Process Juggling - Using the Linux ps Command with Examples

Administration 9 min read

In the realm of Linux servers system administration, monitoring and managing processes is a critical aspect of maintaining system stability and efficiency. The ps command is a basic cornerstone tool that should be in the hands of any system administrator, which allows you to obtain information about running processes, bring it into different views and filter it to find the required process. In this article, we'll take a quick look at the scope of the ps command and a couple of simple but useful examples to help users master process management on Linux systems.



Basic information about the ps command


The ps command, short for process state, is a versatile tool that provides a snapshot of the current processes running on a Linux system. It offers many options and arguments, making it a powerful utility for administrators, developers, and anyone involved in system monitoring.


Basic syntax:

The basic syntax of the ps command involves specifying various options and arguments to customize the output. For example, a simple ps command without any options provides a minimal set of information, including the process identifier (PID) and the associated terminal.


    PID TTY          TIME CMD
 804679 pts/1    00:00:00 bash
3445818 pts/1    00:00:00 ps


Output Columns:


The default ps command output typically includes columns such as PID, TTY, TIME, and CMD, providing basic information about each process. Understanding these columns is critical to effectively interpreting the results:
PID - identifier (number) of the process in the system;
TTY - output terminal associated with this process
TIME - operating time of a specific process
CMD - process name



Exploring ps Options


The true power of the ps command lies in its ability to provide a wide range of information based on the options you select. Let's look at some key options that enhance the functionality of ps.

Process selection options:
          -e: Display information about other users' processes.
          -u user: show processes for a specific user.
          -p pid: Display information for a specific process ID.

Show options:
          ax: list of all processes on the system, regardless of terminal.
          aux: Display detailed information including user information, CPU usage, memory usage, etc.

Sorting and formatting:
          --sort: Ability to sort processes based on various criteria, such as CPU load or startup time.
          --format: Ability to customize the output by specifying the columns to be displayed.



Real examples of using the ps command


Understanding the practical uses of the ps command is essential for effective system administration. Let's look at real-life examples to illustrate its use.


Identification of resource-intensive processes:

Using the ps aux command, administrators can identify processes that are consuming excessive CPU or memory resources. This is critical to optimizing system performance.

$ ps aux --sort=-%cpu | head



View specific user processes:

To view processes for a specific user, you can use the following command:

$ ps -u username



Real-time process monitoring:

The watch command can be combined with ps to monitor processes in real time. This is especially useful for tracking changes over a specific interval.

$ watch -n 1 'ps aux | grep process_name'




Advanced Features and Use Cases


The ps command offers advanced functionality that is suitable for complex system administration tasks and troubleshooting scenarios.


Displaying the process hierarchy:

The ps command can be used with the H (or forest) option to display the hierarchical relationships between parent and child processes.

$ ps aux --forest
root 2152218 0.0 0.0 13356 7248 ? Ss 2023 0:01 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
root 804559 0.0 0.0 14716 8808 ? Ss Jan16 0:00 \_ sshd: user [priv]
user+ 804581 0.0 0.0 14716 5788 ? S Jan16 0:01 \_ sshd: user@pts/0
user+ 804582 0.0 0.0 8012 3556 pts/0 Ss Jan16 0:00 \_ -bash
root 804602 0.0 0.0 9960 3776 pts/0 S Jan16 0:00 \_ su
root 804611 0.0 0.0 7160 3388 pts/0 S Jan16 0:00 \_ bash
root 804677 0.0 0.0 16292 5248 pts/0 S+ Jan16 0:13 \_ mc
root 804679 0.0 0.0 7264 3932 pts/1 Ss Jan16 0:00 \_ bash -rcfile .bashrc
root 3449830 0.0 0.0 10264 3516 pts/1 R+ 10:23 0:00 \_ ps aux --forest



Grouping processes by session:

To sort processes by session ID, you can use the --sid option.

$ ps aux --sort=sid
root 2 0.0 0.0 0 0 ? S 2023 0:02 [kthreadd]
root 3 0.0 0.0 0 0 ? I< 2023 0:00 [rcu_gp]
root 4 0.0 0.0 0 0 ? I< 2023 0:00 [rcu_par_gp]
root 5 0.0 0.0 0 0 ? I< 2023 0:00 [slub_flushwq]
root 6 0.0 0.0 0 0 ? I< 2023 0:00 [netns]



Continuous monitoring with time stamps:

Using the -O option allows timestamps to be included in ps output, providing a historical perspective of process activity.

$ ps -O time -o command
  804679 00:00:00 S pts/1 00:00:00 bash -rcfile .bashrc bash -rcfile .bashrc
3449472 00:00:00 R pts/1 00:00:00 ps -O time -o command ps -O time -o command


Best practices and security considerations:

Although the ps command is a powerful ally for system administrators, you need to be responsible when using it and understand the potential security implications of the system if an attacker gains access to process information. Follow a few simple rules to improve your information security level.


Conduct regular audits and monitoring of the system:
Implementing regular checks using the ps command ensures early detection of anomalies and potential security threats.


Restrict access to the ps command:
Restricting access to the ps command to unprivileged users prevents unauthorized persons from obtaining sensitive system information.


Set up integration with system logs:
Integrating ps output with system logs improves traceability and provides a comprehensive view of historical process data, aiding in post-incident analysis.



Mastering the ps command is an important skill for any Linux administrator and will pave the way to effective process management. By learning at least the basic syntax, parameters, and practical examples, users will be able to accurately navigate the complex environment of running processes. The ps command, due to its versatility and power, is a vital tool for ensuring optimal functioning and security of Linux-based systems.
And if you decide to become more familiar with all the capabilities of this command and deepen your skills in using it, go to the official tutorial and also look for specific examples of using the ps command on the Internet. And in this article we just wanted to draw your close attention to such a powerful and useful tool.

2024-01-27 08:49