List running processes with Linux ps command

List running processes with Linux ps command

Here’s another useful Linux command, the ps, that will show which processes are running in the system to troubleshoot, audit, forensics and so on.

Since it is commonly used for these purposes, the recommendation is to get familiar with it if you want to continue learning the Linux OS.

This post will describe some of the use cases that you might want to check and test, so you can see how it works and which outcome could be gathered from running ps.

Getting the processes running by the current shell session

By default, running ps command without any options will display all the processes spawn by the current shell session with the PID, TTY, TIME and CMD:

running ps command without any options will show current processes running by the current shell

The above example shows 2 current processes. The first one is the bash interpreter executed as a separate process to run the second process, the ps command.

In a more graphical way, the f option prints the relations between the processes:

$ ps f
Running ps f to show current shell processes and prints their relations

Any child process will start with “\_” to graphically tell which is its parent process. In this case, the bash process.

In order to get a more complex output, let’s try to run the following:

$ sh
$ bash
$ ping -c 10 localhost &>/dev/null &
$ ps f
Another ps f example with more processes to show how they are related

The previous picture shows the chained processes caused by the command sequence. The last bash interpreter is the one that actually runs the ping command and the ps f command.

List the processes running by a particular user

The ps -u option, followed by the OS user account name, will display all the processes that are running by it:

$ ps -u root
execute ps -u root to get the processes running by this OS user.

If you combine it with the previous described f option then:

$ ps f -u root
running ps f -u root to get the processes run by this user in a hierarchy format

List all the processes in the system

Getting all the current running processes in the system is clearly the way to learn more what’s going on it. Therefore, you can get this information by running any ps command from the following list:

$ ps ax
$ ps -e
$ ps -A
getting all the processes running in the system with ps ax

They can be combined also with other options like f:

$ ps fax
$ ps f -e
$ ps f -A
running ps fax to get all the processes and print their relations.

Obtaining more information from the process listing

There are multiple properties that you can get from the process listing. For example, the u option will display the user name running the process, the CPU and memory consumption, the start date and more:

$ ps aux
a ps aux command output example

Another interesting option is the l option, which will tell about the PPID, the NI priority, the user UID and so on:

$ ps lax
a ps lax command output example

Finally, your can customise the ps output by using the option o or -o:

$ ps axo ppid,pid,user,cmd
ps axo to list processes with a customised fields

You can learn more about the ps output fields running man ps, then browse to the section “STANDARD FORMAT SPECIFIERS”.

Related Posts