How to Find the List of Daemon Processes and Zombie Processes in Linux

This article will guide you to understand the Zombie process and Daemons, and also help us to find the process which is running in the background.

What is Zombie Process?

When a process ends the execution, then it will have an exit status to report to its master process. Because of that little bit of information, the process will remain in the OS process table as a zombie process, which indicates that it is not to be scheduled for future, but this process cannot be completely removed or the process ID will not be used until the exit has been determined and no longer needed.

When a child completes the process, the master process will receive a SIGCHLD signal to indicate that one of its child process has finished the executing; the parent process will typically call the wait() system status at this point. That status will provide the parent with the child’s process exit status, and will cause the child process to be reaped, or removed from the process table.


Linux is a multi-tasking operating system. Each program running at any time is called a process. Every running command starts with at least one new process and there are many numbers of system processes that are running.

Each process is identified by a number called Process ID (PID). Similar to files, each process has its owner and group, and the group  and owner permissions are useful to identify which files and devices are related to those processes. Most processes also have their own parent process that started them.

Example: The shell is a process, and any command executed in the shell is a process which belongs to the shell parent process. The exception is a special process called init(8) which is the first process to start at booting time and which has a PID(Process ID) of 1.

Some programs are to be run with continuous user input and disconnected from the terminal. For example, a web server responds to web requests, instead of user input. Mail servers are another examples of this type application. These type of programs are also known as daemons.

Foreground Processes

Every process has to start running in the foreground. It gets its input from the keyboard and sends its output to the screen after the process.

You can see this happen with the ls command. If I want to list all the files in my current directory, I can use the following command –

This will show all the files in the current directory.

# ls
lost+found  user1  user2

The process runs in the foreground and will direct the output to my screen, and if a command wants any input it waits for input.

While a program is running in foreground and taking so much time, we cannot run any other commands from the command prompt which can be available until the program finishes its processing.

Background Processes

A background process runs without being the interaction of users. If the background process requires any input, it waits.

The advantage of running a process in the background is that you can run other commands, and you are not supposed to wait until it completes to start another process.

The simplest way to start the background process is to add an ampersand (&) at the end of the command we execute.

# find . / >  files

The above will write the output to files file with all the files and directories which will take more time. So, for instance, ampersand (&) at the end of the line will run in the background as a process and the cursor will come to prompt waiting for another command.

# find ./ > files &
[1] 76742

The first line contains information about the background process about how many background process are running and the job number or process ID. We need to know the PID to manipulate it between background and foreground.

If you press the Enter now, we can see the following output

[1]+  Done                    find . / > files

The first line tells you that the find command background process finishes successfully and waits for the other command.

Listing Running Processes

This command will list the own processes by running, the ps (process status) command.

# ps
 PID      TTY          TIME CMD
 69301 pts/0    00:00:00 bash
 78926 pts/0    00:00:00 ps

The  commonly used flags for ps is the -f, -f will display full information, which provides more information as shown below.

# ps -f
UID         PID   PPID  C STIME TTY          TIME CMD
root      69301  69261  0 13:34 pts/0    00:00:00 -bash
root      79099  69301  0 13:51 pts/0    00:00:00 ps -f

Full Usage of PS Command

# ps --help
********* simple selection *********  ********* selection by list *********
-A all processes                      -C by command name
-N negate selection                   -G by real group ID (supports names)
-a all w/ tty except session leaders  -U by real user ID (supports names)
-d all except session leaders         -g by session OR by effective group name
-e all processes                      -p by process ID
                                      -q by process ID (unsorted & quick)
T  all processes on this terminal     -s processes in the sessions given
a  all w/ tty, including other users  -t by tty
g  OBSOLETE -- DO NOT USE             -u by effective user ID (supports names)
r  only running processes             U  processes for specified users
x  processes w/o controlling ttys     t  by tty
*********** output format **********  *********** long options ***********
-o,o user-defined  -f full            --Group --User --pid --cols --ppid
-j,j job control   s  signal          --group --user --sid --rows --info
-O,O preloaded -o  v  virtual memory  --cumulative --format --deselect
-l,l long          u  user-oriented   --sort --tty --forest --version
-F   extra full    X  registers       --heading --no-heading --context
                    ********* misc options *********
-V,V  show version      L  list format codes  f  ASCII art forest
-m,m,-L,-T,H  threads   S  children in sum    -y change -l format
-M,Z  security data     c  true command name  -c scheduling class
-w,w  wide output       n  numeric WCHAN,UID  -H process hierarchy

Stopping Processes

A process can be stopped in several ways. Often, from a command line, by sending a CTRL + C keystroke – will exit the command. This works when the process is running in the foreground.

If a process is running in background mode, then first you would need to get its Job ID using the ps command and after that you can use kill command to kill the process as follows –

# ps -f
UID         PID   PPID  C STIME TTY          TIME CMD
root      69301  69261  0 13:34 pts/0    00:00:00 -bash
root      82913  69301  0 13:58 pts/0    00:00:00 ssh root@
root      82952  69301  0 13:58 pts/0    00:00:00 ps -f

# kill 82913

Here kill command would terminate ssh root@ If a process ignores a regular kill, we can use kill -9 followed by the process ID as follows.

# ps -f
UID         PID   PPID  C STIME TTY          TIME CMD
root      69301  69261  0 13:34 pts/0    00:00:00 -bash
root      83964  69301  0 14:00 pts/0    00:00:00 ps -f
[1]+  Killed                  ssh root@

How can we see if there are zombie processes running on a system.

Run “ps aux” and look for a Z in the STAT column.

# ps -aux
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
root     11647  0.0  0.1 549100  7348 ?        S    Mar18   0:13 /usr/libexec/clock-applet --oaf-activate-iid=OAFIID:GNOME_ClockApplet_Factory --oaf-ior-fd=28
root     11648  0.0  0.1 400744  5552 ?        S    Mar18   0:00 /usr/libexec/gdm-user-switch-applet --oaf-activate-iid=OAFIID:GNOME_FastUserSwitchApplet_Factry --oaf-ior-fd=34
root     11649  0.0  0.1 290996  4072 ?        S    Mar18   0:00 /usr/libexec/notification-area-applet --oaf-activate-iid=OAFIID:GNOME_NotificationAreaApplet_Factory --oaf-ior-fd=40
root     11681  0.0  0.0 137416  1524 ?        S    Mar18   0:00 /usr/libexec/gvfsd-burn --spawner :1.9 /org/gtk/gvfs/exec_spaw/
root     11696  0.0  0.0 135276  1320 ?        S    Mar18   0:00 /usr/libexec/gvfsd-metadata
root     12196  0.0  0.0      0     0 ?        Z    Mar18   0:20 [] <defunct
root     13284  0.0  0.1 303428  6212 ?        Sl   Mar18   0:00 gnome-terminal
root     13286  0.0  0.0   8228   620 ?        S    Mar18   0:00 gnome-pty-helpe
root     13287  0.0  0.0 108340  1340 pts/0    Ss+  Mar18   0:00 bas
root     14347  0.0  0.0 223336  3408 ?        S    10:50   0:00 smbd -D
root     14578  0.0  0.4 425524 18172 ?        Ss   Mar25   0:21 /usr/sbin/http
apache   15091  0.0  1.5 414648 61904 ?        S    Apr05   0:44 php-fpm: pool ww
postfix  18359  0.0  0.0  80948  3384 ?        S    12:24   0:00 pickup -l -t fifo -u

In the above example, the process with process ID 12196 is having status z, use the kill command to kill that process

#kill -9 12196

 After this article you are able to understand what is zombie process and daemons and how to find out it and how to stop it, also how to make a process in background.

Other Interesting Posts