Workbook 9 Managing Processes Pace Center for Business and Technology 1 Chapter 1. An Introduction to Processes Key Concepts • A process is an instance of a running executable, identified by a process id (pid). • Because Linux implements virtual memory, every process possesses its own distinct memory context. • A process has a uid and a collection of gid as credentials. • A process has a filesystem context, including a cwd, a umask, a root directory, and a collection of open files. • A process has a scheduling context, including a niceness value. • A process has a collection of environment variables. • The ps command can be used to examine all currently running processes. • The top command can be used to monitor all running processes. 2 Processes are How Things Get Done Almost anything that happens in a Linux system, happens as a process. If you are viewing this text in a web browser, that browser is running as a process. If you are typing at a bash shell's command line, that shell is running as a process. If you are using the chmod command to change a file's permissions, the chmod command operates as a separate process. Processes are how things get done, and the primary responsibility of the Linux kernel is to provide a place for processes to do their stuff without stepping on each other's toes. Processes are an instance of an executing program. In other operating systems, programs are often large, elaborate, graphical applications that take a noticeably long time to start up. In the Linux (and Unix) world, these types of programs exist as well, but so do a whole class of programs which usually have no counterpart in other operating systems. These programs are designed to be quick to start, specialized in function, and play well with others. On a Linux system, processes running these programs are constantly popping into and out of existence. 3 Processes are How Things Get Done For example, consider the user maxwell performing the following command line. In the split second that the command line took to execute, no less four than processes (ps, grep, bash, and date) were started, did their thing, and exited. 4 What is a Process? By this point, you could well be tired of hearing the answer: a process in an instance of a running program. Here, however, we provide a more detailed list of the components that constitute a process. Execution Context Every process exists (at least to some extent) within the physical memory of the machine. Because Linux (and Unix) is designed to be a multiuser environment, the memory allocated to a process is protected, and no other process can access it. In its memory, a process loads a copy of its executable instructions, and stores any other dynamic information it is managing. A process also carries parameters associated with how often it gets the opportunity to access the CPU, such as its execution state and its niceness value (more on these soon). 5 What is a Process? I/O Context Every process interacts to some extent with the filesystem in order to read or write information that exists before or will exist after the lifespan of the process. Elements of a process's input/output context include the following. Open File Descriptors Almost every process is reading information from or writing information to external sources, usually both. In Linux, open file descriptors act as sources or sinks of information. Processes read information from or write information to file descriptors, which may be connected to regular files, device nodes, network sockets, or even each other as pipes (allowing interprocess communication). Memory Mapped Files Memory mapped files are files whose contents have been mapped directly into the process's memory. Rather than reading or writing to a file descriptor, the process just accesses the appropriate memory address. Memory maps are most often used to load a process's executable code, but may also be used for other types of non-sequential access to data. 6 What is a Process? Filesystem Context We have encountered several pieces of information related to the filesystem that processes maintain, such as the process's current working directory (for translating relative file references) and the process's umask (for setting permissions on newly created files). [13] Environment Variables Every process maintains its own list of name-value pairs, referred to as environment variables, or collectively as the process's environment. Processes generally inherit their environment on startup, and may refer to it for information such as the user's preferred language or favorite editor. Heritage Information Every process is identified by a PID, or process id, which it is assigned when it is created. In a later Lesson, we will discover that every process has a clearly defined parent and possibly well defined children. A process's own identity, the identity of its children, and to some extent the identity of its siblings are maintained by the process. 7 What is a Process? Credentials Every process runs under the context of a given user (or, more exactly, a given user id), and under the context of a collection of group id's (generally, all of the groups that the user belongs to). These credentials limit what resources a process can access, such as which files it can open or with which other processes it is allowed to communicate. Resource Statistics and Limits Every process also records statistics to track the extent to which system resources have been utilized, such as its memory size, its number of open files, its amount of CPU time, and others. The amount of many of these resources that a process is allowed to use can also be limited, a concept called resource limits. 8 Viewing Processes with the ps Command We have already encountered the ps command many times. Now, we will attempt to familiarize ourselves with a broader selection of the many command line switches associated with it. A quick ps --help will display a summary of over 50 different switches for customizing the ps command's behavior. To complicate matters, different versions of Unix have developed their own versions of the ps command, which do not use the same command line switch conventions. The Linux version of the ps command tries to be as accommodating as possible to people from different Unix backgrounds, and often there are multiple switches for any give option, some of which start with a conventional leading hyphen (“-”), and some of which do not. 9 Viewing Processes with the ps Command Process Selection By default, the ps command lists all processes started from a user's terminal. While reasonable when users connected to Unix boxes using serial line terminals, this behavior seems a bit minimalist when every terminal window within an X graphical environment is treated as a separate terminal. The following command line switches can be used to expand (or reduce) the processes which the ps command lists. 10 Output Selection As implied by the initial paragraphs of this Lesson, there are many parameters associated with processes, too many to display in a standard terminal width of 80 columns. The following table lists common command line switches used to select what aspects of a process are listed. 11 Output Selection Additionally, the following switches can be used to modify how the selected information is displayed. 12 Oddities of the ps Command The ps command, probably more so than any other command in Linux, has oddities associated with its command line switches. In practice, users tend to experiment until they find combinations that work for them, and then stick to them. For example, the author prefers ps aux for a general purpose listing of all processes, while many people prefer ps -ef. The above tables should provide a reasonable "working set" for the novice. The command line switches tend to fall into two categories, those with the traditional leading hyphen ("Unix98" style options), and those without ("BSD" style options). Often, a given functionality will be represented by one of each. When grouping multiple single letter switches, only switches of the same style can be grouped. For example, ps axf is the same as ps a x f, not ps a x -f. 13 Monitoring Processes with the top Command The ps command displays statistics for specified processes at the instant that the command is run, providing a snapshot of an instance in time. In contrast, the top command is useful for monitoring the general state of affairs of processes on the machine. The top command is intended to be run from within a terminal. It will replace the command line with a table of currently running processes, which updates every few seconds. The following demonstrates a user's screen after running the top command. 14 Monitoring Processes with the top Command While the command is running, the keyboard is "live". In other words, the top command will respond to single key presses without waiting for a return key. The following table lists some of the more commonly used keys. 15 Monitoring Processes with the top Command The last two command, which either kill or renice a process, use concepts that we will cover in more detail in a later Lesson. Although most often run without command line configuration, top does support the following command line switches. 16 Monitoring Processes with the gnome-system-monitor Application If running an X server, the GNOME desktop environment provides an application similar in function to top, with the benefits (and drawbacks) of a graphical application. The application can be started from the command line as gnome-system-monitor, or by selecting the System : Administration : System Monitor menu item. 17 Monitoring Processes with the gnome-system-monitor Application Like the top command, the System Monitor displays a list of processes running on the local machine, refreshing the list every few seconds. In its default configuration, the System Monitor provides a much simpler interface: it lists only the processes owned by the user who started the application, and reduces the number of columns to just the process's command, owner, Process ID, and simple measures of the process's Memory and CPU utilization. Processes may be sorted by any one of these fields by simply clicking on the column's title. 18 Monitoring Processes with the gnome-system-monitor Application When right-clicking on a process, a pop-up menu allows the user to perform many of the actions that top allowed, such as renicing or killing a process, though again with a simpler (and not as flexible) interface. 19 Monitoring Processes with the gnome-system-monitor Application The System Monitor may be configured by opening the Edit : Preferences menu selection. Within the Preferences dialog, the user may set the update interval (in seconds), and configure many more fields to be displayed. 20 Locating processes with the pgrep Command. Often, users are trying to locate information about processes identified by the command they are running, or the user who is running them. One technique is to list all processes, and use the grep command to reduce the information. In the following, maxwell first looks for all instances of the sshd daemon, and then for all processes owned by the user maxwell. 1. 2. 3. 4. While maxwell can find the information he needs, there are some unpleasant issues. The approach is not exacting. Notice that, in the second search, a su process showed up, not because it was owned by maxwell, but because the word maxwell was one of its arguments. Similarly, the grep command itself usually shows up in the output. The compound command can be awkward to type. 21 Locating processes with the pgrep Command. In order to address these issues, the pgrep command was created. Named pgrep for obvious reasons, the command allows users to quickly list processes by command name, user, terminal, or group. pgrep [SWITCHES] [PATTERN] Its optional argument, if supplied, is interpreted as an extended regular expression pattern to be matched against command names. The following command line switches may also be used to qualify the search. 22 Locating processes with the pgrep Command. In addition, the following command line switches can be use to qualify the output formatting of the command. For a complete list of switches, consult the pgrep(1) man page. As a quick example, maxwell will repeat his two previous process listings, using the pgrep command. 23 Examples Chapter 1. An Introduction to Processes Viewing All Processes with the "User Oriented" Format In the following transcript, maxwell uses the ps -e u command to list all processes (-e) with the "user oriented" format (u). The "user oriented" view displays the user who is running the process, the process id, and a rough estimate of the amount of CPU and memory the process is consuming, as well as the state of the process. (Process states will be discussed in the next Lesson). 24 Questions Chapter 1. An Introduction to Processes 1, 2, and 3 25 Chapter 2 Process States Key Concepts • In Linux, the first process, /sbin/init, is started by the kernel on bootup. All other processes are the result of a parent process duplicating itself, or forking. • A process begins executing a new command through a process called execing. • Often, new commands are run by a process (often a shell) first forking, and then execing. This mechanism is referred to as the fork and exec mechanism. • Processes can always be found in one of five well defined states: runnable, voluntarily sleeping, involuntarily sleeping, stopped, or zombie. • Process ancestry can be viewed with the pstree command. • When a process dies, it is the responsibility of the process's parent to collect it's return code and resource usage information. • When a parent dies before it's children, the orphaned children are inherited by the first process (usually /sbin/init). 26 A Process's Life Cycle How Processes are Started In Linux (and Unix), unlike many other operating systems, process creation and command execution are two separate concepts. Though usually a new process is created so that it can run a specified command (such as the bash shell creating a process to run the chmod command), processes can be created without running a new command, and new commands can be executed without creating a new process. Creating a New Process (Forking) New processes are created through a technique called forking. When a process forks, it creates a duplicate of itself. Immediately after a fork, the newly created process (the child) is an almost exact duplicate of the original process (the parent). The child inherits an identical copy of the original process's memory, any open files of the parent, and identical copies of any parameters of the parent, such as the current working directory or umask. About the only difference between the parent and the child is the child's heritage information (the child has a different process ID and a different parent process ID, for starters), and (for the programmers in the audience) the return value of the fork() system call. As a quick aside for any programmers in the audience, a fork is usually implemented using a structure similar to the following. 27 A Process's Life Cycle As a quick aside for any programmers in the audience, a fork is usually implemented using a structure similar to the following. When a process wants to create a new process, it calls the fork() system call (with no arguments). Though only one process enters the fork() call, two processes return from in. For the newly created process (the child), the return value is 0. For the original process (the parent), the return value is the process ID of the child. By branching on this value, the child may now go off to do whatever it was started to do (which often involves exec()ing, see next), and the parent can go on to do its own thing. 28 A Process's Life Cycle Executing a New Command (Exec-ing) New commands are run through a technique called execing (short for executing). When execing a new command, the current process wipes and releases most of its resources, and loads a new set of instructions from the command specified in the filesystem. Execution starts with the entry point of the new program. After execing, the new command is still the same process. It has the same process ID, and many of the same parameters (such as its resource utilization, umask, current working directory, and others). It merely forgets its former command, and adopts the new one. Again for any programmers, execs are performed through one of several variants of the execve() system call, such as the execl() library call. The process enters the the execl(...) call, specifying the new command to run. If all goes well, the execl(...) call never returns. Instead, execution picks up at the entry point (i.e., main()) of the new program. If for some reason execl(...) does return, it must be an error (such as not being able to locate the command's executable in the filesystem). 29 A Process's Life Cycle Combining the Two: Fork and Exec Some programs may fork without execing. Examples include networking daemons, who fork a new child to handle a specific client connection, while the parent goes back to listen for new clients. Other programs might exec without forking. Examples include the login command, which becomes the user's login shell after successfully confirming a user's password. Most often, and for shell's in particular, however, forking and execing go hand and hand. When running a command, the bash shell first forks a new bash shell. The child then execs the appropriate command, while the parent waits for the child to die, and then issues another prompt. 30 The Lineage of Processes (and the pstree Command) Upon booting the system, one of the responsibilities of the Linux kernel is to start the first process (usually /sbin/init). All other processes are started because an already existing process forked. [2] Because every process except the first is created by forking, there exists a well defined lineage of parent child relationships among the processes. The first process started by the kernel starts off the family tree, which can be examined with the pstree command. 31 How a Process Dies When a process dies, it either dies normally by electing to exit, or abnormally as the result of receiving a signal. We here discuss a normally exiting process, postponing a discussion of signals until a later Lesson. We have mentioned previously that processes leave behind a status code (also called return value) when they die, in the form of an integer. (Recall the bash shell, which uses the $? variable to store the return value of the previously run command.) When a process exits, all of its resources are freed, except the return code (and some resource utilization accounting information). It is the responsibility of the process's parent to collect this information, and free up the last remaining resources of the dead child. For example, when the bash shell forks and execs the chmod command, it is the parent bash shell's responsibility to collect the return value from the exited chmod command. Orphans If it is a parent's responsibility to clean up after their children, what happens if the parent dies before the child does? The child becomes an orphan. One of the special responsibilities of the first process started by the kernel is to "adopt" any orphans. (Notice that in the output of the pstree command, the first process has a disproportionately large number of children. Most of these were adopted as the orphans of other processes). 32 How a Process Dies Zombies In between the time when a process exits, freeing most of its resources, and the time when its parent collects its return value, freeing the rest of its resources, the child process is in a special state referred to as a Zombie. Every process passes through a transient zombie state. Usually, users need to be looking at just the right time (with the ps command, for example) to witness a zombie. They show up in the list of processes, but take up no memory, no CPU time, or any other system resources. They are just the shadow of a former process, waiting for their parent to come and finish them off. Negligent Parents and Long Lived Zombies Occasionally, parent processes can be negligent. They start child processes, but then never go back to clean up after them. When this happens (usually because of a programmer's error), the child can exit, enter the zombie state, and stay there. This is usually the case when users witness zombie processes using, for example, the ps command. Getting rid of zombies is perhaps the most misunderstood basic Linux (and Unix) concept. Many people will say that there is no way to get rid of them, except by rebooting the machine. Using the clues discussed in this section, can you figure out how to get rid of long lived zombies? You get rid of zombies by getting rid of the negligent parent. When the parent dies (or is killed), the now orphaned zombie gets adopted by the first process, which is almost always /sbin/init. /sbin/init is a very diligent parent, who always cleans up after its children (including adopted orphans). 33 The 5 Process States The previous section discussed how processes are started, and how they die. While processes are alive they are always in one of five process states, which effect how and when they are allowed to have access to the CPU. The following lists each of the five states, along with the conventional letter that is used by the ps, top, and other commands to identify a process's current state. Runnable (R) Processes in the Runnable state are processes that, if given the opportunity to access the CPU, would take it. More formally, this is know as the Running state, but because only one process may be executing on the CPU at any given time, only one of these processes will actually be "running" at any given instance. Because runnable processes are switched in and out of the CPU so quickly, however, the Linux system gives the appearance that all of the processes are running simultaneously. 34 The 5 Process States Voluntary (Interruptible) Sleep (S) As the name implies, a process which is in a voluntary sleep elected to be there. Usually, this is a process that has nothing to do until something interesting happens. A classic example is a networking daemon, such as the httpd process that implements a web server. In between requests from a client (web browser), the server has nothing to do, and elects to go to sleep. Another example would be the top command, which lists processes every five seconds. While it is waiting for five seconds to pass, it drops itself into a voluntary sleep. When something that the process in interested in happens (such as a web client makes a request, or a five second timer expires), the sleeping process is kicked back into the Runnable state. Involuntary (Non-interruptible) Sleep (D) Occasionally, two processes try to access the same system resource at the same time. For example, one process attempts to read from a block on a disk while that block is being written to because of another process. In these situations, the kernel forces the process into an involuntary sleep. The process did not elect to sleep, it would prefer to be runnable so it can get things done. When the resource is freed, the kernel will put the process back into the runnable state. Although processes are constantly dropping into and out of involuntary sleeps, they usually do not stay there long. As a result, users do not usually witness processes in an involuntary sleep except on busy systems. 35 The 5 Process States Stopped (Suspended) Processes (T) Occasionally, users decide to suspend processes. Suspended processes will not perform any actions until they are restarted by the user. In the bash shell, the CTRL+Z key sequence can be used to suspend a process. In programming, debuggers often suspend the programs the are debugging when certain events happen (such as breakpoints occur). Zombie Processes (Z) As mentioned above, every dieing process goes through a transient zombie state. Occasionally, however, some get stuck there. Zombie processes have finished executing, and have freed all of their memory and almost all of their resources. Because they are not consuming any resources, they are little more than an annoyance that can show up in process listings. 36 Viewing Process States When viewing the output of commands such as ps and top, process states are usually listed under the heading STAT. The process is identified by one of the following letters. • Runnable - R • Sleeping - S • Stopped - T • Uninterruptible sleep - D • Zombie - Z 37 Examples Chapter 2. Process States Identifying Process States 38 Questions Chapter 2. Process States 1, 2, and 4 39 Questions Chapter 3. Process Scheduling: nice and renice Key Concepts • A primary task of the Linux kernel is scheduling processes. • Every process has a niceness value that influences its scheduling. • The nice and renice commands can change a process's scheduling priority. 40 Process Scheduling Nomenclature One of the fundamental tasks of the Linux kernel is ensure that processes share system resources effectively. One of the most fundamental resources which has to be shared is the CPU. How the kernel decides which process gets to execute on the CPU at which time is known as scheduling. Every process has two values which influence its scheduling. The first is a dynamic value which is constantly being changed by the kernel. The second is a fixed value, which is only occasionally (if ever) explicitly changed by a user. In the open source community, the nomenclature used to describe these two values has been inconsistent (at best), which leads to confusion. As much as possible, this text will try to be consistent with the ps and top command, and refer to the first (dynamic) value as the process's priority, and the second (fixed) value as the process's niceness. 41 Process Scheduling, in Essence Recently, much attention has been focused on methods used by the Linux kernel to implement scheduling, and the technique has varied from kernel release to kernel release. While the following discussion is not correct at a detailed level, it nevertheless conveys the essence of how the Linux kernel schedules processes. In order to more easily illustrate scheduling, maxwell will start four versions of the cat command, running in the background. (Processes can be run in the background by appending an ampersand (“& ”), as will be discussed in a later Lesson). The cat commands read from /dev/zero (a pseudo device that acts as an infinite source of binary zeros), and write to /dev/null (a pseudo device which throws away everything that is written to it). 42 Process Scheduling, in Essence How long will these cat commands run? Forever. The user maxwell next monitors the processes on his machine using the top command. While watching the top command, maxwell observes that the values in the third column (labeled PRI) are constantly changing. These are the process's dynamic "priority" values mentioned above. The fourth column (labeled NI) is the fixed "niceness" value of the process. 43 Process Priorities When scheduling processes, the kernel effectively gives every process a handful of counters. Every time a process gets scheduled onto the CPU, it gives up one of its counters. When deciding which process to schedule onto the CPU next, the kernel chooses the runnable process with the most counters. Eventually, the kernel will reach a state where all of the runnable processes have used up their counters. This is referred to as the end of a scheduling epoch, and at this point, the kernel starts all of the processes over again with a new handful of counters. Notice that processes which are not in the runnable state never give up their counters. If, however, a sleeping process were to suddenly awaken (because something interesting happened) and be kicked into the runnable state, it would most likely have more counters than processes which had been running for a while, and would be quickly scheduled onto the CPU. How does this relate to the values shown in the PRI column? Think of this column as a process's number of counters, subtracted from 40. Therefore, processes with a lower priority (as listed by the top command) have the scheduling advantage. In the output above, the cat commands, which are constantly in the runnable state, are consuming their counters. The init process, however, who is sleeping quietly in the background, is not. 44 Process Niceness As mentioned above, every process also has a static value referred to as its niceness value. This value may range from -20 to 19 for any process, starting at 0 by default. How does a process's niceness influence its scheduling? At the beginning of a scheduling epoch, you can think of the kernel subtracting a process's niceness value from the number of counters the process is allocated. As a result, "nicer" processes (those with a higher niceness value) get less counters, and thus less time on the CPU, while "greedy" processes (those with a niceness value less than 0) get more counters and more time on the CPU. If a "nice" process is the only one running on the machine, however, it would get full access to the CPU. Changing a Process's Niceness Suppose maxwell were about to run a physics simulation that would take several days to complete. By increasing the process's niceness, the process would patiently wait if anyone else were running processes on the machine. If no one else were running processes, however, the physics simulation would have full access to the CPU. There are several techniques by which maxwell could alter his process's niceness value. 45 Using nice to Start a low Priority Command The nice command is used to set a process's niceness as the process is started. When maxwell starts his simulation (which is an executable in his home directory named ~/simulation), he makes it as nice as possible, with a value of +19. (He also places the process in the background. Again, don't worry about that now. It will be discussed in a later Lesson.) Notice that the syntax can be misleading. The token -19 should not be considered negative 19, but instead the numeric command line switch 19. The user maxwell then again monitors processes using the top command. The first few processes listed are listed below. 46 Using nice to Start a low Priority Command Next, maxwell gets rid of the cat commands (using techniques we will learn next Lesson). 47 Using nice to Start a low Priority Command When he observes the top command again, his simulation, now (almost) the lone runnable process on the machine, is receiving almost all of the CPU's time. As an additional subtlety, the number specified is the number to be added to the current shell's niceness value. Since most shells run with a niceness of 0, this is seldom noticed. But if a shell were running with a niceness value of 10, the following command line would result in the simulation running with a niceness value of 15. 48 Using renice to Alter a Running Process The renice command can be used to change the niceness of an already running process. Processes can be specified by process id, username, or group name, depending on which of the following command line switches are used. 49 Using renice to Alter a Running Process Suppose maxwell had already started his simulation, without altering its niceness value. He decides to be more polite to other people who might be using the machine, and uses the renice command to bump up the process's niceness value. In the absence of any command line switches, the renice command expects a niceness value and a process ID as its two arguments. 50 Using top to Renice a Process As mentioned in the previous unit, the top command uses the r key to renice a process. While monitoring processes with top, pressing r will open the following dialog above the list of processes. Making Processes Greedier What if maxwell were more malicious in intent, and wanted to make his simulation greedier instead of nicer? Fortunately for other users on the machine, normal users cannot lower the niceness of a process. This has two implications. Because processes start with a default niceness of 0, standard users cannot make "greedy" processes with negative niceness values. Once a process has been made nice, it cannot be made "normal" again by normal users. Suppose the administrator noticed that maxwell's simulation was taking up excessive amounts of CPU time. She could use the renice command as root to bump up maxwell's niceness, and maxwell could not restore it. 51 Lab Exercise - Process Scheduling: nice and renice 1. Run the following command in a terminal. 2. In another terminal, use the renice command to change the niceness value of all processes owned by you to 5. (You might want to consider using the pgrep command in conjunction with the xargs command for this step.) 3. After completing the last step, change the niceness value of the cat process (started in step 1) to 10. 4. Use the nice command to start another cat command (again reading /dev/zero redirected to /dev/null) with a niceness value of 15. Grade your exercise with both instances of the cat command still running. 52 Lab Exercise - Process Scheduling: nice and renice Deliverables 1. A cat command running with a niceness value of 10. 2. A cat command running with a niceness value of 15. 3. All other processes running by you have a niceness value of 5. Cleaning Up When you are finished grading your exercise, you may stop all of your cat processes with the CTRL+C control sequence. 53 Chapter 3. Process Scheduling: nice and renice Questions 1, 2 and 3 54 Chapter 4. Sending Signals Key Concepts • Signals are a low level form of inter-process communication, which arise from a variety of sources, including the kernel, the terminal, and other processes. • Signals are distinguished by signal numbers, which have conventional symbolic names and uses. The symbolic names for signal numbers can be listed with the kill -l command. • The kill command sends signals to other processes. • Upon receiving a signal, a process may either ignore it, react in a kernel specified default manner, or implement a custom signal handler. • Conventionally, signal number 15 (SIGTERM) is used to request the termination of a process. • Signal number 9 (SIGKILL) terminates a process, and cannot be overridden. • The pkill and killall commands can be used to deliver signals to processes specified by command name, or the user who owns them. • Other utilities, such as top and the GNOME System Monitor can be used to deliver signals as well. 55 Signals Linux (and Unix) uses signals to notify processes of abnormal events, and as a primitive mechanism of interprocess communication. Signals are sometimes referred to as software interrupts, in that they can interrupt the normal flow of execution of a process. The kernel uses signals to notify processes of abnormal behavior, such as if the process tries to divide a number by zero, or tries to access memory that does not belong to it. Processes can also send signals to other processes. For example, a bash shell could send a signal to an xclock process. The receiving process knows very little about the origins of the signal. It doesn't know if the signal originated from the kernel, or from another process; all it knows is that it received a signal. 56 Signals There are, however, different flavors of signals. The different flavors have symbolic names, but are also identified by integers. The various integers, and the symbolic name they are mapped to, can be listed using the kill -l command, or examined in the signal(7) man page. Linux, like most versions of Unix, implements 32 "normal" signals. In Linux, signals numbered 32 through 63 (which are not standard among the various versions of Unix) are "real time" signals, and beyond the scope of this text. 57 Why Are Signals Sent? There are a variety of reasons why signals might be sent to a process, as illustrated by the following examples. Hardware Exceptions The process asked the hardware to perform some erroneous operation. For example, the kernel will send a process a SIGFPE (signal number 8) if it performs a divide by 0. Software Conditions Processes may need to be notified of some abnormal software condition. For example, whenever a process dies, the kernel sends a SIGCHLD (signal number 17) to the process's parent. As another example, X graphical applications receive a SIGWINCH (signal number 28) whenever their window is resized, so that they can respond to the new geometry. Terminal Interrupts Various terminal control key sequences send signals to the bash shell's foreground process. For example, CTRL+C sends a SIGINT (signal number 2), while CTRL+Z sends a SIGTSTP (signal number 20). Other Processes Processes may elect to send any signals to any other process which is owned by the same user. The kill command is designed to do just this. 58 Sending Signals: the kill Command The kill command is used to deliver custom signals to other processes. It expects to be called with a numeric or symbolic command line switch, which specifies which signal to send, and a process ID, which specifies which process should receive it. As an example, the following commands deliver a SIGCHLD (signal number 17) to the xclock process, process ID number 8060. When using the symbolic name to specify a signal, the “SIG” prefix (which all signals share) can either be included or omitted. 59 Sending Signals: the kill Command The kill command is used to deliver custom signals to other processes. It expects to be called with a numeric or symbolic command line switch, which specifies which signal to send, and a process ID, which specifies which process should receive it. As an example, the following commands deliver a SIGCHLD (signal number 17) to the xclock process, process ID number 8060. When using the symbolic name to specify a signal, the “SIG” prefix (which all signals share) can either be included or omitted. 60 Receiving Signals When a process receives a signal, it may take one of the following three actions. Implement a Kernel Default Signal Handler For each type of the signal, there is a default response which is implemented by the kernel. Each signal is mapped to one of the following behaviors. • Terminate: The receiving process is killed. • Ignore: The receiving process ignores the signal • Core: The receiving process terminates, but first dumps an image of its memory into a file named core in the process's current working directory. The core file can be used by developers to help debug the program. This response if affectionately referred to as "puking" by many in the Unix community. • Stop: Stop (suspend) the process. The signal(7) man page documents which behavior is mapped to which signal. Choose to Ignore the Signal Programmers may elect for their application to simply ignore specified signals. Choose to Implement a Custom Signal Handler Programmers may elect to implement their own behavior when a specified signal is received. The response of the program is completely determined by the programmer. Unless a program's documentation says otherwise, you can usually assume that a process will respond with the kernel implemented default behavior. Any other response should be documented. 61 Using Signals to Terminate Processes Of the 32 signals used in Linux (and Unix), standard users in practice only (explicitly) make use of a few. Usually, standard users are using signals to terminate a process (thus the name of the kill command). By convention, if programmers want to implement custom behavior when shutting down (such as flushing important memory buffers to disk, etc.), they implement a custom signal handler for signal number 15 to perform the action. Signal number 9 is handled specially by the kernel, and cannot be overridden by a custom signal handler or ignored. It is reserved as a last resort, kernel level technique for killing a process. 62 Using Signals to Terminate Processes As an example, einstein will start a cat command that would in principle run forever. He then tracks down the process ID of the command, and terminates it with a SIGTERM. SIGTERM (signal number 15) is the default signal for the kill command, so einstein could have used kill 8375 to the same effect. In the following, einstein repeats the sequence, this time sending a SIGKILL. 63 Alternatives to the kill Command Using signals to control processes is such a common occurrence, alternatives to using the kill command abound. The following sections mention a few. The pkill Command In each of the previous examples, einstein needs to determine the process ID of a process before sending a signal to it with the kill command. The pkill command can be used to send signals to processes selected by more general means. The pkill command expects the following syntax. pkill [-signal] [SWITCHES] [PATTERN] The first token optionally specifies the signal number to send (by default, signal number 15). PATTERN is an extended regular expression that will be matched against command names. The following table lists commonly used command line switches. Processes that meet all of the specified criteria will be sent the specified signal. 64 Alternatives to the kill Command Conveniently, the pkill command omits itself and the shell which started it when killing all processes owned by a particular user or terminal. Consider the following example. Notice that, although the bash shell qualifies as a process owned by the user maxwell, it survived the slaughter. 65 The killall Command Similar to pkill, the killall command delivers signals to processes specified by command name. The killall command supports the following command line switches. 66 The System Monitor The System Monitor GNOME application, introduced in a previous Lesson, can also be used to deliver signals to processes. By right clicking on a process, a pop-up menu allows the user to select End Process, which has the effect of delivering a SIGTERM to the process. What do you think the Kill Process menu selection does? The Kill Process menu selection delivers a SIGKILL signal to the process. 67 The top Command The top command can , can also be used to deliver signals to processes. Using the K key, the following dialog occurs above the list of processes, allowing the user to specify which process ID should receive the signal, and which signal to deliver. 68 Online Exercises Chapter 4. Sending Signals Lab Exercise Objective: Effectively terminate running processes. Estimated Time: 10 mins. Specification Create a short shell script called ~/bin/kill_all_cats, and make it executable. When executed, the script should kill all currently running cat processes. In a terminal, start a cat process using the following command line. Leave the process running while grading your exercise (but don't be surprised if its not running when you're done). [student@station student]$ cat /dev/zero > /dev/null Deliverables A script shell script called ~/bin/kill_all_cats, which when executed, delivers a SIGTERM signal to all currently running instances of the cat command. An executing cat process. Hint ~/bin/kill_all_cats = killall cat 69 Chapter 5. Job Control Key Concepts • The bash shell allows commands to be run in the background as "jobs". • The bash shell allows one job to run in the foreground, and can have multiple backgrounded jobs. • The jobs command will list all backgrounded jobs. • The CTRL-Z key sequence will suspend and background the current foreground job. • The bg command resumes a backgrounded job. • The fg command brings a backgrounded job to the foreground. Discussion The topics addressed by this Workbook so far, namely listing process information, changing a process's niceness, and sending signals to processes, are features shared by all processes, whether they are started from a shell's command line or otherwise. Unlike these previous topics, our remaining topic, job control, concerns itself with managing processes which are started from an interactive shell prompt, and we will focus on the bash shell in particular. 70 Running Commands in the Foreground When running a command from the bash shell prompt, unless you specify otherwise, the command runs in the foreground. The bash shell waits for the foreground command to terminate before issuing another prompt, and anything typed at the keyboard is generally read as stdin to this command. All of this should sound familiar, as almost every command used thus far has been run in the foreground. Running Commands in the Background as Jobs In contrast, any command you specify can also be run in the background by appending the ampersand character (“&”) to the command line. Generally, only long running commands that do not require input from the keyboard, and do not generate large amounts of output, are appropriate for backgrounding. When the bash shell backgrounds a command, the command is referred to as a job, and assigned a job number. 71 Running Commands in the Foreground In the following example, einstein is performing a search of his entire filesystem for files which are larger than 1 megabyte in size. Because he expects this command to run a while, he redirects stdout to a file, throws stderr away, and runs it as a background job. After starting the job in the background, the bash shell reports two pieces of information back to einstein. The first is the job number, reported in square brackets. The second is the process ID of the backgrounded job. In this case, the job is job number 1, and the process ID of the find command is 7022. While this command is running in the background, einstein decides he would also like to find all files owned by him which he has not modified in two week. He composes the appropriate find command, and again backgrounds the job. 72 Running Commands in the Foreground Again, bash reports the job number (2) and the process ID of the second find command (7023). The second message from the bash shell is notifying einstein that job number one has finished. The bash shell reports that it has exited with a return code of 1 (as opposed to being killed by a signal), and redisplays the command line to remind einstein of what he had run. The bash shell does not report immediately when jobs die, but waits until the next time it interprets a command line. By the time einstein has digested all of this, he suspects his second job has finished as well. He simply hits the RETURN key (so that bash will "interpret" the empty command line). The bash shell similarly reports his now finished job number 2. 73 Managing Multiple Jobs The user einstein, like the user maxwell, is often performing physics calculations that take a long time to execute. He starts several different versions of the simulation, backgrounding each. 74 Listing Current Jobs with jobs The user einstein can use the jobs builtin command to report all of his currently running jobs. Each of his background jobs are listed, along with the job number. The most recently handled job is referred to as the current job, and is decorated by the jobs command with a “+”. Bringing a Job to the Foreground with fg A backgrounded job can be brought back to the foreground with the fg builtin command. The fg command expects a job number as an argument, or if none is supplied, will foreground the current job. The job sim_c is now running in the foreground. As a consequence, the shell will not issues another prompt while the process is still running. 75 Listing Current Jobs with jobs Suspending the Foreground Job with CTRLZ We had previously introduced the CTRL+Z control sequence as a method of suspending processes. Now, by watching the output of the bash shell closely as einstein suspends the foreground command, we see that the bash shell treats any suspended foreground process as a job. When suspended (or, to use the shell's terminology, stopped), the process is assigned a job number (if it did not already have one) and backgrounded. The jobs command reports the job as a "Stopped" job, and the ps command confirms that the process is in the stopped state. 76 Listing Current Jobs with jobs Restarting a Stopped Job in the Background A stopped job can be restarted in the background with the bg builtin command. Like the fg command, the bg command expects a job number as an argument, or, if none is provided, uses the current job. In the following, einstein restarts his stopped job in the background. Now job number 3 is again in the running state. 77 Killing Jobs The kill command, which is used to deliver signals to processes, is implemented as a shell builtin command. (Confusingly, another version is also found in the filesystem, /bin/kill. You are probably using the shell builtin version instead). As a result, it is aware of any jobs that the shell is managing. When specifying which process should receive a signal, the process's job number (if it has one) can be specified in lieu of its process ID. To distinguish the two, job numbers are preceded by a percent character (“%”), as in the following example. 78 Summary 79 Online Exercises Chapter 5. Job Control Online Exercises Lab Exercise Objective: Use bash job control to manage multiple tasks. Estimated Time: 10 mins. Specification 1. Start the following four commands, placing each in the background. 2. Using job control commands and common control sequences, stop (suspend) the ls and find jobs. Deliverables 1. Four background jobs managed by the bash shell. The cat and sleep jobs should jobs should be running, while the find and ls jobs should be suspended. Clean Up After you have graded your exercise, use the kill command (or the fg/ CTRL+C combination) to kill all four jobs. 80 Chapter 6. Scheduling Delayed Tasks: at Key Concepts • The at command can submit commands to run at a later time. • The batch command can submit commands to run when the machines load is low. • Commands can either be entered directly, or submitted as a script. • stdout from at jobs is mailed to the user. • atq and atrm are used to examine and remove currently scheduled jobs. 81 Chapter 6. Scheduling Delayed Tasks: at Before discussing the at command directly, we begin with a short discussion of a common Unix concept: daemons. With a name inspired by the physicist Maxwell's Daemon, Unix daemons are processes that run in the background, detached from any terminal, performing tasks that are usually not related to a user at the keyboard. Daemons are often associated with network services, such as the web server (httpd) or the FTP server (vsftpd). Other daemons handle system tasks, such as the logging daemon (syslogd) and the power management daemon (apmd). This Lesson, and the following Lesson, discuss two daemons that allow users to delay tasks (atd), or run commands at fixed intervals (crond). By now, you have probably noticed a naming convention as well: programs meant to be run as daemons usually end in the letter d. Daemons are processes like any other process. They are usually started as part of the system's boot up sequence, or by the administrative user root, so unless you look for them, you might never know that they are there. 82 Chapter 6. Scheduling Delayed Tasks: at Daemons are processes like any other process. They are usually started as part of the system's boot up sequence, or by the administrative user root, so unless you look for them, you might never know that they are there. Some daemons run as the user root, while others take on the identity of another system user for security concerns. Above, the crond daemon is running as root, but the atd daemon is running as the user daemon. 83 The atd Daemon The atd daemon allows users to submit jobs to be performed at a later time, such as "at 2:00am". In order to use the atd daemon, it must be running. Users can confirm that atd is running simply by examining a list of running processes: Notice that the seventh column specifies what terminal a process is associated with. For blondie's grep command, the terminal is pts/2, which probably refers to a network shell or a graphical terminal within an X session. Notice that the atd daemon has no associated terminal. One of the defining characteristics of a daemon is that it drops it's association with the terminal that started it. 84 Submitting Jobs with at The at command is used to submit jobs to the atd daemon to be run at a specific time. The commands to be run are either submitted as a script (with the -f command line switch), or entered directly via stdin. Standard out from the command is mailed to the user. The time of day can be specified using HH:MM, suffixed by "am" or "pm". The terms "midnight", "noon", and "teatime" can also be used. (You read correctly, "teatime".) A date can also be specified using several formats, including MM/DD/YY. The at(1) man page provides many more details. 85 Submitting Jobs with at The wrestler hogan would like to print a file containing all of the fan mail that he has received, fanmail.txt. He's a little concerned, though, because he shares the printer with ventura, who uses the printer a lot as well. Wanting to avoid a fight, hogan decides to delay his printing until 2:00 in the morning. Because hogan did not use the -f command line switch, the at command prompted hogan to type in his commands using stdin (the keyboard). Fortunately, hogan knows that CTRL+D, when entered directly from a terminal, indicates an "end of file". Alternately, he could have piped the command into stdin directly: 86 Submitting Jobs with at Next, hogan confirms that his job has been registered using atq. Lastly, hogan remembers that ventura is on vacation, so he can print his fan mail without incident. He decides to cancel his at job, and print the file directly. 87 Delaying Tasks with batch The batch command, like the at command, is used to defer tasks until a later time. Unlike the at command, batch does not run the command at a specific time, but instead waits until the system is not busy with other tasks, whenever that time might be. If the machine is not busy when the job is submitted, the job might run immediately. The atd daemon monitors the system's loadavg, and waits for it to drop beneath 0.8 before running the job. The batch command has a syntax identical to the at command, where jobs can either be specified using stdin, or submitted as a batch file with the -f command line switch. If a time is specified, batch will delay observing the machine until the specified time. At that time, batch will begin monitoring the system's loadavg, and run the job when the system is not otherwise busy. 88 Summary of at Commands 89 Chapter 6. Scheduling Delayed Tasks: at Submitting a job for Delayed Execution Objective: Use the atd service to delay a task for later execution Estimated Time: 10 mins. Specification You have had a hard time remembering what day it is, so you would like to mail yourself a copy of the current calendar, so that you see it the first thing in the morning. Submit an at job, that simply runs the cal command, for 3:45 in the morning. Make sure that it is your only job scheduled with the at facility. Deliverables A queued at job, which will generate the output of the cal command at 3:45 in the morning. 90 Chapter 7. Scheduling Periodic Tasks: cron Key Concepts • The cron facility is used to schedule regularly recurring tasks. • The crontab command provides a front end to editing crontab files. • The crontab file uses 5 fields to specify timing information. • stdout from cron jobs is mailed to the user. 91 Chapter 7. Scheduling Periodic Tasks: cron Performing Periodic Tasks Often, people find that they are (or aught to be) performing tasks on a regular basis. In system administration, such tasks might include removing old, unused files from the /tmp directory, or checking to make sure a file that's collecting log messages hasn't grown to large. Other users might find they're own tasks, such as checking for large files that they aren't using anymore, or checking a website to see if anything new has been posted. The cron service allows users to configure commands to be run on a regular basis, such as every 10 minutes, once every thursday, or twice a month. Users specify what commands should be run at what times by using the crontab command to configure their "cron table". The tasks are managed by a traditional Linux (and Unix) daemon, the crond daemon. 92 Chapter 7. Scheduling Periodic Tasks: cron The cron Service The crond daemon is the daemon that performs periodic tasks on behalf of the system or individual users. Usually, the daemon is started as the system boots, so most users can take it for granted. By listing all processes and searching for crond, you can confirm that the crond daemon is running. If the crond daemon is not running, your system administrator would need to start the crond service as root. 93 crontab Syntax Users specify which jobs to run, and when to run them, by configuring a file known as the "cron table", more often abbreviated "crontab". An example crontab file is listed below. A crontab file is a line based configuration file, with each line performing one of three functions: Comments All lines who first (non-space) character is a # are considered comments, and are ignored. Environment variables All lines that have the form name = value are used to define environment variables. Cron commands Any other (non blank) line is considered a cron command, which is made up of six fields described below. 94 crontab Syntax Cron command lines consist of six whitespace separated fields. The first 5 fields are used to specify when to run the command, and the remaining sixth field (composed of everything after the fifth field) specifies the command to run. The first five fields specify the following information: 95 crontab Syntax Each of the first five fields must be filled with a token using the following syntax: 96 Using the crontab Command Users seldom manage their crontab file directly (or even know where it is stored), but instead use the crontab command to edit, list, or remove it. crontab {[-e] | [-l] | [-r]} crontab FILE Edit, list, or remove the current crontab file, or replace the current crontab file with FILE. 97 Using the crontab Command In the following sequence of commands, hogan will use the crontab command to manage his crontab configuration. He first lists his current crontab configuration to the screen, then he lists the current file again, storing the output into the file mycopy. 98 Using the crontab Command Next, hogan removes his current crontab configuration. When he next tries to list the configuration, he is informed that no current configuration exists. In order to restore his cron configuration, hogan uses the crontab command once again, this time specifying the mycopy file as an argument. Upon listing his configuration again, he finds that his current configuration was read from the mycopy file. 99 Using the crontab Command A little annoyingly, the banner has been duplicated in the process. Can you out why? The original banner was stored in mycopy. When mycopy was resubmitted, cron treated the original banner as a user comment, and prepended a new banner. 100 Editing crontab Files in Place Often, users edit their crontab files in place, using crontab -e. The crontab command will open the current crontab configuration into the user's default editor. When the user has finished editing the file, and exits the editor, the modified contents of the file are installed as the new crontab configuration. The default default editor is /bin/vi, however crontab, like many other commands, examines the EDITOR environment variable. If the variable has been set, it will be used to specify which editor to open. For example, if hogan prefers to use the nano editor, he can first set up the EDITOR environment variable to /usr/bin/nano (or simply nano), and then run crontab -e. 101 Editing crontab Files in Place If hogan wanted to use nano as his editor, he could use one of the following approaches: or, even better, hogan could add the line "export EDITOR=nano" to his .bash_profile file, and the environment variable would be set automatically every time he logged in. In summary, there are two ways someone could go about creating or modifying their crontab configuration. Create a text file containing their desired configuration, and then install it with crontab FILENAME. Edit their configuration in place with crontab -e. 102 Where does the output go? How does the user receive output from commands run by cron? The crond daemon will mail stdout and stderr from any commands run to the local user. Suppose ventura had set up the following cron job: 103 Where does the output go? Once an hour, at five minutes past the hour, he could expect to receive new mail that looks like the following: The mail message contains the output of the command in the body, and all defined environment variables in the message headers. Optionally, ventura could have set the special MAILTO environment variable to a destination email address, and mail would be sent to that address instead: 104 Environment Variables and cron When configuring cron jobs, users should be aware of a subtle detail. When the crond daemon starts the user's command, it does not run the command from a shell, but instead forks and execs the command directly. This has an important implication: Any environment variables or aliases that are configured by the shell at startup, such as any defined in /etc/profile or ~/.bash_profile, will not be available when cron executes the command. If a user wants an environment variable to be defined, they need to explicitly define the variable in their crontab configuration. 105 Online Exercises Chapter 7. Scheduling Periodic Tasks: cron Monitoring Who is on the System. Online Exercise Objective: Configure a cron job Estimated Time: 10 mins. Specification You are a little paranoid, and want to monitor who is using your computer in the middle of the night. Configure a cron job which will mail you the output of the who command daily at 4:35 in the morning. Deliverables A cron configuration which mails the output of the who command daily at 4:35 am. 106