Process Management

In Linux, the term "process" is defined as a program loaded into memory and executing in the processor (CPU).

Processes can range from short commands run from the command line to network services running for the duration of the operating system's uptime.

Types of Processes

Foreground Processes

By default, all processes run in the foreground. They take input from the keyboard and display output on the screen. Running the pwd command is a good example of a foreground process.

root@hackerbox:~$ pwd/root

In this example, the process executed by the pwd command ran in the foreground, displayed the output, and exited after completing its task. Foreground processes lock the terminal until they finish their tasks and do not allow other operations to be performed in the meantime.

Background Processes

Background processes do not lock the terminal when run; they start running in the background. When background processes are running, multiple processes can run in parallel.

To run a command in the background, append the & character to it. For example, let's run the pwd command in the background:

root@hackerbox:~$ pwd &
[1]   +   Done                 pwd

Unlike the first example, the pwd command did not print the path of the current directory as it was run as a background process. Instead, it provided information about the background process it started.[1]indicates that the process job number is 1.

Done indicates that the process successfully completed its task.

Let's do a different example The pwd command, by nature, completes its task immediately and exits. However, some commands run continuously until you send a stop signal. The ping command is a good example of this.

Let's send a ping to 127.0.0.1 with the ping command and run it in the background. This will allow us to send ping requests to 127.0.0.1 for as long as our terminal or the running process remains open, while still allowing us to use our terminal for other tasks.

root@hackerbox:~$ ping 127.0.0.1 &
[1] 54017

root@hackerbox:~$
64 bytes from 127.0.0.1: icmp_seq=100 ttl=64 time=0.081 ms
64 bytes from 127.0.0.1: icmp_seq=101 ttl=64 time=0.164 ms
64 bytes from 127.0.0.1: icmp_seq=102 ttl=64 time=0.075 ms

[1] indicates that the background job number for the process is 1. 54017 is the Process ID (PID) for the background process. The PID is a unique number identifying the process.

Some commands, like ping, may provide output to the terminal even when running in the background. As seen in the example, although running in the background, the ping command prints output to the terminal every second. However, this output does not prevent us from performing other tasks and does not lock the terminal.

Managing Processes in the Current Terminal Session

We can easily list the background processes started in our current terminal session using the jobs command.

root@hackerbox:~$ jobs
[1]    running    ping 127.0.0.1

According to the output, we have a ping 127.0.0.1command running in the background in our current terminal session, with a job number of 1.

To bring this background command back to the foreground, we can use the fg(foreground) command. We type the job number of the process with a % sign next to the fg command.

root@hackerbox:~$ fg %1
[1]  - running    ping 127.0.0.1
64 bytes from 127.0.0.1: icmp_seq=645 ttl=64 time=1.448 ms
64 bytes from 127.0.0.1: icmp_seq=646 ttl=64 time=0.161 ms
64 bytes from 127.0.0.1: icmp_seq=647 ttl=64 time=0.219 ms
64 bytes from 127.0.0.1: icmp_seq=648 ttl=64 time=0.130 ms

As we can see, the process is running in the foreground again.

How do we stop it? We can easily stop a program running in the terminal by pressing the CTRL+C shortcut on the keyboard.

64 bytes from 127.0.0.1: icmp_seq=645 ttl=64 time=1.448 ms
64 bytes from 127.0.0.1: icmp_seq=646 ttl=64 time=0.161 ms
64 bytes from 127.0.0.1: icmp_seq=647 ttl=64 time=0.219 ms
64 bytes from 127.0.0.1: icmp_seq=648 ttl=64 time=0.130 ms
^C
--- 127.0.0.1 ping statistics ---
706 packets transmitted, 706 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.055/0.180/1.668/0.105 ms
root@hackerbox:~$

Managing System-Wide Processes

In addition to processes in our current terminal session, there are processes running system-wide. These can be processes used by the operating system, the terminal, service providers, or programs that continuously run in the background.

We can view system-wide processes using the ps command.

root@hackerbox:~$ ps
PID       TTY      TIME        CMD
19        pts/1    00:00:00    sh
24        pts/1    00:00:00    ps

As seen in the example, there are two processes running system-wide. One is the terminal running the

shprocess, and the other is the ps command we just executed.

For a more detailed output, we can use the -f parameter of the ps command.

root@hackerbox:~$ ps -f
UID      PID  PPID C STIME    TTY        TIME CMD
1001     19     1 0 07:20    pts/1  00:00:00f     sh
1001     25    19 0 08:04    pts/1  00:00:00      ps -f

The detailed explanations of the columns in the command output are as follows:

Column Name	Description
UID	User ID - The ID number of the user running the process
PID	Process ID - The unique identifier for the process
PPID	Parent Process ID - The unique identifier for the parent process that started the process
C	CPU - The CPU usage of the process
STIME	Start Time - The start time of the process
TTY	Terminal Type - The type of terminal where the process is running
TIME	The total time the process has been running
CMD	Command - The command that started the process

Stopping a Running Process

To stop running processes, if the process runs in the foreground, we can easily press the CTRL+C shortcut on the keyboard.

If it's a background process, we need to know the Process ID (PID) number to stop it.

root@hackerbox:~$ ps
UID      PID  PPID C STIME    TTY        TIME CMD
1001     19     1 0 07:20    pts/1  00:00:00f     sh
1001     25    19 0 08:04    pts/1  00:00:00      ps -f

In the output above, we have the PID for the process sh (19). To stop this process, use the kill command.

root@hackerbox:~$ kill 19

If the process does not terminate with the command above, we can forcefully stop it with the interrupt signal -9.

root@hackerbox:~$ kill -9 19