Here’s another useful Linux command, the ps
, that will show which processes are running in the system to troubleshoot, audit, forensics and so on.
Since it is commonly used for these purposes, the recommendation is to get familiar with it if you want to continue learning the Linux OS.
This post will describe some of the use cases that you might want to check and test, so you can see how it works and which outcome could be gathered from running ps
.
Getting the processes running by the current shell session
By default, running ps
command without any options will display all the processes spawn by the current shell session with the PID, TTY, TIME and CMD:
The above example shows 2 current processes. The first one is the bash interpreter executed as a separate process to run the second process, the ps
command.
In a more graphical way, the f option prints the relations between the processes:
$ ps f
Any child process will start with “\_” to graphically tell which is its parent process. In this case, the bash process.
In order to get a more complex output, let’s try to run the following:
$ sh
$ bash
$ ping -c 10 localhost &>/dev/null &
$ ps f
The previous picture shows the chained processes caused by the command sequence. The last bash interpreter is the one that actually runs the ping
command and the ps f
command.
List the processes running by a particular user
The ps
-u option, followed by the OS user account name, will display all the processes that are running by it:
$ ps -u root
If you combine it with the previous described f option then:
$ ps f -u root
List all the processes in the system
Getting all the current running processes in the system is clearly the way to learn more what’s going on it. Therefore, you can get this information by running any ps command from the following list:
$ ps ax
$ ps -e
$ ps -A
They can be combined also with other options like f:
$ ps fax
$ ps f -e
$ ps f -A
Obtaining more information from the process listing
There are multiple properties that you can get from the process listing. For example, the u option will display the user name running the process, the CPU and memory consumption, the start date and more:
$ ps aux
Another interesting option is the l option, which will tell about the PPID, the NI priority, the user UID and so on:
$ ps lax
Finally, your can customise the ps
output by using the option o or -o:
$ ps axo ppid,pid,user,cmd
You can learn more about the ps
output fields running man ps
, then browse to the section “STANDARD FORMAT SPECIFIERS”.