Home > Article > Web Front-end > Detailed explanation of ps command
Name: ps
Usage permission: all users
Usage method: ps [options] [--help]
Description: Display the dynamics of the instantaneous journey (process)
Parameters: ps There are many parameters, here we only list a few commonly used parameters and briefly introduce the meaning
-A List all processes
-w Display widening can display more information
-au Display more detailed Information
-aux Shows all trips that include other users
#Commonly used parameters:
-A Show all Processes (equivalent to -e) (utility)
-a Display all processes for a terminal except session leaders
-N Ignore selection.
-d Displays all processes, but omits all session leads (utilities)
-x Displays processes that do not control the terminal, and displays the specific paths of each command. dx cannot be used together. (Utility)
-p pid The time the process uses the CPU
-u uid or username Select a valid user ID or user name
-g gid or groupname Display all processes in the group.
U username displays all processes under this user and displays the detailed path of each command. For example: ps U zhang;(utility)
-f lists all, usually used in conjunction with other options. For example: ps -fa or ps -fx and so on.
-l Long format (with F, wchan, C and other fields)
-j Job format
-o User-defined format.
v Display in virtual memory format
s Display in signal format
-m Display all threads
-H Display process level (combined with other commands, such as: ps -Ha) (utility )
e Display the environment after the command (such as: ps -d e; ps -a e) (utility)
h Do not display the first line
######################### ####Common usage of ps command (convenient to view system processes) ######1) ps a displays all programs under the current terminal, including programs of other users. ###2) ps -A displays all processes. ###3) When ps c lists programs, the real instruction name of each program is displayed, without including the path, parameters or identification of resident services. ###4) ps -e The effect of this parameter is the same as specifying the "A" parameter. ###5) When ps e lists programs, display the environment variables used by each program. ###6) ps f uses ASCII characters to display the tree structure and express the relationship between programs. ###7) ps -H displays a tree structure, indicating the relationship between programs. ###8) ps -N displays all programs, except the programs under the terminal that execute the ps command. ###9) ps s uses the program signal format to display the program status. ###10) ps S includes interrupted subroutine information when listing programs. ###11) ps -t
root 3636 0.0 0.1 2304 420 ? Ss 20:41 0:00 /usr/sbin/atd
dbus 3655 0.0 0.5 13840 1084 ? Ssl 20:41 0:00 dbus-daemon-1 --system
Head header:
USER Username
UID User ID (User ID)
PID Process ID (Process ID)
PPID Process ID of the parent process (Parent Process id)
SID Session ID (Session id)
%CPU Process CPU usage
%MEM Memory usage of the process Rate
VSZ The size of the virtual memory used by the process (Virtual Size)
RSS The size of the resident set used by the process or the size of the actual memory, Kbytes bytes.
TTY Terminal (tty) associated with the process
STAT Status of the process: process status is represented by characters (status code of STAT)
R Runnable (on run queue) Running or in the run queue wait.
S Sleeping Sleeping, blocked, waiting for a certain condition to form or receive a signal.
I Idle Idle
Z Zombie (a defunct process) The process has been terminated, but the process descriptor exists until the parent process calls the wait4() system call and is released.
D Uninterruptible sleep (ususally IO) does not wake up and cannot run when receiving a signal. The process must wait until an interrupt occurs.
T Terminate Terminate The process stops running after receiving the SIGSTOP, SIGSTP, SIGTIN, and SIGTOU signals.
P Waiting for swap pages
W No resident pages Has no resident pages There is not enough memory paging to allocate.
In the memory
s The leader of the process (there are child processes under it);
l Multi-process (using CLONE_THREAD, similar to NPTL pthreads)
+ The process group located in the background
START Process Startup time and date
TIME Total CPU time used by the process
COMMAND Command line command being executed
NI Priority (Nice)
PRI Process priority number (Priority)
WCHAN Process is being processed The kernel function name for sleep; the function's name is obtained from the /root/system.map file.
FLAGS Numeric identification associated with the process
##Example:
View the uid, pid, stat, pri of the current system process, Sort by uid number.
ps -eo pid,stat,pri,uid –sort uid
View the user,pid,stat,rss,args of the current system process, sort by rss.
ps -eo user,pid,stat,rss,args –sort rss
##########################ps provides us with a one-time view of the process. The viewing results provided are not dynamic and continuous; if you want to monitor the process time, you should use the top tool. #########1. Parameter description of ps: ######ps provides a lot of option parameters, the following are commonly used: ######l Long format output; ## #u displays processes in the order of user name and startup time; ###j displays processes in task format; ###f displays processes in tree format; ######a displays all processes for all users ( Including other users); ###x displays processes without controlling terminals; ###r displays running processes; ###ww avoids detailed parameters being truncated; ###### Our commonly used option is the combination is aux or lax, and the application of parameter f. #########2. Explanation of ps aux or lax output: ######USER process owner; ###PID process ID; ###PPID parent process; ###% CPU Percentage of CPU occupied by the process;###%MEM Percentage of memory occupied;###NI is the NICE value of the process. A larger value means less CPU time is occupied;
VSZ is the virtual size of the process;
RSS is the number of resident pages;
TTY is the terminal ID
STAT is the process status (there are the following Several)
D Uninterruptible dormant state (usually IO process);
R Running and queued;
S In dormant state;
T Stopped or stopped Track;
W Enter memory swap (invalid since kernel 2.6);
X Dead process (never seen);
Z Zombie process;
< High priority Process
N Process with lower priority
L Some pages are locked into memory;
s Leader of process (there are child processes under it);
l Multi-process (using CLONE_THREAD, similar to NPTL pthreads);
+ process group located in the background;
WCHAN waiting process resources;
START time to start the process;
TIME process consumes CPU time;
COMMAND The name and parameters of the command;
3. Application example:
[root@localhost ~]# ps -aux |more
can be connected with | pipe and more for paging Check.
[root@localhost ~]# ps -aux > ps001.txt
Output the results to the ps001.txt text and save it.
[root@localhost ~]# more ps001.txt
Here is to display all processes and output them to the ps001.txt file, and then use more to view them in pages.
4. Kill terminates (kills) the process. There are more than a dozen ways to control the process. Here are some commonly used methods:
[root@localhost ~]#kill -STOP [pid ]
Send SIGSTOP (17,19,23) to stop a process without killing it.
[root@localhost ~]#kill -CONT [pid]
Send SIGCONT (19,18,25) to restart a stopped process.
[root@localhost ~]#kill -KILL [pid]
Send SIGKILL (9) to force the process to stop immediately and do not implement cleanup operations.
[root@localhost ~]#kill -9 -1
Kill all processes you own.
SIGKILL and SIGSTOP signals cannot be caught, blocked, or ignored, but other signals can. So this is your ultimate weapon.
##########Use the ps command to report the executing program to the administrator: ######Sometimes the system administrator may only care about the current system What programs are running in the computer, but don't want to know what processes are running. Because an application may need to start multiple processes. Under the same circumstances, the number of processes is much greater than that of programs. To do this from a reading perspective, the administrator needs to know the specific programs running on the system. To achieve this requirement, you need to use the command ps to help. ######1. The meaning of the results displayed by the ps command. ######When you need to view the programs executed in the system, although the ps command is not the only command, it is definitely the most frequently used command. As shown in the figure below, it is the result displayed after executing the ps command. ######Enter the command ps on the command line to display all applications currently running on the system. As shown in the figure above, if you enter the ps command, the displayed results mainly include four parts. The first is the PID, which is the ID number of the program. The operating system uses this ID number to uniquely identify the application, rather than using commands to identify it. When you need to forcefully close an application, you need to use this PID number. Followed by TTY, this field indicates the terminal code used by the user. Pts indicates that the user logs in remotely. The third parameter TIME represents the CPU time consumed by this program. Note that this time is not the time when the program starts running. The last parameter CMD represents the name of the program. ######2. Let the system report detailed information. ######When using the ps command, if no options are used, the information displayed is very limited, and often only the programs run by the current user are displayed. When the system administrator needs to know more detailed running information of an application, such as the memory and CPU usage of the application, then some options need to be added. If the system administrator needs to view the applications executed by other users, he or she needs to use the optional -al option after this command. If this is done, the system will list all programs run by all users on the system. If you want to know the CPU and memory usage of a certain program, rather than simply displaying its CPU usage time, you need to add the parameter -l after this command. That is, using the ps -l command, the system can display the application Detailed running information of the program. If you are interested in the meaning of each field above, you can check the relevant help. Generally speaking, the system administrator only cares about the PID number of the program, the memory and CPU usage, the name of the command, the terminal used by the user, etc. Other information is of less value to system administrators. ######3. Check the programs running in the background. ######By default, the ps command only displays programs running in the foreground and not programs running in the background. But not all programs run in the foreground. Under normal circumstances, the number of programs running hidden in the background is much greater than the programs running in the foreground. For example, many of the system's own programs that are started when the operating system is started run in the background. And sometimes, system problems are often caused by background programs. Common programs such as Trojan horses are run in the background. For this reason, system administrators are relatively more interested in knowing what programs are running in the background.
If you want to check the programs running in the background, it is a little more complicated. Because in different versions of Linux operating systems, the options used to display background processes are different. For example, in the Red Hat Linux operating system, it is actually in the form of parameters rather than options. That is, you can use the ps aux command to display all applications (including foreground and background). The main difference between parameters and options is that there is no - symbol in front. If it has this symbol, it means it is optional. And if it is not included, it means that this is a parameter. This symbol can generally be omitted. If the command is not written where it should be written, or if it is added where it is not needed, the system will prompt an error message saying that the command cannot be found. In other Linux system versions, this aux parameter may not be recognized. For example, in some Linux operating system versions, the -a option needs to be used to complete this task. Due to the differences between system versions, it brings a lot of trouble to system administrators. Fortunately, there is online help for each operating system version. If the system administrator is using a new version of the operating system and does not know which option to use to display all processes, he can use ps --heip and other commands to view the system help. However, the only fly in the ointment is that the system's online help is all in English, which is a big test for the system administrator's English proficiency. However, if you want to be a Linux system administrator, you still need to have some English skills. Because the latest Linux technology basically has English documentation first. In fact, you need to master the most advanced operating system books. Most computer books are in English.
4. Sort the program list.
When there are many applications running, the system administrator needs to sort the applications. The sorting function of the Ps command is relatively powerful. Mainly because this command has a --sort parameter (note that there are two small horizontal bar symbols in front of this parameter, readers should not think that the author made a mistake). After this parameter, add the sorting field that the system administrator wants, and you can sort. For example, this command ps –A --sort cmd means to display all the applications in the system and sort them according to the program commands. Another troublesome thing about Linux operating system parameters is that different case letters of parameters often mean different meanings. For example, in the above command, if the uppercase letter A is replaced by the lowercase character a, the result will be completely different. The uppercase character A means all applications, while the lowercase character a means "all w/ tty except session leaders". There is an essential difference between the two. This difference can be used to filter applications run by different terminal login accounts.
In the ps command, many parameters have this situation. Run ps --help to view all the parameters of this command, and you can see that there are many similar situations where different capitalization means different meanings. Such as the uppercase character O and the lowercase character o, the uppercase character U and the lowercase character u, etc. These differences make it more difficult for system administrators to maintain the operating system. It is often impossible for system administrators to grasp so many parameters and the differences between upper and lower case of parameters. In addition to using more commonly used parameters to increase the impression of value, system administrators must also use online help for this system command. This system help can provide online guidance to administrators on how to use system commands.
5. Report the running status of specific programs.
When there are many programs running in the system, sorting the program names can help administrators find the programs they care about. But this is still not the easiest way. For example, system administrators now find in other operating systems that there is a Trojan horse program called threadx running in the background of the system. For this reason, the administrator needs to check whether the Trojan horse program is also running on other computers. How to deal with this? Use the sorting function to sort the names of the programs (note that you are not sorting the PIDs of the programs, because even if the programs are the same, the startup time is different or the number of programs that have been started in the operating system is different, the PID number That is different. In other words, this PID number is automatically generated). This can help administrators speed up program discovery to a certain extent. However, the author believes that if system administrators can use query commands such as pipe characters and grep, they may find the application information they need faster.
If the system administrator now uses this command ps aux | grep "threadx", what will happen? First, the system will list all the applications running in the current system (including those running in the foreground and background). Then pass the output results to the command grep through the pipe symbol |. Then the command grep will search for information about the threadx program running in the results output by the ps command. If there is, the information of this program will be displayed in the window, and the running information of other applications will be filtered out. It can be seen that using the pipe character combined with other query commands can help system administrators find the application information they want to know in the shortest possible time.
Combined with some special symbols, you can also achieve some more responsible functions. If used in conjunction with the cat command, the number of programs that meet the conditions can be counted. If you add the > symbol after the command, the output results can be located in a file. If used in combination with wildcards, a class of programs that meet specific conditions can be queried. For example, you can also query the running information of a certain program's parent program or its subprograms, etc.
End
For more detailed explanations of ps commands and related articles, please pay attention to the PHP Chinese website!