This is Week 5 of Course III in the Google IT Professional Support Certification course from Google and coursera.org. This week is all about process management.
. . .
Life of a Process
This week, we’re going to learn more about processes. Why use a computer without them???
Programs vs Processes Revisited
Programs, you will remember, are applications that we can run on a computer. Processes are “programs that are running.” (I think they are, a little more accurately, components of programs that are running.) One program can have many processes running, just like you can have 8 different Chrome windows open playing different videos, using one program.
A program creates processes, which need resources to run. In this sense, resources are CPU (time being calculated) RAM (space) and HDD (space).
Processes can freeze up and cause our (especially Windows) computers to freeze or crash. Managing processes is a very important component of modern computing, and knowing what is going on is absolutely critical.
Processes are given unique Process IDs, which allow operators to identify them.
The kernel sees that a process needs resources, and decides what to give it.
There are all the “visible” processes we run, like Firefox and VLC, but there are also not-so-visible processes, called Background Processes, or, sometimes, daemon processes. They run behind the scenes and we don’t usually need to know what they’re doing.
Process management is an essential skill to know when troubleshooting computers. I’m always checking in with programs and processes to see what they’re using and why.
Windows: Process Creation and Termination
When Windows boots it starts what is called the Session Manager Subsystem. This is the first “non-kernel user mode,” known as smss.exe. This is a process that starts some other processes, including winlogon.exe, which handles logging on, and the Client/Server Runtime Subsystem, or csrss.exe, which manages the Windows GUI and command line console.
Every process in Windows is created by a “parent” process. Every “child” process inherits some characteristics from its parent, like settings and variables, which are referred to as an “environment.”
Unlike in Linux, Windows processes can operate independently from their parents.
Open up PowerShell and launch the Notepad process.
PS C:\Users\username> notepad.exe
There, you just used the parent process PowerShell to create the child process Notepad. In Windows, you can close the parent program and the child will continue to run.
If you click the “X” on a window you will terminate the process. You can also go to File and select Quit. Or, there is the taskkill utility, which will terminate a process as identified by its Process ID, or PID. Let’s say Notepad.exe has a PID of 5856:
PS C:\Users\username> taskkill /pid 5856 SUCCESS: Sent termination signal to the process with PID 5856 PS C:\Users\username>
Stay tuned to find out where we find those PID’s.
Reading: Windows Process Creation and Termination
Read up on taskkill here.
Linux: Process Creation and Termination
Processes in Linux have a parent-child relationship, as well: every process is created by a parent process.
When you start a Linux system, the kernel starts the process called init, which has the PID of 1. Init starts other processes that get the system running.
When a process completes a task, it may terminate automatically. When a process terminates, it “releases” its resources back to the kernel, so they can be used by another process.
This inspirational video, featuring someone named Jess, is longer than the last video, which was about computers.
This is a one-question quiz. I’ll give you a hint, it is about Windows processes. Parent-child relationship. Study up!
Windows: Reading Process Information
A computer program is code sitting on your hard drive. When you launch the program, the OS takes that code and begins running a process (or many processes) that turn the code into a working application.
Knowing about processes and what they’re doing is an important part of life.
One way to find process information in Windows is in Task Manager, or taskmgr.exe. Use the CTRL+SHIFT+ESC keys to open it, or search for “task manager”.
Click on the Processes tab to view running processes. Each process will show the resources it is using, as well as the user that launched it.
To kill a process, select it and click on the End Task button in the lower right-hand corner.
If you select the Details tab, you will see more specific information about each process, including its PID.
In Command Prompt, use the tasklist utility to see all running processes:
Using PowerShell, there is a cmdlet called Get-Process:
PS C:\Users\username> Get-Process
You can read more about these tools real soon:
Reading: Windows Reading Process Information
Linux: Reading Process Information
To start viewing processes in Linux, start with the ps command and the -x flag:
user@username:~$ ps -x
PID TTY STAT TIME COMMAND
This will output all the processes running on the system, and provide
- TTY (terminal associated with process, see reading)
- STAT is the status of the process, including R (running) T (stopped) S (interruptible sleep)
- TIME is total CPU time the process has taken
You can also run ps with the -ef flags, e for all processes including from other users, and f for full details about a process:
user@username:~$ ps -ef UID PID PPID C STIME TTY TIME CMD
- UID: the user that launched the process
- PPID: the parent ID, which launched the process
- C is the number of children that this process has
- STIME: start time of the process
- TTY: terminal
- TIME: total CPU time
- CMD: name of the command “that we are running”
Now, let’s use grep to search for a specific process. We’re going to pipe the output of ps -ef to grep and search for “Chrome”:
user@username:~$ ps -ef | grep Chrome usernname 10165 10123 0 15:15 pts/1 00:00:00 –color-auto Chrome user@username:~$
This just showed us all the processes with the word “chrome” in them. Remember that everything in Linux “has a file,” meaning there is a way to view all the files associated with processes. These are in the /proc directory. Take a look:
user@username:~$ ls -l /proc
This ouputs a long list of directories—one for each process that is running. Let’s look at a process file for PID 1805:
user@username:~$ cat /proc/1805/status
This gives us more detailed information about the process.
Reading: Linux Reading Process Information
Read about the ps command for Linux.
There are many signals that can be sent to processes in Linux, all beginning with “sig”. We used the sigint signal to interrupt a process, terminating it. You can use the CTRL+C keyboard combination to send a sigint to a program.
Reading: Windows Signals
Here’s some reading material on Windows signals.
Windows: Managing Processes
There is a tool called Process Explorer that lets IT support and sysadmins look at running processes in detail. It is not built into Windows, but can be downloaded from Microsoft.
The top window pane shows a list of active processes, and the bottom pane shows a list of files a selected process is using. This is very useful! It can help you learn what a process does and how it works, or what a certain file is used for.
Use CTRL+F or the binocular button to search for a process. In the video, we are searching for Notepad.exe. The search results show that notepad.exe is nested under cmd.exe. This means that notepad is a child-process of cmd.exe.
If you right-click a process you will see available actions.
- Kill Process: terminates the process
- Kill Process Tree: terminates the process and all descendents
- Restart: stops and starts the process
- Suspend: stops the process but does not terminate it.
Reading: Windows Managing Processes
Read up on Process Explorer!
Linux: Managing Processes
Let’s use some signals to manage processes. Yeah!
Use the kill command to terminate a process. This sends a termination signal (SIGTERM) to the process, and allows the process to properly shutdown, avoiding any possible corruption of files it was using.
Let’s kill the firefox process (PID 10235):
user@username:~$ kill 10235 user@username:~$
Use the SIGKILL signal to kill a process immediately, without giving it time to clean up any files. To send the SIGKILL signal, use the -kill flag to the kill command.
user@username:~$ kill -kill 10235 user@username:~$
Using kill -kill should be considered a last resort for terminating processes.
If you need to suspend a process, use the SIGTSTP, or terminal stop signal, by adding the -tstp flag to the kill command.
user@username:~$ kill -tstp 10932
This will put process 10932 in a suspended state—showing a “T” status if you run a ps -x command.
You can also send the SIGTSTP signal using CTRL+Z.
To resume a process, use the SIGCONT signal, by using the –cont flag:
user@username:~$ kill -cont user@username:~$
Windows: Resource Monitoring
Process management is most useful when your processes become “unruly.” Systems can usually offer you at least some idea of what processes are doing. In Windows, use the Resource Monitoring tool. Launch it from the Start menu by searching for “resource”.
Resource Monitor features five tabs: Overview, CPU, Memory, Disk, and Network. There is also some of the same information available in Process Explorer.
You can also find this information using the Get-Process cmdlet in PowerShell.
PS C:\Users\username> Get-Process Handles NPM(K) PM(K) WS(K) CPU(s) ID SI ProcessName ---------- ----------- -------- -------- ---------- --- -- ------------------
“NPM(K)” shows, in Kilobytes, the non-paged memory in use by that process, CPU, in seconds, etc.
Let’s show only the top three most CPU-intensive processes:
PS C:\Users\username> get-process | sort CPU -descending | Select -first 3 -Property ID,ProcessName,CPU
Here’s what that command did: First, it called the Get-Process cmdlet which gathered all that process information. Then, we piped that output into the Sort command, which ordered the information in descending order according to their value in the CPU column. Then, we piped all that into the Select command, which selected the first 3 rows and displayed only the ID, ProcessName, and CPU amount.
Reading: Windows Resource Monitoring
Some info about system diagnostics in Windows.
Linux: Resource Monitoring
Use the top command to see the most resource-heavy processes that are running.
Top show s the heaviest processes as well as a snapshot of running and idle tasks, CPU usage, memory usage, and more.
The top command will show %CPU and %MEM fields, which show usage of each by every task.
Hit the “q” key to quit.
If a task is taking a lot of CPU or memory for a long time, it can cause system slowness or other problems.
Use the uptime command to see information on your machine, including how long it has been running, how many users are logged on, and the resource load-average.
user@username:~$ uptime 16:43:23 up 5:08, 1user, load average: 0.84, 0.05, 0.01 user@username:~$
Use the lsof command to list open files and the processes that are using them.
This output will help you track down processes that are keeping files from closing.
Reading: Linux Resource Monitoring
Knowing about system load in Linux can be especially helpful if you’re managing multiple machines.
Discussion: Your CPU
This was easily the fastest and least-frustrating of the VM assessment exercises. It only took me three tries to sign in to the Windows machine, and there were only two tasks to accomplish. Not the most intensive skill-building this week but a welcome break from my usual 8 hour Sunday.
Up next, week 18, or the sixth and final week of course III.
Vacationland: True Stories from Painful Beaches | by John Hodgman
WD 4TB Black My Passport Portable External Hard Drive - USB 3.0
The Hapless Rube's Apocalypse Survival Guide | by Jack Barker
HTML and CSS: Design and Build Websites 1st Edition by Jon Duckett
Chain of Title: How Three Ordinary Americans Uncovered Wall Street’s Great Foreclosure Fraud | by David Dayen