on the command line. Eg - TTY1
Pseudoteminal(pts) - normal Linux terminal that we use. Eg - pts/0,pts/1. Here 0 refers to the first Linux window in which processes are running, and 1 refers to 2nd Linux window in which processes are running.

When we close the terminal all of the processes end. Daemon processes are the processes that are required to keep the system running. It starts when the computer boots up and ends when it shuts downs.

That is why in tty, some processes are marked with ? these are the essential processes that we need, to keep the system running so they are not associated with controlling terminal.

Now you must be thinking, who provides the resources that process needs?

Answer is the Kernel. The kernel knows who is the owner of the process, and how many resources it is using. It is the kernel's job to ensure what the process needs.
when we close the terminal it free's up the resources so that other processes may use the resources.

How is a Process Created?

Let us say a process ps1 is the parent process. This parent process forks a system call(a system call is a request the program makes to the kernel) and creates a child process and allocates some PID to it.

ps -l shows the detailed view of the processes -

The PPID field refers to the parent's process id. Here PPID of ps is the PID of bash. So we can say that ps is the child process of bash.

If all the processes are forks of each other then there must be a process that is above everything.

That process is the init process. It is referred to as the mother of all processes. It has a PID of 1.

Hierarchy of process creation - init -> bash -> ps

How the process is terminated?

When we terminate a process it calls the _exit system call. The termination status tells the kernel why the program is terminating. The most common termination status is 0, which signifies the process is succeeded.

When the process terminates, it is usually acknowledged by the parent process by the wait system call.

Here there may be 2 edge cases associated with it -

Case 1 - When the process dies and abandons the child process, the child process becomes an Orphan process. This child process then waits for someone to acknowledge him so that he can rest in peace. In this case, the Kernel puts the child process under the protection of the init process which then acknowledges it by the wait system call. This is the reason init is called the mother of all processes.

Case 2- When the child dies and the parent process doesn't call the wait system call. We want to know how it died. In this case, the Kernel turns the parent process into a Zombie process which is a process that is already dead but the system doesn't know about the termination status.

States of Process

The various states of processes are -

R -> process is running

S -> Interruptable sleep i.e waiting for some event. eg- waiting for input from the user

D -> Uninterruptable sleep, processes that cannot be killed in such case just reboot the system.

Z -> Zombies, waiting for the wait call status

T -> Stopped

In Linux everything is a file, so processes are also files. We can find those files by going into the root directory and then ls /proc/.

Let us now create a test.py file and run that file for 100 seconds. Now when we use the jobs commands it will show the job id and status of the program.

Here 1 refers to the job id and + signifies the most recent job. - signifies 2nd most recent job. To move the job to the background we use & operator and to move it to the foreground we use the command fg %[jobid]

Use ctrl+z to stop the program and send it to the background. Use ctrl+c to kill the program in the foreground and kill fg%[jobid] to kill in the background.

What are Signals?

Signals are the notification that is sent to the process informing that something has happened. Maybe some hardware/software issues occurred and the kernel wanted to notify the process, in those scenarios signals are used.

Many processes have signal handlers that are responsible for handling the signals. Processes usually have a signal mask that is used to block the signals.

The most common signals are -

SIGHUP/HUP/1 -> hang up

SIGINT/INT/2 -> Interrupt, eg-ctrl+c

SIGKILL/KILL/9 -> kill

SIGSEGV/SEGV/11 -> segmentation fault, means trying to access process although it doesn't have permission to. eg- cat /etc/shadow

SIGTERM/TERM/15 -> terminate

SIGSTOP/STOP/19 -> Stop, suspend any program for some time, and then resumes it.

If we want to kill a particular process and don't want it to run anymore we use the kill command eg- kill [PID]

Kill commands send the termination signals to the process after which it will call the exit system call.

When multiple processes are running on the CPU, we might think that all of them are running simultaneously but that is not the case, each process can run only at one time.

These processes use the CPU for a small amount of time known as time slices.

If more cores are there in a processor then it can run more programs simultaneously.

Now, how the kernel decides how much priority to give to the process so that they execute faster?

In the top command, you must have seen a field known as NI(nice). In the NI column, the values present tell the CPU how much priority they should give to the process.

High NI value -> low priority
Low NI value -> High priority

There are 2 ways to influence the nice value -

For new process - use command 'nice -n [value] [any program]'.eg - nice -n 10 cat
For existing process - use command 'renice [value] -p [PID]'.eg - renice -10 -p 2

That's it for this blog, All thanks to Apoorv Goyal 🙌🙌 for the Linux Tutorials. This blog is referenced from this 👌👉 Video. Like and Follow if you want more such content 😉.

Pritam's blog