1. Overview
Processes are one of the fundamental concepts of Linux kernels. Essentially, a process is an instance of a program executing on the system. Moreover, we can create, terminate, suspend, or resume a process. Additionally, processes can communicate and synchronize with each other through various methods. To manage and monitor processes on a Linux system, we need to identify them by some unique attribute.
In this tutorial, we’ll explore the PID, PPID, PGID, and SID attributes. Further, we’ll discuss how to display them collectively using the ps command. In addition, we’ll explore the /proc filesystem and how to use it to display the PPID, PGID, and SID of a process.
2. Process Attributes in Unix-like Systems
The most common attribute is the process ID (PID). Basically, PID is a number assigned by the kernel to each process when it’s created. Also, the PID can be used to send signals, change priorities, or perform other operations on a specific process.
However, PID isn’t the only attribute that we can use to identify a process. There are other attributes that are related to the process hierarchy:
Furthermore, understanding such identifiers can be useful for comprehending the relationship among processes and performing actions on groups of processes.
3. The ps Command
The ps command is one of the ways to view the processes running on a Linux system. It can display various details about each process:
- PID
- PPID
- PGID
- SID
- user name
- command name
- CPU usage
- memory usage
Furthermore, the ps command has many options that we can use to customize the output:
- -a: shows all processes except session leaders and processes not associated with a terminal
- -e: shows all processes
- -f: shows full format listing
- -l: shows long format listing
- -o: specifies which fields to display in the output
- -u: shows user-oriented format listing, which includes user name and CPU usage
Notably, the ps command without any option displays only the processes associated with the current terminal:
$ ps
PID TTY TIME CMD
32269 pts/0 00:00:00 bash
34482 pts/0 00:00:00 ps
In this default case, we can see four columns:
- PID: process ID
- TTY: terminal type associated with the process
- TIME: total CPU time used by the process
- CMD: command being executed by the process
In addition, we can combine options to customize the output. For instance, we can get only the PID and the command name of all processes on the system in a shorter format:
$ ps -eo pid,cmd
PID CMD
1 /sbin/init splash
2 [kthreadd]
3 [rcu_gp]
4 [rcu_par_gp]
5 [slub_flushwq]
6 [netns]
8 [kworker/0:0H-events_highpri]
10 [mm_percpu_wq]
11 [rcu_tasks_kthread]
12 [rcu_tasks_rude_kthread]
13 [rcu_tasks_trace_kthread]
14 [ksoftirqd/0]
15 [rcu_preempt]
...
As a result, we see each process ID and the command that’s executed by the process.
4. Displaying PID, PPID, PGID, and SID Together
Now, let’s explore some of the common and useful options for simultaneously displaying PID, PPID, PGID, and SID using ps.
4.1. Using -o Option
Generally, we can use the -o option of ps to specify the desired output columns by name.
The -o option has a general syntax:
$ ps -o <keyword1>,<keyword2>,...
We can get the list of available keywords from the man page for ps. Also, we can use aliases or abbreviations for some of the keywords, such as pgrp for pgid or sess for sid.
Therefore, we can display PID, PPID, PGID, and SID collectively by using their keywords with the -o option:
$ ps -o pid,ppid,pgid,sid
PID PPID PGID SID
32269 32250 32269 32269
36246 32269 36246 32269
From the output above, each column corresponds to one of the keywords we specified with the -o option. However, the processes displayed here are the ones associated with the current terminal.
Thus, we can display a given set of columns for all processes:
$ ps -eo pid,ppid,pgid,sid
PID PPID PGID SID
1 0 1 1
2 0 0 0
3 2 0 0
4 2 0 0
5 2 0 0
6 2 0 0
8 2 0 0
10 2 0 0
...
Notably, the -e option is analogous to using the -A option meaning all processes.
4.2. Using -f and -j Options
Further, we can use a combination of the -f and -j options to collectively display the PID, PPID, PGID, and SID columns.
Firstly, the -f option displays additional information such as the PID and the PPID. In general, the -f option is also known as the full-format option, and it shows more details about the processes than the default output format.
Finally, the -j option adds both PGID and SID columns to the full-format listing. Additionally, the information displayed by the -j option is valuable for understanding the relationships between processes and how we manage these processes in a terminal environment, especially regarding job control.
By combining these options with -e, we can show all processes on the system in a custom format:
$ ps -efj
UID PID PPID PGID SID C STIME TTY TIME CMD
root 1 0 1 1 0 Aug11 ? 00:00:05 /sbin/init s
root 2 0 0 0 0 Aug11 ? 00:00:00 [kthreadd]
root 3 2 0 0 0 Aug11 ? 00:00:00 [rcu_gp]
root 4 2 0 0 0 Aug11 ? 00:00:00 [rcu_par_gp]
root 5 2 0 0 0 Aug11 ? 00:00:00 [slub_flushw
root 6 2 0 0 0 Aug11 ? 00:00:00 [netns]
root 8 2 0 0 0 Aug11 ? 00:00:00 [kworker/0:0
...
We can see that each column corresponds to one of the attributes that we want to display. Additionally, we have other possible columns:
- UID: user ID of the process owner
- C: CPU utilization of the process
- STIME: start time of the process
- TTY: terminal associated with the process
- TIME: total CPU time used by the process
- CMD: command being executed by the process
We can also use other options or flags with ps to customize the output format further.
5. Finding Process Details Using /proc
The /proc filesystem provides an interface to the kernel data structures and allows us to access information about the system and the processes. Further, the /proc filesystem is organized as a hierarchy of directories and files that correspond to different aspects of the system and processes.
Moreover, each file or subdirectory represents a kernel data structure or parameter that can be read or written by the user. For instance, the /proc/PID directory contains information about the process with the given PID, such as its PPID, status, memory usage, and others. Also, the /proc/sys directory contains files that can be used to change certain kernel settings at runtime, such as network parameters, security options, etc.
As a result, we can use the /proc filesystem to find the PPID, PGID, and SID of a process.
5.1. Locate by PID
Firstly, we’ll locate the subdirectory under /proc that matches the PID of the process we want to examine. Let’s look at the process with PID 51 by listing the files and subdirectories under /proc/51 using the ls command:
$ ls -l /proc/51
total 0
-r--r--r-- 1 root root 0 Aug 15 07:22 arch_status
dr-xr-xr-x 2 root root 0 Aug 15 07:22 attr
-rw-r--r-- 1 root root 0 Aug 15 07:22 autogroup
-r-------- 1 root root 0 Aug 15 07:22 auxv
-r--r--r-- 1 root root 0 Aug 15 07:22 cgroup
--w------- 1 root root 0 Aug 15 07:22 clear_refs
-r--r--r-- 1 root root 0 Aug 14 21:21 cmdline
-rw-r--r-- 1 root root 0 Aug 15 07:22 comm
-rw-r--r-- 1 root root 0 Aug 15 07:22 coredump_filter
-r--r--r-- 1 root root 0 Aug 15 07:22 cpu_resctrl_groups
-r--r--r-- 1 root root 0 Aug 15 07:22 cpuset
lrwxrwxrwx 1 root root 0 Aug 15 07:22 cwd -> /
-r-------- 1 root root 0 Aug 14 21:21 environ
lrwxrwxrwx 1 root root 0 Aug 14 21:21 exe
dr-x------ 2 root root 0 Aug 15 07:22 fd
...
Now, we can check the function of some files:
- stat: contains status information about the process
- cmdline: holds the command line used to start the process
- exe: symbolic link to the actual executable file of the process
- fd: contains symbolic links to file descriptors that the process has opened
- limits: information about various resource limits set for the process
- io: input and output statistics for the process
- environ: environment variables of the process
- smaps: contains detailed information about memory usage
Also, the -l option displays a long format listing of files and directories in a directory.
5.2. Read Process Details
Next, we’ll read the contents of the stat file using the cat command. The stat file contains the PPID, PGID, and SID:
$ cat /proc/51/stat
51 (kblockd) I 2 0 0 0 -1 69238880 0 0 0 0 0 0 0 0 0 -20 1 0 21 0 0 18446744073709551615 0 0 0 0 0 0 0 2147483647 0 0 0 0 17 3 0 0 0 0 0 0 0 0 0 0 0 0 0
Notably, the PPID, PGID, and SID of the process are in the fourth, fifth, and sixth fields respectively.
Therefore, we can use the awk command to print these fields:
$ cat /proc/51/stat | awk '{print $4,$5,$6}'
2 0 0
As shown above, the PPID, PGID, and SID of the process with PID 51 are 2, 0, and 0 respectively.
6. Conclusion
In this article, we learned how to collectively display PID, PPID, PGID, and SID. First, we looked at the output of ps using different options. After that, we explored how to use the /proc filesystem to access the same process details.