Lesson 1

In Unix-like systems (e.g., Linux, macOS), processes are the core of how programs run. This module shifts focus from files and devices to how Unix handles running programs, known as processes. By the end of this lesson, you will be able to:

1. Define what a process is
2. Identify types of processes on a Unix system
3. Understand process attributes and their role in access control
4. Explain how new processes are created
5. Determine relationships between processes
6. Create and manage periodic processes

A process is a running instance of a program. Each time you execute a program, such as `ls` or `firefox`, the system creates a new process. Processes are similar to files in that they have:

• An owner: The user who started the process (or the effective user for setuid programs).
• A name: The name of the executable (e.g., `bash`, `grep`).
• A Process ID (PID): ^[1] A unique number assigned by the system to identify the process.
• A size: The amount of memory the process uses, unlike files, which occupy disk space.

The first process, called init (or systemd on modern Linux systems), has PID 1 and is the ancestor of all other processes. It starts during system boot and manages system services.

Each process has key attributes that determine its behavior and access rights:

• PID: A unique identifier, typically up to 32,768 or higher on modern systems (configurable via /proc/sys/kernel/pid_max).
• Parent Process ID (PPID): The PID of the process that created it, forming a hierarchy like a directory structure.
• User ID (UID): The user who owns the process, controlling access to resources.
• Effective User ID (EUID): For setuid programs, this determines the permissions the process runs with, which may differ from the UID.

Setuid programs allow a process to run with the permissions of the file’s owner rather than the user who started it. For example, the passwd command uses setuid to allow users to modify the protected /etc/shadow file.

Processes are created through a two-step mechanism called fork-and-exec:

1. Fork:^[2] An existing process creates a near-exact copy of itself, called the child process. The child inherits the parent’s environment (e.g., environment variables, open files) but gets a new PID.
2. Exec:^[3] The child process replaces its program with a new one using the exec system call. The new program overwrites the child’s memory but retains the inherited environment.

For example, when you run ls in a shell like bash:

• The bash process forks, creating a child process.
• The child process execs ls, replacing its program with the ls executable.
• When ls finishes, the child process terminates, and the shell prompts for the next command.

All processes trace back to PID 1 (init or systemd), which forks and execs to start system services like sshd (for SSH connections) or crond (for scheduled tasks).

Unix processes can be categorized as:

• User Processes: Started by users, like running vim or python script.py.
• System Processes: Started by the system, such as systemd, sshd, or kernel threads.
• Daemon Processes: Background processes that run continuously, like crond (scheduling) or nginx (web server).
• Foreground Processes: Interactive processes tied to a terminal, like top.
• Background Processes: Run without user interaction, started with & (e.g., sleep 100 &).

You can view processes using commands like ps aux (lists all processes) or top (interactive process viewer).

PIDs are assigned sequentially, starting from 2 (since 1 is reserved for init or systemd). When the maximum PID is reached (e.g., 32,768 or higher), the system reuses available lower PIDs, skipping active ones. Each process has a parent process, identified by its PPID, forming a tree-like structure. You can view this hierarchy with pstree or ps -ef --forest. For example, a shell (bash) may fork multiple child processes for commands like grep or ls.

To run a program, type its name in the shell (e.g., ls). The shell searches for the executable in directories listed in the $PATH environment variable. For scripts or local executables, you may need to specify the path, like ./script.sh, and ensure execute permissions with chmod +x script.sh. To stop a running program, press Ctrl+C, which sends a SIGINT signal to terminate it. To run a program in the background, append & (e.g., firefox &).

A process’s life cycle involves:

1. Creation: A parent process forks, and the child execs a new program.
2. Execution: The process runs, performing its task (e.g., listing files with ls).
3. Termination: The process exits, sending a signal (e.g., SIGCHLD) to its parent. The parent, often init or systemd, cleans up the terminated process.

For example, when you connect via SSH:

• The sshd daemon forks a child process for your connection.
• The child execs a shell (bash), which runs your commands.
• When you exit the shell, the process terminates, and sshd cleans up.

To run a task periodically, use the cron daemon. Create a cron job by editing the crontab with crontab -e. For example, to run backup.sh every day at 2 AM, add:

0 2 * * * /path/to/backup.sh

This schedules the script to execute automatically. Use crontab -l to list your cron jobs.

You can manage processes with:

• ps: View processes (e.g., ps aux for all processes).
• top or htop: Monitor processes interactively.
• kill: Terminate a process by PID (e.g., kill 12345 sends SIGTERM; kill -9 12345 sends SIGKILL for forceful termination).
• &: Run a process in the background.
• jobs, fg, bg: Manage background processes in the shell.

[1] PID: Process ID, a unique number assigned to each process, starting from 1 for init or systemd.

[2] fork: A system call that creates a child process by copying the parent process.

[3] exec: A system call that replaces a process’s program with a new one.