Special File Types   «Prev  Next»
Lesson 6Monitoring processes
ObjectiveUse the ps command and its arguments to monitor running processes on the system.

How to monitor Processes using the ps command

ps command

The principal tool for monitoring processes on your system is the ps command. This command lists the running processes, together with useful information about their status. Use the ps command by itself to get a brief list of processes owned by the user who invoked the command. Like ls, the ps command has myriad options. Let’s look at two particularly useful ones. To obtain information on all processes on a system, use the command ps aux. On Solaris and AIX, the corresponding command is ps –ef, and the output has a slightly different form. The relevant information is still there. To obtain information on parent-child relationships, use the command ps aj.
Unix process ID
  1. The process ID
  2. The terminal to which the process is attached
  3. A status indicator
  4. The accumulated CPU time
  5. The command line which started the process
  6. The owner of the process
  7. Daemon processes have no controlling terminal (TTY is ?)
  8. Login shells have an initial
  9. Processes that are swapped out are marked in parentheses
  10. Parent process IDs
  11. User ID numbers
using ps command
Click the View MouseOver button to take a look at the output of the ps, ps aux, and ps aj commands. Notice how they differ and what type of information the output of each contains. Notice that in the ps aj command output, you can obtain information about parent-child relationships. Parent process IDs are in the PPID column. This version of the ps command shows user ID numbers, not names, in the UID column. You can find your user ID number with the id command.
Sometimes, keeping track of your real identity is difficult. The whoami command will tell you the real user ID of your shell.
Let us practice using the ps commands to monitor processes. Click the Start Simulation button to get started.

ps commands diagrams

ps command 1
1) ps command 1

ps command 2
2) ps command 2

ps command 3
3) ps command 3

ps command 4
4) ps command 4

ps command 5
5) ps command 5

ps command 6
6) ps command 6

ps command 7
7) ps command 7

ps command 8
8) ps command 8

ps command 9
9) ps command 9

ps command 10
10) ps command 10

  1. Start a subshell of your login shell by typing the bash command. This will start the Bourne Again Shell.
  2. Start subshell
  3. Type ps aj. The a argument for ps will list all processes except group leaders and non-terminal processes. The j argument lists process group and session IDs.
  4. List processes
  5. ps aj
  6. Notice that the new shell has a PPID equal to the PID of your login shell. Now, exit this subshell.
  7. Exit subshell,
  8. exit
  9. Type exit. Remember that this is a subshell with exactly the same permissions as when you originally logged on.
  10. Assume root privileges.
  11. Assume root privileges,
  12. Type su to assume root privileges
  13. Enter rootpass for the password.
  14. rootpass
  15. You are now in a root shell. Type ps aj again.
  16. List processes
  17. Notice that a new shell with a PPID equal to your login shell's PID, but with owner root (UID number 0), has been created. Sometimes switching between shells becomes confusing. Issue a command to determine authoritatively the shell in which you are operating.
  18. Determine the shell,
  19. whoami
  20. Use the whoami command to determine the shell in which you are operating.
  21. Note that the output of the whoami command informs you that you are now root. Exit the root subshell.
  22. Exit root subshell
  23. exit
  24. Type exit to surrender root.
  25. Type ls -l /usr/bin/passwd to verify that the SUID bit has been set for the passwd program. Remember: You are not viewing the SUID bit on the etc/passwd file. You are viewing it on the passwd executable in the usr/bin directory.
  26. Verify
  27. ls -l /usr/bin/passwd
  28. Note that the SUID is set. If users have trouble changing their own passwords, you may have to change the file permissions using chmod. Let's issue a command that runs the passwd command and then suspends it. Type passwd &. You should not specify your own username, because only root has the ability to specify usernames. Even if the SUID is set, you cannot use passwd as freely as a user logged on as root.
  29. Run passwd command
  30. passwd
  1. Now, instead of entering your password, you would press CTRL+C to finish placing the passwd program into background mode. For the purposes of this simulation, just press the Enter key on your keyboard.
  2. Run ps aj again.
  3. ps aj
  4. View the processes, and verify that the password command is running with root permissions. This operation might seem odd because you are not in the root shell. You started passwd with only standard user permissions. However, the SUID bit allows normal users to execute programs using some root permissions. Also, note how the ps aj command you just executed does not have a root UID. Now, bring the passwd command back into the foreground of your shell.
  5. Bring passwd back to foreground
  6. fg
  7. Use the fg command to bring the passwd command back into the foreground of your shell.
Changing Identities Monitoring-ps