-
-
Notifications
You must be signed in to change notification settings - Fork 2
PS Process Management
- 📝 What is ps?
- ⚡ Basic Commands
- 🔍 Viewing Processes
- :desktop: Finding Specific Processes
- 👪 Process Trees
- Scenario 1: High CPU Usage
- Scenario 2: High Memory Usage
- Scenario 3: Find Process Using Port
- Scenario 4: Process Won't Die
- Scenario 5: Find All Processes for a User
- Scenario 6: Monitor Process Over Time
- Scenario 7: Find Process by Partial Name
- Scenario 8: Process Tree for Troubleshooting
- pgrep - Find Process by Name
- pkill - Kill Process by Name
- kill - Kill Process by PID
- top / htop - Interactive Process Monitor
-
ps(Process Status) displays information about running processes - Shows what programs are currently running on your system
- Essential for troubleshooting, monitoring, and managing processes
- Part of the
procps-ngpackage (usually pre-installed)
What ps can do:
- List all running processes
- Show process details (CPU, memory, PID, etc.)
- Find specific processes
- Display process trees (parent-child relationships)
- Sort processes by resource usage
- Filter processes by user, command, etc.
Process basics:
- Every running program is a process
- Each process has a unique Process ID (PID)
- Processes have a parent process (PPID)
- Processes use CPU and memory resources
ps --helpShows available ps options (note: ps has multiple syntax styles).
ps --versionShows the version of ps (procps-ng).
ps auxWhat this does:
- Shows all processes for all users
- Uses BSD-style syntax (a = all users, u = user format, x = processes without TTY)
- Most commonly used ps command
Example output:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 40280 25084 ? Ss 07:33 0:05 /usr/lib/systemd/systemd --switched-root --system --deserialize=59 rhgb
root 2 0.0 0.0 0 0 ? S 07:33 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 07:33 0:00 [pool_workqueue_release]
matt 2024 71.3 1.3 2587856 862828 tty2 S<l+ 07:34 333:08 qs
What each column means:
- USER: User who owns the process
- PID: Process ID (unique identifier)
- %CPU: CPU usage percentage
- %MEM: Memory usage percentage
- VSZ: Virtual memory size (KB)
- RSS: Resident Set Size - physical memory used (KB)
- TTY: Terminal associated with process (? = no terminal)
- STAT: Process state (see below)
- START: Time process started
- TIME: CPU time used
- COMMAND: Command that started the process
Process states (STAT):
-
R- Running or runnable -
S- Interruptible sleep (waiting for event) -
D- Uninterruptible sleep (usually I/O) -
Z- Zombie (terminated but not reaped) -
T- Stopped (by job control or debugger) -
I- Idle kernel thread - Additional flags:
-
<- High priority -
N- Low priority -
L- Pages locked in memory -
s- Session leader -
l- Multi-threaded -
+- Foreground process group
ps -efWhat this does:
- Shows all processes in Unix-style format
- Different column layout than
ps aux - Commonly used on some systems
Example output:
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 07:33 ? 00:00:05 /usr/lib/systemd/systemd --switched-root --system --deserialize=59 rhgb
root 2 0 0 07:33 ? 00:00:00 [kthreadd]
root 3 2 0 07:33 ? 00:00:00 [pool_workqueue_release]
What each column means:
- UID: User ID
- PID: Process ID
- PPID: Parent Process ID
- C: CPU utilization
- STIME: Start time
- TTY: Terminal
- TIME: CPU time
- CMD: Command
ps -eWhat this does:
- Shows all processes (every process)
- Minimal output (PID and command)
- Quick overview
With custom format:
ps -e --format=pid,comm,argsExample output:
PID COMMAND COMMAND
1 systemd /usr/lib/systemd/systemd --switched-root --system --deserialize=59 rhgb
2 kthreadd [kthreadd]
3 pool_workqueue_ [pool_workqueue_release]
ps aux | grep processnameWhat this does:
- Searches for processes matching the name
- Uses grep to filter ps output
- Case-sensitive by default
Example:
ps aux | grep sshdCase-insensitive:
ps aux | grep -i processnameNote: The grep command itself will appear in results. To exclude it:
ps aux | grep -v grep | grep processnameOr use pgrep (see below).
ps -p 1234What this does:
- Shows information about process with PID 1234
- Useful when you know the PID
With custom format:
ps -p 1 -o pid,ppid,cmdExample output:
PID PPID CMD
1 0 /usr/lib/systemd/systemd --switched-root --system --deserialize=59 rhgb
ps -u usernameWhat this does:
- Shows all processes owned by a specific user
- Useful for monitoring user activity
Example:
ps -u mattCurrent user:
ps -u $(whoami)Multiple users:
ps -u user1,user2ps -C commandnameWhat this does:
- Finds processes by command name
- Exact match (not partial)
Example:
ps -C sshdps --forestWhat this does:
- Shows processes in a tree format
- Displays parent-child relationships
- Visual representation of process hierarchy
Example output:
PID TTY TIME CMD
782428 ? 00:00:02 nautilus
772127 ? 00:00:00 bwrap
772128 ? 00:00:00 \_ xdg-dbus-proxy
772115 ? 00:00:00 bwrap
772131 ? 00:00:00 \_ bwrap
772132 ? 00:00:05 \_ github-desktop
772139 ? 00:00:00 | \_ github-desktop
772332 ? 00:00:07 | | \_ github-desktop
What this shows:
- Parent processes at the top
- Child processes indented with
\_ - Process hierarchy relationships
With more details:
ps auxfThe f flag shows a forest (tree) view with full details.
ps --forest -p 1234What this does:
- Shows the process tree starting from PID 1234
- Includes parent and child processes
ps aux --sort=-%cpuWhat this does:
- Sorts processes by CPU usage (highest first)
-
-before%cpumeans descending order - Useful for finding CPU hogs
Top CPU users:
ps aux --sort=-%cpu | head -10Example output:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
matt 2024 71.3 1.3 2587856 862828 tty2 S<l+ 07:34 333:08 qs
matt 768621 18.0 1.8 1480520040 1202296 ? R<l 14:02 14:14 /usr/share/cursor/cursor --type=zygote
matt 774101 7.9 1.2 1445728428 810780 ? S<l 14:13 5:22 /opt/microsoft/msedge-dev/msedge
ps aux --sort=-%memWhat this does:
- Sorts processes by memory usage (highest first)
- Useful for finding memory hogs
Top memory users:
ps aux --sort=-%mem | head -10Example output:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
matt 768621 18.0 1.8 1480520040 1200936 ? R<l 14:02 14:14 /usr/share/cursor/cursor --type=zygote
matt 3030 5.8 1.4 1472409936 925732 ? Sl 07:34 27:15 /proc/self/exe --type=renderer
matt 2024 71.3 1.3 2587856 862828 tty2 S<l+ 07:34 333:08 qs
ps aux --sort=pidWhat this does:
- Sorts processes by Process ID (lowest first)
- Useful for chronological ordering (PIDs are assigned sequentially)
ps aux --sort=startWhat this does:
- Sorts processes by start time
- Oldest processes first
ps -e --format=pid,user,comm,%cpu,%mem,etimeWhat this does:
- Shows only specified columns
- Custom format for specific needs
Available format specifiers:
-
pid- Process ID -
ppid- Parent Process ID -
user- User name -
comm- Command name -
args- Full command with arguments -
%cpu- CPU usage -
%mem- Memory usage -
rss- Resident Set Size -
vsz- Virtual memory size -
stat- Process state -
etime- Elapsed time -
start- Start time -
time- CPU time
Example:
ps -e --format=pid,user,comm,%cpu,%memps auxwwWhat this does:
- Shows full command line (no truncation)
-
ww= unlimited width - Useful when commands are truncated
Problem: System is slow, CPU usage is high.
Solution:
-
Find top CPU users:
ps aux --sort=-%cpu | head -10 -
Check specific process:
ps -p 1234 -o pid,%cpu,%mem,cmd
-
Monitor in real-time:
watch -n 1 'ps aux --sort=-%cpu | head -10'
Problem: System is running out of memory.
Solution:
-
Find top memory users:
ps aux --sort=-%mem | head -10 -
Check total memory usage:
ps aux --sort=-%mem | awk '{sum+=$6} END {print sum/1024 " MB"}'
-
Find processes using most memory:
ps aux --sort=-%mem | head -20
Problem: Port is in use, need to find the process.
Solution:
-
Find process using port (combine with ss):
sudo ss -tlnp | grep :80 -
Or use lsof:
sudo lsof -i :80
-
Then check the process:
ps -p $(sudo lsof -t -i :80)
Problem: Process is stuck, kill command doesn't work.
Solution:
-
Check process state:
ps -p 1234 -o pid,stat,cmd
-
Check if it's a zombie:
ps aux | grep -i zombie -
Find parent process:
ps -p 1234 -o pid,ppid,cmd
-
Kill parent if needed:
kill -9 1234
Problem: Need to see all processes owned by a user.
Solution:
ps -u usernameWith details:
ps aux -u usernameCount processes:
ps -u username | wc -lProblem: Need to watch a process's resource usage.
Solution:
watch -n 1 'ps -p 1234 -o pid,%cpu,%mem,etime,cmd'Updates every second.
Or use a loop:
while true; do clear; ps -p 1234 -o pid,%cpu,%mem,etime,cmd; sleep 1; doneProblem: Need to find processes with similar names.
Solution:
ps aux | grep -i partialnameExclude grep itself:
ps aux | grep -v grep | grep -i partialnameOr use pgrep:
pgrep -a partialnameProblem: Need to understand process relationships.
Solution:
ps --forest -u usernameShows all processes for user in tree format.
For specific process:
ps --forest -p 1234ps aux # All processes (BSD style)
ps -ef # All processes (Unix style)
ps -e # All processes (simple)
ps -e --format=pid,comm # Custom formatps aux | grep name # Find by name
ps -p 1234 # Find by PID
ps -u username # Find by user
ps -C commandname # Find by commandps --forest # Tree view
ps auxf # Tree with details
ps --forest -p 1234 # Tree for specific processps aux --sort=-%cpu # Sort by CPU (high to low)
ps aux --sort=-%mem # Sort by memory (high to low)
ps aux --sort=pid # Sort by PID
ps aux --sort=start # Sort by start timeps aux --sort=-%cpu | head -10 # Top 10 CPU users
ps aux --sort=-%mem | head -10 # Top 10 memory usersps -e --format=pid,user,comm,%cpu,%mem
ps auxww # Full command line (no truncation)pgrep processnameWhat this does:
- Finds PIDs of processes matching the name
- Returns only PIDs (useful for scripts)
With process names:
pgrep -a processnameShows PID and command.
pkill processnameWhat this does:
- Kills processes by name
- Sends TERM signal by default
Force kill:
pkill -9 processnamekill 1234Force kill:
kill -9 1234See kill signals:
kill -ltopWhat this does:
- Interactive real-time process monitor
- Updates continuously
- Can sort, filter, and kill processes
htop (if installed):
htopMore user-friendly version of top.
This guide covered:
- Basic Commands:
-
ps aux- Most common format -
ps -ef- Unix format -
ps -e- Simple format
- Finding Processes:
- By name (grep)
- By PID
- By user
- By command
- Process Trees:
- Tree view with
--forest - Parent-child relationships
- Sorting:
- By CPU usage
- By memory usage
- By PID or start time
- Custom Output:
- Custom columns
- Full command lines
- Troubleshooting Scenarios:
- High CPU/memory usage
- Finding processes
- Process monitoring
- Process trees
Next Steps:
- Practice with
ps aux | grepto find processes - Use
toporhtopfor interactive monitoring - Combine with
killto manage processes - Learn about process signals and states
For system resource monitoring, see the Free & Top System Resource Monitoring Guide. For network connections, see the SS Network Troubleshooting Guide.