Monday, September 3, 2012

What is a process in UNIX / Linux?

  A process is a program in execution in memory or in other words, an instance of a program in memory. Any program executed creates a process. A program can be a command, a shell script, or any binary executable or any application. However, not all commands end up in creating process, there are some exceptions. Similar to how a file created has properties associated with it, a process also has lots of properties associated to it.

Process attributes:
  A process has some properties associated to it:

PID : Process-Id. Every process created in Unix/Linux has an identification number associated to it which is called the process-id. This process id is used by the kernel to identify the process similar to how the inode number is used for file identification. The PID is unique for a process at any given point of time. However, it gets recycled.

PPID : Parent Process Id: Every process has to be created by some other process. The process which creates a process is the parent process, and the process being created is the child process. The PID of the parent process is called the parent process id(PPID).

TTY: Terminal to which the process is associated to. Every command is run from a terminal which is associated to the process. However, not all processes are associated to a terminal.There are some processes which do not belong to any terminal. These are called daemons.

UID: User Id- The user to whom the process belongs to. And the user who is the owner of the process can only kill the process(Of course, root user can kill any process). When a process tries to access files, the accessibility depends on the permissions the process owner has on those files.

File Descriptors: File descriptors related to the process: input, output and error file descriptors.

List the processes:
$ ps
 1315012  pts/1  0:00 -ksh
 2490430  pts/1  0:00 ps
 ps is the Unix / Linux command which lists the active processes and its status. By default, it lists the processes belonging to the current user being run from the current terminal.

The ps command output shows 4 things:
PID : The unique id of the process
TTY: The terminal from which the process or command is executed.
TIME: The amount of CPU time the process has taken
CMD: The command which is executed.

2 processes are listed in the above case:
1. -ksh : The login shell, which we are working on, is also a process which is currently running.
2. ps : The ps command which we executed to get the list also creates a process.   And hence, by default, there will be atleast 2 processes when executing the ps command.

Parent & Child Process:
  Every process in Unix has to be created by some other process.  Hence, the ps command is also created by some other process. The 'ps' command is being run from the login shell, ksh. The ksh shell is a process running in the memory right from the moment the user logged in. So, for all the commands trigerred from the login shell, the login shell will be the parent process and the process created for the command executed will be the child process. In the same lines, the 'ksh' is the parent process for the child process 'ps'.
 The below command shows the process list along with the PPID.
$ ps -o pid,ppid,args
2666744 3317840 ps -o pid,ppid,args
3317840 1       -ksh
   The PID of the ksh is same as the PPID of the ps command which means the ksh process is the parent of the ps command. The '-o' option of the ps command allows the user to specify only the fields which he needs to display.

Init Process:
     If all processes of the user are created by the login shell, who created the process for the login shell?  In other words, which is the parent process of the login shell? When the Unix system boots, the first process to be created is the init process. This init process will have the PID as 1 and PPID as 0. All the other processes are created by the init process and gets branched from there on. Note in the above command, the process of the login shell has the PPID 1 which is the PID of the init process.

Exceptions to creating process:
   Not all commands end up creating a process. There are some exceptions.
i) Internal commands does not create a process since they are shell built-in.
ii) Any file if sourced does not create a process since it has to be run within the shell.

 In the next article, we will see the interesting things behind the process creation.


  1. Thanks for sharing this. This is ceratinly improving my unix knowledge.

  2. Nice article! Very beginner-friendly xD

  3. very helpful ,,,thanks for sharing.