This article will guide you to understand the Zombie process and Daemons, and also help us to find the process which is running in the background.
When a process ends the execution, then it will have an exit status to report to its master process. Because of that little bit of information, the process will remain in the OS process table as a zombie process, which indicates that it is not to be scheduled for future, but this process cannot be completely removed or the process ID will not be used until the exit has been determined and no longer needed.
When a child completes the process, the master process will receive a SIGCHLD signal to indicate that one of its child process has finished the executing; the parent process will typically call the wait() system status at this point. That status will provide the parent with the child’s process exit status, and will cause the child process to be reaped, or removed from the process table.
Linux is a multi-tasking operating system. Each program running at any time is called a process. Every running command starts with at least one new process and there are many numbers of system processes that are running.
Each process is identified by a number called Process ID (PID). Similar to files, each process has its owner and group, and the group and owner permissions are useful to identify which files and devices are related to those processes. Most processes also have their own parent process that started them.
Example: The shell is a process, and any command executed in the shell is a process which belongs to the shell parent process. The exception is a special process called init(8) which is the first process to start at booting time and which has a PID(Process ID) of 1.
Some programs are to be run with continuous user input and disconnected from the terminal. For example, a web server responds to web requests, instead of user input. Mail servers are another examples of this type application. These type of programs are also known as daemons.
Every process has to start running in the foreground. It gets its input from the keyboard and sends its output to the screen after the process.
You can see this happen with the ls command. If I want to list all the files in my current directory, I can use the following command –
This will show all the files in the current directory.
# ls lost+found user1 user2
The process runs in the foreground and will direct the output to my screen, and if a command wants any input it waits for input.
While a program is running in foreground and taking so much time, we cannot run any other commands from the command prompt which can be available until the program finishes its processing.
A background process runs without being the interaction of users. If the background process requires any input, it waits.
The advantage of running a process in the background is that you can run other commands, and you are not supposed to wait until it completes to start another process.
The simplest way to start the background process is to add an ampersand (&) at the end of the command we execute.
# find . / > files
The above will write the output to files file with all the files and directories which will take more time. So, for instance, ampersand (&) at the end of the line will run in the background as a process and the cursor will come to prompt waiting for another command.
# find ./ > files &  76742 #
The first line contains information about the background process about how many background process are running and the job number or process ID. We need to know the PID to manipulate it between background and foreground.
If you press the Enter now, we can see the following output
+ Done find . / > files
The first line tells you that the find command background process finishes successfully and waits for the other command.
This command will list the own processes by running, the ps (process status) command.
# ps PID TTY TIME CMD 69301 pts/0 00:00:00 bash 78926 pts/0 00:00:00 ps
The commonly used flags for ps is the -f, -f will display full information, which provides more information as shown below.
# ps -f UID PID PPID C STIME TTY TIME CMD root 69301 69261 0 13:34 pts/0 00:00:00 -bash root 79099 69301 0 13:51 pts/0 00:00:00 ps -f
# ps --help ********* simple selection ********* ********* selection by list ********* -A all processes -C by command name -N negate selection -G by real group ID (supports names) -a all w/ tty except session leaders -U by real user ID (supports names) -d all except session leaders -g by session OR by effective group name -e all processes -p by process ID -q by process ID (unsorted & quick) T all processes on this terminal -s processes in the sessions given a all w/ tty, including other users -t by tty g OBSOLETE -- DO NOT USE -u by effective user ID (supports names) r only running processes U processes for specified users x processes w/o controlling ttys t by tty *********** output format ********** *********** long options *********** -o,o user-defined -f full --Group --User --pid --cols --ppid -j,j job control s signal --group --user --sid --rows --info -O,O preloaded -o v virtual memory --cumulative --format --deselect -l,l long u user-oriented --sort --tty --forest --version -F extra full X registers --heading --no-heading --context --quick-pid ********* misc options ********* -V,V show version L list format codes f ASCII art forest -m,m,-L,-T,H threads S children in sum -y change -l format -M,Z security data c true command name -c scheduling class -w,w wide output n numeric WCHAN,UID -H process hierarchy
A process can be stopped in several ways. Often, from a command line, by sending a CTRL + C keystroke – will exit the command. This works when the process is running in the foreground.
If a process is running in background mode, then first you would need to get its Job ID using the ps command and after that you can use kill command to kill the process as follows –
# ps -f UID PID PPID C STIME TTY TIME CMD root 69301 69261 0 13:34 pts/0 00:00:00 -bash root 82913 69301 0 13:58 pts/0 00:00:00 ssh email@example.com root 82952 69301 0 13:58 pts/0 00:00:00 ps -f # kill 82913 Terminated
Here kill command would terminate ssh firstname.lastname@example.org. If a process ignores a regular kill, we can use kill -9 followed by the process ID as follows.
# ps -f UID PID PPID C STIME TTY TIME CMD root 69301 69261 0 13:34 pts/0 00:00:00 -bash root 83964 69301 0 14:00 pts/0 00:00:00 ps -f + Killed ssh email@example.com
How can we see if there are zombie processes running on a system.
Run “ps aux” and look for a Z in the STAT column.
# ps -aux Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 11647 0.0 0.1 549100 7348 ? S Mar18 0:13 /usr/libexec/clock-applet --oaf-activate-iid=OAFIID:GNOME_ClockApplet_Factory --oaf-ior-fd=28 root 11648 0.0 0.1 400744 5552 ? S Mar18 0:00 /usr/libexec/gdm-user-switch-applet --oaf-activate-iid=OAFIID:GNOME_FastUserSwitchApplet_Factry --oaf-ior-fd=34 root 11649 0.0 0.1 290996 4072 ? S Mar18 0:00 /usr/libexec/notification-area-applet --oaf-activate-iid=OAFIID:GNOME_NotificationAreaApplet_Factory --oaf-ior-fd=40 root 11681 0.0 0.0 137416 1524 ? S Mar18 0:00 /usr/libexec/gvfsd-burn --spawner :1.9 /org/gtk/gvfs/exec_spaw/ root 11696 0.0 0.0 135276 1320 ? S Mar18 0:00 /usr/libexec/gvfsd-metadata root 12196 0.0 0.0 0 0 ? Z Mar18 0:20 [yumBackend.py] <defunct root 13284 0.0 0.1 303428 6212 ? Sl Mar18 0:00 gnome-terminal root 13286 0.0 0.0 8228 620 ? S Mar18 0:00 gnome-pty-helpe root 13287 0.0 0.0 108340 1340 pts/0 Ss+ Mar18 0:00 bas root 14347 0.0 0.0 223336 3408 ? S 10:50 0:00 smbd -D root 14578 0.0 0.4 425524 18172 ? Ss Mar25 0:21 /usr/sbin/http apache 15091 0.0 1.5 414648 61904 ? S Apr05 0:44 php-fpm: pool ww postfix 18359 0.0 0.0 80948 3384 ? S 12:24 0:00 pickup -l -t fifo -u
In the above example, the process with process ID 12196 is having status z, use the kill command to kill that process
#kill -9 12196
After this article you are able to understand what is zombie process and daemons and how to find out it and how to stop it, also how to make a process in background.