Master Linux Process Management: Essential Commands and Monitoring Tools

Program

A program is a set of instructions that a computer can recognize and execute, serving as an information tool to meet specific user needs.

What is a Process?

A process is a running instance (a copy) of a program.

Each process is identified by a Process ID (PID).

UID and GID determine file system access permissions, usually inherited from the user who started the process.

Processes have a lifecycle and are created by a parent process.

Full lifecycle: creation → execution → termination (including zombie processes).

Process Creation

init: the first process (systemd on CentOS 7 and later).

Processes are created by their parent using

fork()

, establishing a parent‑child relationship. Copy‑On‑Write (CoW) ensures that a child gets a new memory space only when it writes data.

Threads perform work; a process (e.g., Process A) distributes tasks and stores shared resources.

Process Management Commands

ps – view static process information

<code>1 ps aux            # basic format, aux without leading '-'
2 a                # show processes attached to a terminal, including other users' processes
3 u                # display the user owning each process
4 x                # show processes without a controlling terminal
5 ps aux | wc -l   # count processes
6 # combine with pipes for filtering</code>

USER

Process owner

PID

Process ID

%CPU

CPU usage percentage

%MEM

Memory usage percentage

VSZ

Virtual memory size

RSS

Resident (physical) memory size

TTY

Terminal name ("?" if not started from a terminal)

STAT

Process state (D: uninterruptible sleep, R: running, S: sleeping, T: stopped, Z: zombie, etc.)

START

Start time

TIME

CPU time used

COMMAND

Command that started the process

top – dynamic process monitoring

<code>1 -d seconds   # set refresh interval (default 3 seconds)
2 -b          # batch mode (useful for redirecting output to a file)
3 -n count    # number of iterations
4 -p PID      # monitor a specific PID
5 -s          # safe mode to avoid interactive errors
6 -u user     # show processes of a specific user</code>

Top displays five lines of summary information: system time and uptime, load average, total/running/sleeping/stopped/zombie tasks, CPU usage breakdown, memory usage, swap usage, and more.

pgrep – find processes by criteria

<code>1 -U user   # specify user
2 -l        # display process name
3 -a        # display full command line
4 -P pid    # show child processes of a given PID</code>

pstree – display processes as a tree

<code>1 -p        # show PIDs
2 -a        # show full command line for each process
3 -u        # show user information
4 -H        # highlight a specific PID and its ancestors</code>

lsof – list open files

<code>1 -c pattern   # list files opened by processes whose command starts with pattern
2 +d directory # list files opened in a specific directory
3 -u user      # list files opened by a specific user
4 -p pid       # list files opened by a specific PID</code>

Performance Monitoring Tools

vmstat – system performance statistics.

free – display memory usage.

iostat – monitor disk I/O performance.

iftop – monitor network traffic.

dstat – versatile system resource monitoring, including network.

Background and Foreground Job Control

Use

command &

to run a job in the background.

Examples:

dd if=/dev/zero of=/dev/null &

jobs

– list background jobs.

fg %1

– bring job %1 to the foreground.

Ctrl+Z

– suspend a foreground job and move it to the background.

bg %1

– resume a suspended background job.

Scheduled Tasks

at – one‑time scheduled task

Syntax:

at [HH:MM] [yyyy‑mm‑dd]

Example: schedule a command to run at 18:55 on a specific date.

crontab – recurring scheduled tasks

<code>1 -e            # edit crontab
2 * * * * *    # minute hour day month weekday (0‑6, 0 or 7 = Sunday)
3 -u user       # specify user
4 -l            # list current crontab entries
5 -r            # remove crontab</code>

Format:

minute hour day month weekday  command

Example: run a copy of

/etc/passwd

to

/opt

every night at 18:55.