How-To Guides and Blog

How to Evaluate and Control Processes Running on a Linux System

NBH Support
No Comments

In every operating system, there is always a process running either on the foreground or in the background. Processes are running instance of an executable program which consists of an address space of allocated memory, security properties which includes ownership and privileges, one or more threads of program code and the program state.

Every command issued or executed in the Linux system creates a process. For example, the useradd command when executed creates a new process and assign a unique process ID to it; this is the only way the system keeps track of the programs in the system as no process will have the same process ID.

In this article, we will be talking about the basic understanding of processes and then walk through some commands needed to evaluate and manage your processes in the Linux system.


Processes are run in two ways; the foreground process and the background process

The foreground processes are processes that run in the foreground as a result of users input. This processes are not started by the system but instead wait for users input before they are started. For example, when the pwd command is issued on the terminal, it automatically starts a process on the foreground, and the process stops when the system prompt is made available on the terminal

Please note that when a command is issued on the terminal to start a process on the foreground, the user will have to wait for the prompt to be made available before any other process can be issued

Background processes are system processes which are started by default. It runs in the background and doesn’t require user input. They can run concurrently with other processes since they do not have to wait for a process to finish before they start


Every process in the Linux system is a descendant of the parent process, which is the systemd. The systemd is similar to the init process with the process ID of 1. It is the first program that is executed when the system is booted. It has no parent process, and it manages all other processes running in the system

The parent process duplicates its address space to create a child process and assigned every process a unique process ID for tracking and security. This is the only way the system identifies the processes running on the system, but the child process will have the same environment as the parent process.

When a process runs, the system keeps track of the process ID as well as the parent process ID (PPID). Therefore, processes are divided into two;

The parent process and the child process. The parent process is responsible for creating other processes while the child process is originated from the parent process


In every operating system, the resources of the CPU can be used concurrently at the same point in time. As processes run, it makes use of the CPU resources and time, and during that point, a process state is assigned to it, which changes as circumstances change.

In Linux, processes can be in one of the following states

Running: In this state, the process is either running or waiting to be run; that is waiting to be assigned to one of the CPU.

Waiting: The process is waiting for some conditions to be met before it starts running. It could be waiting for a hardware request, system resources, or signal. When the process receives any of these conditions, the process returns to running. At this point, the system categorized a waiting process to be either an INTERUPTABLE OR UNINTERRUPTIBLE PROCESS. The interruptible process can be interrupted by signals, but the uninterruptable process cannot be interrupted by any signal. It’s just waiting for some hardware conditions to be met before it returns to running state

Stopped: The stopped state signifies that a process is stopped or suspended usually by through user’s signal or by another process. The process will return to running state through other signals

Zombie: Here, the system categorized the process to be EXIT_ZOMBIE (Z) or
EXIT_DEAD (X). A process is marked Z when the child process signals its parent process as it exists and releases all its available resources. A process is labelled X when the parent process has cleaned up all available residues of the child process.


You can view the process ID of any process running on a Linux system with the pidof command followed by the name of the process.



There are various commands used in monitoring the CPU’s performance in Linux systems. We will be running through some of these commands and show some practical example of how it is used.

Please note that these commands are basics and are what you can find pre-installed in most Linux distributions. There are other options which we will take time to discuss in a separate article.

The following are the basic commands you will need to view your processes;

The ps Command: The ps command takes a screenshot of the current process. It displays information about a selection of active processes.

The Linux version of the ps command supports three formats of options;

The UNIX (POSIX) options, which is grouped and preceded by a dash. The BSD long options, which may be grouped and does not include a dash and also the GNU format which are preceded by double dashes.

By default ps command without an option displays all user with the same user ID as the current user which are associated with the same terminal. It displays the PID, terminal, CPU time, and the program being executed.

The ps command can also be used with other options like aux and –aux option. Please note that aux and –aux are different and are meant to perform various operations. The ps –aux prints all selected processes for a user named x as well all processes that could be listed with the –a option. When no user x exists, the command act as ps aux.

The top command: The top command provides a real-time view of the system processes. It displays the system summary information as well as processes currently running on the system.


Having known how processes are created and monitored, you can now give some commands a try. They are other options you can use to determine running processes and their process ID while using the ps command. Try to lookup more options about ps command by running man ps on the command line

To recap it all, always remember that the systemd or the init process is where other processes are originated, and it has a process ID of 1. It doesn’t require user input to be started; instead, the system kernel starts it.


Red Hat System Administration I Student Workbook

man ps

man top