Mastering Linux Processes: A Comprehensive Guide

Processes, Programs & Threads: The Trinity

• Program: Static executable file (e.g., /bin/bash).
• Process: Running instance of a program with unique PID, memory, and resources.
• Thread: Lightweight sub-process sharing memory with parent.

ps -eLf | grep firefox  # View processes + threads

---

Process Lifecycle & Control

Attributes/States:

• States: Running (R), Sleep (S), Zombie (Z), Stopped (T).
• Permissions: Inherit user/group of parent process.

• Limits:

  ulimit -a                 # Show current limits
  
  ulimit -n 4096            # Set max open files
  

Creation & Job Control:

1. Forking: fork() duplicates parent → exec() loads new program.

2. Background/Foreground:

   sleep 60 &               # Run in background (output still prints)
   
   bg %1                    # Resume stopped job in background
   
   fg %1                    # Bring to foreground
   

Scheduling:

• One-time:
  bash echo "tar -zcf backup.tar.gz ~/docs" | at 3:00 AM
• Periodic (cron):
  cron */5 * * * * /scripts/monitor.sh # Run every 5 mins

---

Process Priorities & Monitoring

Priorities:

• Nice: -20 (highest) to 19 (lowest).
  ```bash nice -n 10 ./compile.sh # Start low-priority

renice -n 5 -p 1234 # Change priority of running PID ```

Monitoring Tools:

• ps:

ps aux                    # All processes (user, PID, %CPU, command)
ps -o pid,ppid,ni,cmd -C sshd  # Custom fields for SSH daemon

• pstree: Visualize hierarchies:
  bash pstree -p | grep java # Show Java thread ancestry
• top: Real-time view (press P sort by CPU, M by memory).

---

Memory Management

Key Metrics:

• /proc/meminfo: Total, free, cached RAM.
• /proc/sys/vm/swappiness: 0-100 (aggressiveness of swap usage).
  bash sysctl vm.swappiness=10 # Prefer RAM over swap

Tools:

• vmstat: Memory, swap, I/O, CPU:
  bash vmstat 2 5 # Report every 2s, 5 times
• Swap Management:
  bash swapon -s # List swap areas dd if=/dev/zero of=/swap2 bs=1M count=2048 && mkswap /swap2 # Create new swap
• OOM-Killer: Kills processes when RAM exhausted (logs in /var/log/kern.log).

---

I/O Monitoring & Bottlenecks

Symptoms: High await (I/O wait time), sluggish system.

Tools:

• iostat: Per-device I/O stats:
  bash iostat -dxh 2 # Extended metrics every 2s
• iotop: Real-time I/O by process (run as root):
  bash iotop -o # Show active I/O only

---

User vs. Kernel Mode

• User Mode: Apps run restricted (cannot access hardware directly).
• Kernel Mode: OS/core drivers run with full privileges.
  bash dmesg | grep "segfault" # Catch crashes from user-mode violations

---

Daemons: Background Guardians

• Detached from terminal (e.g., sshd, nginx).
• Managed via systemd:
  bash systemctl status cron # View daemon state

---

Troubleshooting Checklist

1. High CPU? → top → Identify runaway process.
2. High RAM? → vmstat → Check swap usage.
3. I/O Bottleneck? → iotop → Find disk-hogging process.
4. Zombies? → ps aux | grep 'Z' → Kill parent process.

Pro Tip: Use strace to trace system calls:

strace -p 1234          # Debug process 1234

---

Key Takeaways

• Processes ≠ Programs: Processes are running entities with resources.
• Prioritize wisely: nice prevents resource starvation.
• Memory/swap tuning avoids OOM-killer chaos.
• I/O monitoring reveals hidden bottlenecks.

# Generate a process snapshot for debugging: 
(echo "==== $(date) ===="; ps aux; vmstat; iostat) > system_snapshot.txt