Detailed explanation of ps commands in CentOS

There are 5 states of processes on Centos:
1. Run (running or waiting in the running Queue)
2. interruption (in sleep, blocked, waiting for the formation or receipt of a signal of a condition)
3. Do not interrupt (do not wake up when receiving the signal or do not run, the process must wait until there is an interruption)
4. Stiff (the process has been terminated, but the process descriptor exists until the parent process calls wait4 () and is released after the system call)
5. Stop (the process stops running after receiving signals from SIGSTOP, SIGSTP, SIGTIN, and SIGTOU)

Five status codes used by the PS tool to identify a process:
D. uninterruptible sleep (usually IO) cannot be interrupted)
R run runnable (on run queue)
S interrupt sleeping
T stop traced or stopped
Z dead a defunct ("zombie") process

Name: ps
Permission: All Users
Usage: ps [options] [-- help]
Views: displays the dynamics of the instantaneous process.
Parameters:
There are many ps parameters. Only a few common parameters are listed here and their meanings are briefly described.
-A: list all the itineraries.
-W display widening can display more information
-Au displays more detailed information
-Aux: Show All itineraries containing other users

Au (x) output format:

User pid % CPU % MEM VSZ RSS TTY STAT START TIME COMMAND
USER: trip owner
PID: pid
% CPU: CPU usage
% MEM: memory usage
VSZ: Virtual Memory Used
RSS: memory used
TTY: the secondary device number of the terminal (minor device number of tty)
STAT: the status of the trip:
D: Non-disruptive static
R: Execution in progress
S: static
T: Pause execution
Z: it does not exist but cannot be eliminated for the moment.
W: insufficient memory paging allocable
<: High-priority itinerary
N: low-priority itinerary
L: memory is allocated by PAGE and locked in the memory (instant system or memory a I/O)
START: START Time of the trip
TIME: execution TIME
COMMAND: The executed COMMAND.

Example:

Ps
PID TTY TIME CMD
2791 ttyp0 00:00:00 tcsh
3092 ttyp0 00:00:00 ps
% Ps-
PID TTY TIME CMD
1? 00:00:03 init
2? 00:00:00 kflushd
3? 00:00:00 kpiod
4? 00:00:00 kswapd
5? 00:00:00 mdrecoveryd
.......
% Ps-aux
User pid % CPU % MEM VSZ RSS TTY STAT START TIME COMMAND
Root 1 0.0 0.7 1096 472? S Sep10 0: 03 init [3]
Root 2 0.0 0.0 0 0? SW Sep10 0: 00 [kflushd]
Root 3 0.0 0.0 0 0? SW Sep10 0: 00 [kpiod]
Root 4 0.0 0.0 0 0? SW Sep10 0: 00 [kswapd]

The specific commands are described as follows:
1) ps a shows all programs under the current terminal, including those of other users.

2) ps-A shows all programs.

3) when listing programs in ps c, the real command name of each program is displayed without the path, parameter or resident service identifier.

4) the effect of this parameter is the same as that of the specified "A" parameter. Example: ps-e | grep sshd

5) when listing programs, ps e displays the environment variables used by each program.

6) ps f uses ASCII characters to display the tree structure and express the relationship between programs.

7) the ps-H tree structure is displayed, indicating the relationship between programs.

8) ps-N shows all programs, except the programs under the ps command terminal.

9) ps displays the program status in the program signal format.

10) when listing programs in ps, it includes interrupted subroutines.

11) ps-t <terminal number>

Specify the terminal number and list the status of the program that belongs to the terminal.

12) ps u

Display the program status in user-based format.

13) ps x

Show all programs, not distinguished by terminals.

The most common method is ps-aux. Then, a pipeline symbol is used to direct to grep to find a specific process and then operate on the specific process.

Appendix: differences between top and ps in linux

I. ps command
The following is the simplest form of ps:
$ Ps
PID TTY TIME CMD
3884 pts/1 00:00:00 bash
3955 pts/2 00:00:00 more
3956 pts/5 00:00:05 sqlplus
• PID is the ID of a process.
• TTY is the terminal console to which the process belongs.
• The TIME column is the total cpu time used by the process.
• The CMD column lists the command lines being executed.
Use the ps with the-ef option to return the complete list of all processes of all users in the system. Generally, the result of this ps command is transmitted to grep, which is easier to view. For example:

$ Ps-ef | grep oracle

UID PID PPID C STIME TTY TIME CMD
Oracle 1633 1 0? 00:00:00 ora_pmon_ora1.
Oracle 1635 1 0? 00:00:00 ora_dbw0_ora1.
Oracle 1637 1 0? 00:00:01 ora_lgwr_ora1.
Oracle 1639 1 0? 00:00:02 ora_ckpt_ora1.
Oracle 1641 1 0? 00:00:02 ora_smon_ora1.
Oracle 1643 1 0? 00:00:00 ora_reco_ora1.
Oracle 1645 1 0? 00:00:00 ora_cjq0_ora1.
Oracle 1647 1 0? 00:01:18 ora_qmn0_ora1.
Oracle 1649 1 0? 00:00:00 ora_s000_ora1.
Oracle 1651 1 0? 00:00:00 ora_d000_ora1.

-E: displays the environment after the command is executed.
-F: complete display output
• The column labeled as C is a factor used by the CPU to calculate the execution priority.
• STIME refers to the process startup time.
• Question marks indicate that these processes do not belong to any TTY because they are started by the system.

Description of main parameters:

1) Process User ID (UID ),
Although uid is usually an exponential identifier, the user name specified in the first column is marked as UID.
2) process ID (PID)
3) parent process ID (PPID)
PPID is the ID of the parent process. For an Oracle process, the id here is 1-it is the id of the init process (the parent process of all processes, because Oracle installed in the system is started as part of the login process
4) CPU scheduling (C)
That is, the factor used by the CPU to calculate the execution priority.
5) process start time (STIME)
6) total CPU usage TIME of processes (TIME)
7) command for starting the process (CMD)
8) question marks indicate that these processes do not belong to any TTY because they are started by the system.

The following methods are used to analyze system performance:
1) First, search for many similar tasks executed by the same user based on the user ID. These tasks may be caused by the startup of multiple processes in the background by a script program running by the user.
2) Next, check the CPU usage TIME of each process in the TIME domain. If a process occupies a large amount of cpu time, the process may be in an infinite loop, or a write logic in the capital city has an error.
3) after finding the deadlocked process IDs, you can use the kill command to forcibly terminate the process.

Ii. top Command
Ps only provides snapshots of the current process. To view the most active processes in real time, use top.
Top provides process information in real time. It also has an Interactive status, allowing users to enter commands, such as numbers 5 or 10 after n. The result indicates that top displays 5 or 10 of the most active processes. Top continues until you press "q" to exit top.
Some implicit parameters in Top:
Top press the 1 key and F key parameters:
Press the 1 key to wait until multiple CPUs exist.
After you press F (f: Current Status, you can customize the output by pressing the top Key), you can obtain the following parameters:
Differences between the F key and the f key:
If you enter the F key area, you can sort the process display. If you enter the f key area, you can select multiple projects to display:
* A: PID = Process Id // Process ID
B: PPID = Parent Process Pid // Parent Process ID
C: RUSER = Real user name // Real user name
D: UID = User Id // User Id
E: USER = User Name // USER Name
F: GROUP = Group Name // GROUP Name
G: TTY = Controlling Tty // Control
H: PR = Priority // Priority
I: NI = Nice value // The value of priority (negative number indicates a higher priority, and positive number indicates a lower priority. 0 indicates that the value of priority is not adjusted)
J: # C = Last used cpu (SMP) // subsequent cpu usage
K: % CPU = CPU usage // cpu usage rate
L: TIME = CPU Time // cpu usage TIME
M: TIME + = CPU Time, hundredths // cpu % ratio
N: % MEM = Memory usage (RES) // Memory usage
O: VIRT = Virtual Image (kb) // Virtual Image (VIRT = SWAP + RES: the Virtual memory value used by all processes, including all codes and data, shared Library has been swapped out)
P: SWAP = Swapped size (kb) // SWAP space size (all images in the virtual memory)
Q: RES = Resident size (kb) // Resident memory used (Resident size): RES = CODE + DATA
R: CODE = Code size (kb) // physical memory allocated to the executed CODE
S: DATA = Data + Stack size (kb) // data + stack: space in the physical memory that does not store code, used to store DATA
T: SHR = Shared Mem size (kb) // Shared memory size. The memory size of a task that may be available to others is displayed.
U: nFLT = Page Fault count // Number of memory leaf errors
V: mcm t = Dirty Pages count // Number of Dirty Pages
W: S = Process Status // Process Status: (R) It is running or executable, (S) it is sleep, (T) It is detecting or stopped, (Z) botnets
X: COMMAND = Command name/line // process startup COMMAND line parameters
Y: WCHAN = Sleeping in Function // Sleeping
Z: Flags = Task Flags <sched. h> // Task flag
Note1:
If a selected sort field can't be shown due to screen width or your field order, the '<' and '> 'keys
Will be unavailable until a field within viewable range is chosen.

Note2:
Field sorting uses internal values, not those in column display. Thus, the TTY & WCHAN fields will violate strict ASCII collating sequence. (shame on you if WCHAN is chosen)

Current Fields: AEHIOQTWKNMbcdfgjplrsuvyzX for window 1: Def
Toggle fields via field letter, type any other key to return
* A: PID = Process Id
* E: USER = User Name
* H: PR = Priority
* I: NI = Nice value
* O: VIRT = Virtual Image (kb)
* Q: RES = Resident size (kb)
* T: SHR = Shared Mem size (kb)
* W: S = Process Status
* K: % CPU = CPU usage
* N: % MEM = Memory usage (RES)
* M: TIME + = CPU Time, hundredths
B: PPID = Parent Process Pid
C: RUSER = Real user name
D: UID = User Id
F: GROUP = Group Name
G: TTY = Controlling Tty
J: # C = Last used cpu (SMP)
P: SWAP = Swapped size (kb)
L: TIME = CPU Time
R: CODE = Code size (kb)
S: DATA = Data + Stack size (kb)
U: nFLT = Page Fault count
V: mcm t = Dirty Pages count
Y: WCHAN = Sleeping in Function
Z: Flags = Task Flags <sched. h>
* X: COMMAND = Command name/line

Flags field:
0*00000001 PF_ALIGNWARN
0x00000002 PF_STARTING
0x00000004 PF_EXITING
0x00000040 PF_FORKNOEXEC
0x00000100 PF_SUPERPRIV
0x00000200 PF_DUMPCORE
0x00000400 PF_SIGNALED
0x00000800 PF_MEMALLOC
0x00002000 PF_FREE_PAGES (2.5)
0x00008000 debug flag (2.5)
0x00024000 special threads (2.5)
0x001D0000 special states (2.5)
0x00100000 PF_USEDFPU (thru 2.4)