Viewing Running Processes
Start course
3h 7m

In this course, we will explore how to set up a network of virtual machines and how to implement SSH key authentication and execute commands on remote systems. We'll look at how to install and remove software from local and remote systems. You'll learn about continue and break statement and their benefits and use cases. You learn how to automate processes on Linux through the use of cron jobs and examine running processes.

This course is part of the Linux Shell Scripting learning path. To follow along with this course, you can download all the necessary resources here.

Learning Objectives

  • Learn how to create a network of virtual machines and how to configure SSH key authentication and execute commands on remote systems via SSH
  • Learn how to install and remove software packages both on your local system as well as on remote systems
  • Understand continue and break statements in loops and what they're used for
  • Understand what cron is and how to use it to schedule the running of scripts in Linux at various intervals
  • Learn how to examine running processes on a Linux system and how to determine their process IDs

Intended Audience

  • Anyone who wants to learn Linux shell scripting 
  • Linux system administrators, developers, or programmers


To get the most out of this course, you should have a basic understanding of the Linux command line.


In this lesson, you'll learn how to examine running processes on a Linux system and how to determine their process IDs. To look at running processes, use the ps command. If you simply type ps and hit Enter, like I did here, you'll see a list of processes associated with a current user and the current terminal. So, the output of this ps tells us that I'm running the bash shell and the bash ps command or at least I was running the ps command at the time, I ran the ps command. Makes sense? Anyway, if you wanna see all the running processes, use the dash e option and I like to think of the dash e option as every. So let me do ps dash e to show me every process running on the system and it spews past our screen. So, I'm just going to pipe this to the head command, which is going to display the first few lines of standard output. This listing shows the PID for each process, the associated terminal identified by TTY, the accumulated CPU time and the command itself. Now, by the way, PID or PID stands for process ID. The PID is the process number, if you will. Another option I like to use with ps is dash f, which gives a full-format listing So, my favorite and most often used ps command is actually ps dash ef. So let me do that, then pipe that to head. Now we get some additional information such as who is running the process, the PPID, which stands for the PID of the parent of a given process. The start time and the full command line not just the name of the running process. If you don't like these predefined formats, you can actually supply your own with the dash o option. So, let's just do this, type ps and that's the default we get and so we can see those headers there, PID, TTY, Time, CMD. So, let's say we only want to look at CMD, so we can do ps dash o cmd. And you can keep combining this with other options. So, let's say we wanna look at ps dash o, let's get the PID, the process ID. The next column we want to see, let's say is the PPID, which is the parent process ID and the command, cmd. So, we can do that and now we have those exact three columns that we specified. Now, let's say we wanna look at all the processes on the system and the format that we wanna see it in. Let's say we're only interested in two bits of information, the PID and the command. So, we could do this ps dash e, which stands for every process. O, is our formatting option here and we'll supply PID and CMD and hit Enter. So now we're listing all the process IDs and commands that are currently running on the system. Let's talk about parent processes for just a second. So, let's look at this output, ps dash o pid, the parent PID and CMD. Now the parent process of the ps command is actually the shell. So, you can see bash is running as PID 2965 but the PPID of the ps command is 2965. So, PS is a child of bash. Bash started the ps process. Okay, but we have a another PID on here that we can identify 2964, which is the parent process of bash. So, who's the parent of bash? You can actually, probably guess that it's SSHD because we connected to the system using SSH but let's go ahead and confirm that. So, I'll do this ps dash f and P the dash p option looks at a specific process by ID or PID. So, we'll give it 2964, hit Enter. And sure enough, in fact, SSHD spawned our shell. There's another parent PID there let's see what the parent of this particular SSHD process is. So, the ps dash fp 2962 It's also SSHD again, let's look at this parent process. So, we'll do PID 953. So, this happens to be the originating SSHD process. And I can tell that because its parent PID is one. So, let's look at PID one and we'll talk about it. So, ps dash fp one. And on this distro PID one is system D, which is the very first process that started when the system boots. And that particular process starts all the other processes. So, system D controls services for example. For our older Linux distributions, you would have seen a kinit as PID one. Because a kinit would start when Linux started and then a kinit would initialize, all the other services and processes and so on in the system. Nowadays, again, it's system D. Okay. So, you have a few different ways to display the running processes on a system. Let's say you want to see if a process is running. One way to do that is to send the output of the ps command as input to the grep command and search for what you're looking for. For example, let's say, I wanna find out if the system logger is running. Typically, syslog processes have syslog and the name makes sense, right? There are a few different sysloggers though there's syslogd, there's rsyslogD there's syslog-ng and so on. So, if I were to look for syslog, I should be covered, you know, no matter which system logger is running. So, let's try this out. I use my favorite ps command, ps dash ef then l grep for syslog. Great. It looks like this system is using rsyslogd. If you look at the output, you not only find the listing for rsyslogd, but you also find the listing for the ps command itself. It's recursive. We're looking for a pattern in ps and by doing so, we make that pattern show up in a ps listing. We can get around this in a couple of ways. One, is to not use a full listing format. So, let's look at ps dash e and then just lists the commands and not the command options. So, then we could pipe that into grep and look for our pattern there of syslog. So now we only get our syslogd without the ps command itself or the grep command itself. Another way to do this is to go ahead and exclude the grep command itself. So, if we did this ps dash ef, and then we pipe that to grep syslog again, we end up with not only the rsyslogd command, but the grep command. What we can do here is grep dash v do an invert match of the grep command itself. So, we're interested in all the processes that contain the characters S-Y-S-L-O-G. But none of the output that contains the characters, G-R-E-P so hit Enter and that has narrowed us down to exactly one process the process of that we're looking for. Now that I know the exact name of the process, I can be very specific and I could do something like this. Ps dash e grep, rsyslogd. How would you go about counting the number of matches? Well, there are a couple of different ways that I can think of. One is to use the dash c option with grep. So, dash c stands for count and it says there is one count or one match. And so, we know we have one, rsyslogd process running. Another way would be to count the number of lines of output using the wc command. So, if we'd look at this. There's one line of output and we can pipe that into wc word count and use dash l to tell it to count lines. And so, it counts one line. And so, therefore, we have one, rsyslogd process running. Now let's look at something where more than one process of a given name is running. SSHD for example, that we were looking at a moment ago. So, let's list every process and grep for any that are named SSHD. Okay. I can count that easily. It's three, but let's do it programmatically. So, let's do grep dash c and it agrees with me and says there are three processes and we can also again, use wc dash l and it also reports back that there's three. There's another command that will give you the PID or the process ID of a process. And that command is aptly named pidof. So, let's do this. We can do pidof sshd and here it returns three PIDs. Now, if you wanted to use this command and count the number of PIDs, you could actually, use wc again, but this time instead of counting the lines, what you'd want to do is count words or the dash w option. So, we'll do this wc dash w and it counts three words and words being a wide space separated blocks of characters, more or less. Let's test this against a process that only has one instance of itself running. Let's see this pidof rsyslogd okay, just one PIDs returned. Let's use l wc dash w option there to count that ensure enough they report correctly that there is one count of rsyslogd running. By the way, you have to know the name of the processes you're looking for when you're using pidof. For example, if I do something like this pidof ssh, it returns zero processes because there are no processes that are running on the system named ssh or at least there are not at this time. However, there are sshd processes running. And as a matter of fact, there are three of them in there are there PIDs. So, if you want to match a pattern, use something like ps combined with grep via a pipe. I'm going to create a little demonstration script here that contains just parts of what we've been talking about here today. So let me move into our shared older, a Vagrant, and then edit this script. Let's give this script a little header here. So, this script is going to display the PID or PIDs and the count of the matching processes. And so, what we're going to do is look for a proc name or a process name that is actually going to be passed in on the command line. And of course, the first argument on the command line is dollar one. So now what we can do is let's just store the output of the pidof command and store that into the PIDs variable. So, we'll do this. We'll do pidof, and then the proc the name and then we're going to count those PIDs. So, let's just store this in a variable as well. So, what we can do is echo the output here. We can echo the PIDs. And pipe that into wc dash w and that will give us account there. So, I'm gonna enclose that in quotes. Now, what we can do is test the count a variable. So, let's do this. If count is greater than zero, then that means this process name that we're searching for is actually running. Let's tell them how many we found and let's give them the PID or PIDs that we found as well. So if this evaluates to false, if count is not greater than zero, well, then that means we didn't find anything. And in this instance, I think it's appropriate to exit with an exit status of one. And then since we're doing that, we should also send this message to standard error as it's an error message. Okay, I need to make sure I close out my if statement with fi. Okay, I'm gonna write and quit there saving my changes. Let's make sure we can execute this script. And let's go ahead and do that. And let's say, we're going to look for sshd and sure enough, it says the process name that you were looking for is SSHD. There are three SSHDs running on the system, and by the way, here are their PIDs. Now let's do the same thing with SSH. Now, there are no processes named SSH found. Let's do this with something else we were testing with a while ago, which was rsyslogd. Then sure enough it found it. There's one of them. And here is the PID. So, to recap, in this lesson, you learned how to use the ps and pidof commands to examine running processes on a Linux system.

About the Author
Learning Paths

Jason is the founder of the Linux Training Academy as well as the author of "Linux for Beginners" and "Command Line Kung Fu." He has over 20 years of professional Linux experience, having worked for industry leaders such as Hewlett-Packard, Xerox, UPS, FireEye, and Nothing gives him more satisfaction than knowing he has helped thousands of IT professionals level up their careers through his many books and courses.

Covered Topics