To find out what processes are running, use the ps command (process status) which prints information about the processes associated with your terminal (that is, the processes from your current login session).
To find out all the processes running on the system, type the following:
$Note that there may be other processes running on the system that you are not authorized to see. (You will probably have to pipe the output of ps -ef through more(C) or pg(C), as several hundred processes may be reported on a large system.)
ps -efUID PID PPID C STIME TTY TIME COMMAND root 0 0 0 Sep 24 ? 0:00 sched root 1 0 0 Sep 24 ? 110:56 /etc/init root 2 0 0 Sep 24 ? 0:00 vhand root 3 0 0 Sep 24 ? 5:52 bdflush gavin 8501 1 0 17:59:05 004 0:03 -ksh gavin 8972 8501 0 18:52:04 004 0:02 vi tmpfile root 423 1 0 Sep 24 02 0:00 /etc/getty tty02 m susanna 7903 1 0 17:29:01 015 0:04 -csh perry 8608 1 0 18:12:27 006 0:06 -ksh
The listing contains the following columns:
As soon as it is created, each process is allocated a unique identifier called a process ID or PID, a decimal integer in the range 0-65535. Some of these are reserved for the system. On system startup, a process called sched is created by the kernel; this creates three other processes called /etc/init, vhand and bdflush. These four processes are automatically allocated process ID's 0, 1, 2 and 3 respectively. It is sched, the ``swapper'' process, that swaps other processes into main memory before the kernel scheduler can allocate CPU time to them.
Under the UNIX system, all processes (except sched) are created by a procedure known as ``forking''. The process that does this is known as the ``parent'' of the resulting ``child'' process. The relationship between a parent and a child can be identified by the process' parent process ID (PPID). Each process (except sched) has a single parent process, but may have many child processes. In the example, the vi process (8972) was created by process 8501, which was in turn created by /etc/init. init(M) is the ancestor of all other processes active on a UNIX system: among other things, it calls a program called getty(M), which is responsible for creating login processes, which in turn calls up a user shell such as ksh(C) or sh(C).
Process creation is known as forking because the calling process splits in two. The copy is created by calling the fork function. The child is an almost exact copy of its parent, made by assigning a slot in the process table to the new process, then copying information from the parent's process table slot to the child's slot. The obvious differences between the parent and its child are the PID and PPID. See fork(S) for more details. A successful process creation is signaled by the fork function passing a value of zero to the child process and the PID of the child to the parent.
PID allocation in the 0-65535 range is cyclical: once the upper limit has been reached, the lower numbers are reused, subject to the proviso that PIDs must be unique.
To see what processes a particular user is running, type ps -u login where login is the login of the user in question. For example:
$Note that this user is running several Korn shell processes, each with a unique PID, but derived from the single program /bin/ksh.
ps -u charlesPID TTY TIME COMMAND 10170 008 0:07 ksh 9779 008 0:00 ksh 9780 008 9:23 pmview.r 9791 p0 0:12 oadaemon 9796 p1 7:47 email 9797 p2 0:03 ksh 9802 p6 0:02 ksh 19027 p5 0:02 ksh 19980 p6 0:20 vi 21275 p6 0:00 ps $