How to Find the List of Daemon Processes and Zombie Processes in Linux


This article will guide you to understand the Zombie process and Daemons, and also help us to find the process which is running in the background.

What is Zombie Process?

When a process ends the execution, then it will have an exit status to report to its master process. Because of that little bit of information, the process will remain in the OS process table as a zombie process, which indicates that it is not to be scheduled for future, but this process cannot be completely removed or the process ID will not be used until the exit has been determined and no longer needed.

When a child completes the process, the master process will receive a SIGCHLD signal to indicate that one of its child process has finished the executing; the parent process will typically call the wait() system status at this point. That status will provide the parent with the child’s process exit status, and will cause the child process to be reaped, or removed from the process table.

Daemons?

Linux is a multi-tasking operating system. Each program running at any time is called a process. Every running command starts with at least one new process and there are many numbers of system processes that are running.

Each process is identified by a number called Process ID (PID). Similar to files, each process has its owner and group, and the group and owner permissions are useful to identify which files and devices are related to those processes. Most processes also have their own parent process that started them.

Example: The shell is a process, and any command executed in the shell is a process which belongs to the shell parent process. The exception is a special process called init(8) which is the first process to start at booting time and which has a PID(Process ID) of 1.

Some programs are to be run with continuous user input and disconnected from the terminal. For example, a web server responds to web requests, instead of user input. Mail servers are another examples of this type application. These type of programs are also known as daemons.

Foreground Processes

Every process has to start running in the foreground. It gets its input from the keyboard and sends its output to the screen after the process.

You can see this happen with the ls command. If I want to list all the files in my current directory, I can use the following command –

This will show all the files in the current directory.

# ls
lost+found user1 user2

The process runs in the foreground and will direct the output to my screen, and if a command wants any input it waits for input.

While a program is running in foreground and taking so much time, we cannot run any other commands from the command prompt which can be available until the program finishes its processing.

Background Processes

A background process runs without being the interaction of users. If the background process requires any input, it waits.

The advantage of running a process in the background is that you can run other commands, and you are not supposed to wait until it completes to start another process.

The simplest way to start the background process is to add an ampersand (&) at the end of the command we execute.

# find . / > files

The above will write the output to files file with all the files and directories which will take more time. So, for instance, ampersand (&) at the end of the line will run in the background as a process and the cursor will come to prompt waiting for another command.

# find ./ > files &
[1] 76742
#

The first line contains information about the background process about how many background process are running and the job number or process ID. We need to know the PID to manipulate it between background and foreground.

If you press the Enter now, we can see the following output

[1]+ Done find . / > files

The first line tells you that the find command background process finishes successfully and waits for the other command.

Listing Running Processes

This command will list the own processes by running, the ps (process status) command.

# ps
PID    TTY       TIME CMD
69301  pts/0    00:00:00 bash
78926  pts/0    00:00:00 ps

The commonly used flags for ps is the -f, -f will display full information, which provides more information as shown below.

# ps -f
UID    PID    PPID    C    STIME    TTY    TIME CMD
root   69301 69261    0    13:34    pts/0  00:00:00 -bash
root   79099 69301    0    13:51    pts/0  00:00:00 ps -f

Full Usage of PS Command

# ps --help
********* simple selection ********* ********* selection by list *********
-A all processes                          -C by command name
-N negate selection                       -G by real group ID (supports names)
-a all w/ tty except session leaders      -U by real user ID (supports names)
-d all except session leaders             -g by session OR by effective group name
-e all processes                          -p by process ID
                                          -q by process ID (unsorted & quick)
T all processes on this terminal          -s processes in the sessions given
a all w/ tty, including other users       -t by tty
g OBSOLETE -- DO NOT USE                  -u by effective user ID (supports names)
r only running processes                   U processes for specified users
x processes w/o controlling ttys           t by tty
*********** output format ********** *********** long options ***********
-o,o user-defined    -f full              --Group --User --pid --cols --ppid
-j,j job control     s signal             --group --user --sid --rows --info
-O,O preloaded -o    v virtual memory     --cumulative --format --deselect
-l,l long             u user-oriented    --sort --tty --forest --version
-F extra full        X registers         --heading --no-heading --context
                                         --quick-pid
********* misc options *********
-V,V show version       L list format codes        f ASCII art forest
-m,m,-L,-T,H threads    S children in sum          -y change -l format
-M,Z security data      c true command name       -c scheduling class
-w,w wide output        n numeric WCHAN,UID          -H process hierarchy

Stopping Processes

A process can be stopped in several ways. Often, from a command line, by sending a CTRL + C keystroke – will exit the command. This works when the process is running in the foreground.

If a process is running in background mode, then first you would need to get its Job ID using the ps command and after that you can use kill command to kill the process as follows –

# ps -f
UID    PID    PPID    C    STIME TTY       TIME CMD
root  69301   69261   0    13:34 pts/0    00:00:00 -bash
root  82913   69301   0    13:58 pts/0    00:00:00 ssh root@192.168.1.89
root  82952   69301   0    13:58 pts/0    00:00:00 ps -f

# kill 82913
Terminated

Here kill command would terminate ssh root@192.168.1.89. If a process ignores a regular kill, we can use kill -9 followed by the process ID as follows.

# ps -f
UID    PID    PPID     C    STIME TTY    TIME CMD
root    69301 69261    0 13:34 pts/0    00:00:00 -bash
root    83964 69301    0 14:00 pts/0    00:00:00 ps -f
[1]+    Killed                ssh root@192.168.1.89

How can we see if there are zombie processes running on a system.

Run “ps aux” and look for a Z in the STAT column.

# ps -aux
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
USER    PID    %CPU    %MEM    VSZ    RSS    TTY    STAT    START    TIME    COMMAND
root    11647 0.0 0.1 549100 7348 ? S Mar18 0:13 /usr/libexec/clock-applet --oaf-activate-iid=OAFIID:GNOME_ClockApplet_Factory --oaf-ior-fd=28
root 11648 0.0 0.1 400744 5552 ? S Mar18 0:00 /usr/libexec/gdm-user-switch-applet --oaf-activate-iid=OAFIID:GNOME_FastUserSwitchApplet_Factry --oaf-ior-fd=34
root 11649 0.0 0.1 290996 4072 ? S Mar18 0:00 /usr/libexec/notification-area-applet --oaf-activate-iid=OAFIID:GNOME_NotificationAreaApplet_Factory --oaf-ior-fd=40
root 11681 0.0 0.0 137416 1524 ? S Mar18 0:00 /usr/libexec/gvfsd-burn --spawner :1.9 /org/gtk/gvfs/exec_spaw/
root 11696 0.0 0.0 135276 1320 ? S Mar18 0:00 /usr/libexec/gvfsd-metadata
root 12196 0.0 0.0 0 0 ? Z Mar18 0:20 [yumBackend.py] <defunct
root 13284 0.0 0.1 303428 6212 ? Sl Mar18 0:00 gnome-terminal
root 13286 0.0 0.0 8228 620 ? S Mar18 0:00 gnome-pty-helpe
root 13287 0.0 0.0 108340 1340 pts/0 Ss+ Mar18 0:00 bas
root 14347 0.0 0.0 223336 3408 ? S 10:50 0:00 smbd -D
root 14578 0.0 0.4 425524 18172 ? Ss Mar25 0:21 /usr/sbin/http
apache 15091 0.0 1.5 414648 61904 ? S Apr05 0:44 php-fpm: pool ww
postfix 18359 0.0 0.0 80948 3384 ? S 12:24 0:00 pickup -l -t fifo -u

In the above example, the process with process ID 12196 is having status z, use the kill command to kill that process

#kill -9 12196

After this article you are able to understand what is zombie process and daemons and how to find out it and how to stop it, also how to make a process in background.

karthikeya Boyini
karthikeya Boyini

I love programming (: That's all I know

Updated on: 21-Jan-2020

5K+ Views

Kickstart Your Career

Get certified by completing the course

Get Started
Advertisements