Ps command details

Address: http://apps.hi.baidu.com/share/detail/32573968

Sometimes the system administrator may only care about what is running in the current system.ProgramBut does not want to know which processes are running. Because an application may need to start multiple processes. Therefore, under the same circumstances, there are more processes than programs. For this reason, the administrator needs to know the specific program running in the system. To achieve this, you need to use the command PS to help.
To monitor and control processes, you must first understand the current process, that is, you need to view the current process, and the ps command is the most basic and very powerful process viewing command. You can use this command to determine which processes are running and running, whether the process is terminated, whether the process is dead, and which processes are occupying excessive resources. In short, most of the information can be obtained by executing this command.

 

Name: PS
Permission: All Users
Usage: PS [Options] [-- help]
Views: displays the dynamics of the instantaneous process.
Parameters: There are many PS parameters. Here, only a few common parameters are listed and their meanings are briefly described.
-A: List all processes.
-W display widening can display more information
-Au displays more detailed information
-Aux: Show All itineraries containing other users

######################################## ####################

Common parameters:

-A displays all processes (equivalent to-E) (utility)
-A displays all processes of a terminal, except session leads.
-N ignore selection.
-D: display all processes, but omit all session leads (utility)
-X: displays the processes that do not control the terminal and the specific path of each command. DX cannot be used together. (Utility)
-P time when the PID process uses the CPU
-U uid or username: select a valid user ID or user name
-G gid or groupname: displays all processes in the group.
U username displays all processes under the user and detailed paths of each command. For example, ps u Zhang; (utility)
-F is all listed. It is usually used with other options. For example, PS-FA or PS-Fx and so on.
-L long format (including F, wchan, C, and other fields)
-J job format
-O User-Defined Format.
V is displayed in Virtual Memory Format
S is displayed in Signal Format
-M: Display All threads
-H: displays the process level (used with other commands, such as PS-ha) (utility)
Environment (for example, PS-d e; PS-a e) (utility)
H does not show the first line

######################################## ####################

Common usage of PS commands (to facilitate viewing system processes)

1) pS a displays all programs under the current terminal, including those of other users.
2) PS-A displays all processes.
3) when listing programs in ps c, the real command name of each program is displayed, excluding the path, parameter or resident service identifier.
4) the effect of this parameter is the same as that of the specified "A" parameter.
5) When PS e is used to list programs, the environment variables used by each program are displayed.
6) pS F displays the tree structure with ASCII characters to express the relationships between programs.
7) the PS-H tree structure is displayed, indicating the relationship between programs.
8) PS-N displays all programs except programs under the ps command terminal.
9) pS displays the program status in the program signal format.
10) when a program is listed in PS, it contains interrupted subroutine information.
11) PS-T specify the terminal number, and list the status of the program that belongs to the terminal.
12) the ps u displays the program status in user-based format.
13) pS x displays all programs, which are not distinguished by terminals.
the most common method is PS-Aux. Then, a pipeline symbol is used to direct to grep to find a specific process, and then perform operations on the specific process.

######################################## ####################

Run PS aux to the following information:

Root: # ps aux
User PID % CPU % mem vsz RSS tty stat Start Time Command
Smmsp 3521 0.0 0.7 6556 1616? SS 01:00:00 Sendmail: queue runner @ F
Root 3532 0.0 0.2 2428 452? Ss gpm-M/dev/input/mice-T imps2
Htt 3563 0.0 0.0 2956 196? SS/usr/sbin/htt-retryonerror 0
Htt 3564 0.0 1.7 29460 3704? SL htt_server-nodaemon
Root 3574 0.0 0.4 5236 992? SS crond
XFS 3617 0.0 1.3 13572 2804? Ss xfs-droppriv-daemon
Root 3627 0.0 0.2 3448 552? SNS anacron-S
Root 3636 0.0 0.1 2304 420? SS/usr/sbin/ATD
Listen 3655 0.0 0.5 13840 1084? SSL dbus-daemon-1 -- System

Head header:

User Username
UID user ID)
PID process ID (process ID)
Ppid parent process ID (parent process ID)
Sid session ID (session ID)
% CPU usage of CPU Processes
% Mem process memory usage
Virtual size used by the vsz Process)
The size of the resident set or actual memory used by the RSS process, in bytes of Kbytes.
Tty terminal associated with the process (TTY)
Stat Process status: the status of the process is represented by characters (STAT Status Code)
R running runnable (on run Queue) is running or waiting in the running queue.
S sleep sleeping is blocked during sleeping, waiting for the formation or receipt of a signal of a certain condition.
I idle
Z: the zombie (a defunct process) process has been terminated, but the process descriptor exists until the parent process calls wait4 () and is released after the system call.
D. uninterruptible sleep (usususally Io) does not wake up or run when the signal is received. The process must wait until an interruption occurs.
T terminate the terminate process and stop running after receiving signals from sigstop, sigstp, sigtin, and sigtou.
P waiting for switch page
W no resident page has no resident pages does not have enough memory pages to allocate.
X Dead Process
<Process with high priority and high priority
N low-priority processes
L Memory Lock page lock memory paging distribution and reduction in memory
S process leader (with sub-processes under it );
L multi-process (using clone_thread, similar to nptl pthreads)
+ Process group in the background
START process start time and date
Total CPU time used by the time process
Command is executing the command line command
Ni priority (NICE)
PRI process priority number (priority)
The name of the kernel function in which the wchan process is sleeping. The name of the function is obtained from the/root/system. Map File.
Flags: process-related numerical identification

######################################## ####################

Example:
View the UID, PID, stat, PRI of the current system process, and sort them by uid.
PS-eo pid, stat, PRI, UID-Sort uid

View the user, PID, stat, RSS, and ARGs of the current system process, and sort them by RSS.
PS-EO user, PID, stat, RSS, argS-Sort RSS

######################################## ####################

Ps provides a one-time View of the process. The results are not dynamically consecutive. To monitor the process time, use the top tool.

1. PS parameter description:

Ps provides many option parameters, which are commonly used as follows:

L long format output;
U displays processes in the username and start time order;
J. display processes in the task format;
F process is displayed in a tree format;

A. display all processes of all users (including other users );
X displays the process of the uncontrolled terminal;
R: displays running processes;
WW to avoid detailed parameter truncation;

Our common options are combination of aux or lax, and the application of parameter F.

2. Explanation of PS aux or lax output:

Owner of the user process;
PID process ID;
Ppid parent process;
% Percentage of CPU used by CPU processes;
% Mem memory usage percentage;
Nice value of the Ni process. The value is large, indicating that the CPU time is less occupied;
Virtual size of vsz process;
Number of pages in RSS resident;
Tty terminal ID
Stat Process status (the following types are available)
D. The sleep state that cannot be interrupted (usually the IO process );
R is running and can be crossed in the queue;
S is in sleep state;
T stop or be tracked;
W enters the memory switch (it is invalid from kernel 2.6 );
X dead processes (never seen );
Z botnets;

<Process with high priority
N processes with lower priority
L some pages are locked into the memory;
S process leader (with sub-processes under it );
L multi-process (using clone_thread, similar to nptl pthreads );
+ Process group in the background;
Wchan is waiting for Process resources;
The start time of the process;
Time the CPU time consumed by the process;
Command name and parameters;

3. Application Example:

[Root @ localhost ~] #PS-Aux | more
You can use the | pipe to connect to more to view it by page.
[Root @ localhost ~] #PS-Aux> ps001.txt
Output the result to ps001.txt and save it.
[Root @ localhost ~] #More ps001.txt
This shows all the processes and outputs them to the ps001.txt file. Then, you can view them by page through more.

4. Kill and terminate (kill) the process. There are more than a dozen methods to control the process. Below are some common methods:
[Root @ localhost ~] #Kill-stop [pid]
Send sigstop (17,19, 23) to stop a process without killing it.
[Root @ localhost ~] #Kill-cont [pid]
Send sigcont (, 25) to start a stopped process again.
[Root @ localhost ~] #Kill-kill [pid]
Send sigkill (9) to force the process to stop immediately without cleaning.
[Root @ localhost ~] #Kill-9-1
Terminate all processes you have.
The sigkill and sigstop signals cannot be captured, blocked, or ignored. However, other signals are acceptable. So this is your weapon.

######################################## ####################

Use the ps command to report the program being executed to the Administrator:

Sometimes the system administrator may only care about which programs are running in the current system, but does not want to know which processes are running. Because an application may need to start multiple processes. Under the same circumstances, there are more processes than programs. For this reason, the administrator needs to know the specific program running in the system. To achieve this, you need to use the command PS to help.

1. The ps command shows the meaning of the result.

When you need to check the Program executed in the system, although the ps command is not the only command, it is definitely the most frequently used command. As shown in, the result is displayed after the ps command is executed.

Enter the command PS in the command line to display all the applications currently running in the system. As shown in, if you enter the ps command, the display result mainly contains four parts. The first is PID, which is the program id. The system uses this ID to uniquely identify the application, rather than using commands to identify the application. This PID Number is required when the application needs to be forcibly disabled. The second is TTY. This field indicates the terminal used by the user.Code. PTS indicates that users use remote logon. The third parameter time indicates the CPU time consumed by the program. Note that this time is not the start time of the program. The last cmd parameter indicates the program name.

2. Let the system report detailed information.

When using the ps command, if you do not use any options, the information displayed is very limited, and usually only the programs run by the current user are displayed. When the system administrator needs to know more detailed running information about the application, if you want to know the memory usage and CPU usage of the application, you need to add some options. If the system administrator needs to view the applications executed by other users, the option-Al must be used after the command. In this case, the system lists all programs run by all users in the system. If you want to know the CPU and memory usage of a program, rather than simply using the actual CPU usage time, you need to add the parameter-L after this command, the PS-l command allows the system to display detailed running information of the application. If you are interested in the meanings of the above fields, you can view the help information. Generally, the system administrator only cares about the PID Number of the program, memory and CPU usage, command name, and terminal used by the user. Other information is of little value to system administrators.

3. view the programs running in the background.

By default, the ps command only displays the programs running on the foreground, rather than those running on the background. However, not all programs run on the frontend. Under normal circumstances, the number of programs hidden in the background is more than that of the previous program. For example, many built-in programs started with the operating system are run in the background. In addition, sometimes system problems are caused by background programs. For example, common trojans and other programs run in the background. Therefore, the system administrator wants to know which programs are running in the background.

If you want to view the programs running in the background, it is more complicated. In Linux operating systems of different versions, the options used by background processes are different. For example, in the Red Hat Linux operating system, the parameter format is used instead of the option. That is, you can use the PS aux command to display all applications (including foreground and background ). The difference between a parameter and an option is mainly due to the absence of this-symbol. If this symbol is entered, it indicates that this is an option. If it is not included, it indicates a parameter. This symbol cannot be saved in general. The system will prompt an error message indicating that the command cannot be found if the command is not written or not needed. In other Linux versions, the aux parameter may not be recognized. For example, in some Linux operating system versions, you need to use the-A option to complete this task. Due to the differences between the system versions, the system administrator has a lot of trouble. Fortunately, all operating system versions are online. If the system administrator does not know which option to use to display all processes when using a new version of the operating system, you can use commands such as PS-heip to view the system help. However, in the ointment, the online help of the system is in English, which is a great test for the system administrator's level of English. However, if you want to be a Linux system administrator, you still need the English language. Because the latest Linux technology is basically written in English first. In fact, to master the most advanced operating system books, most computer books are in English.

4. Sort the program list.

When many applications are running, the system administrator needs to sort the applications. Ps command sorting function is relatively strong. The main reason is that this command has a -- Sort parameter (note that two small crossbar symbols are used before this parameter. Do not think this is the author's mistake ). After this parameter, add the sort field that the system administrator wants to sort. For example, the command PS-A -- Sort cmd indicates that all applications of the system are displayed and sorted according to program commands. In Linux operating system parameters, another troublesome thing is that the case sensitivity of parameters often indicates different meanings. In the preceding command, replace uppercase letters A with lowercase letters a, and the result is completely different. Uppercase character a indicates all applications, while lowercase character a indicates "all w/tty handle T session leaders ". There are essential differences between the two. The difference can be used to filter the applications running in different terminal login accounts.

In the ps command, many parameters have this situation. Run PS -- help to view all the parameters of this command, and you can see that similar case differences indicate different meanings. For example, uppercase and lowercase letters o, uppercase letters U, and lowercase letters U. These differences make it difficult for the system administrator to maintain the operating system. It is often impossible for the system administrator to grasp the differences between so many parameters and the Case sensitivity of parameters. In addition to the impression that system administrators usually need to use common parameters to add value, the online help of this system command is indeed indispensable. This system helps administrators to provide online guidance by using system commands.

5. Report the running status of a specific program.

When many programs run in the system, you can sort program names to help administrators find programs of interest to them. But this is still not the easiest way. For example, the system administrator has found a threadx Trojan program running in the system background in other operating systems. The administrator needs to check whether the trojan program is running on other computers. What should I do now? Sort program names using the sort function (note that the program PID is not sorted because, even if the program is the same, the startup time is different or the number of started programs in the operating system is different, this PID Number is also different. That is to say, this PID Number is automatically generated ). To some extent, this can help the Administrator Speed Up Program search. However, the author believes that if the system administrator can use query commands such as pipeline operator and grep, he may find the desired application information faster.

For example, if the system administrator uses this command PS aux | grep "threadx", what will happen? First, the system lists all the applications running in the current system (including those running on the foreground and the background ). Then pass the output result to the command grep through the pipeline symbol |. Then, the command grep will find the information about the threadx program running in the ps command output. If any, the message of this program is displayed in the window, and the running information of other applications is filtered out. It can be seen that the combination of pipeline operators and other query commands can help the system administrator find information about the application he wants to know in the shortest time.

It can be combined with some special symbols to implement more responsible functions. For example, you can use the cat command together to calculate the number of qualified programs. If you add the> symbol after the command, you can locate the output result in a file. If used in combination with wildcards, You can query a type of programs that meet specific conditions. For example, you can also query the running information of a program parent program or its subroutine.

End