This series of articles is the learning notes of
the Linux introductory tutorial of Mr. Wu Shengran of Shang Silicon Valley. The previous series of articles are linked as follows . Linux introductory tutorial: P6->system management Linux introductory tutorial: P7->Shell introduction Linux introductory tutorial: P8->file directory Linux introductory tutorial: P9->time and date introductory Linux tutorial: P10->user authority introductory Linux Tutorial: P11->Introductory Linux Tutorial for File Search: P12->Introductory Linux Tutorial for Compression and Decompression : P13->Disk Management
Article Directory
1. Check the process
1.1 Basic Usage
basic concept
A process is a program or command being executed, each process is a running entity, has its own address
space, and occupies certain system resources. Some processes stay in memory for a very short time (such as ls, cd commands), while some processes (such as network services) will always stay in memory. This kind of process is called a service.
In the Linux system, processes can be divided into two categories:
①Processes displayed in the foreground
②Processes running in the background.
System services often belong to background processes, and the process that specifically executes these system services is generally called a daemon process. The commands of these daemons all end in d.service, and they are all in/usr/lib/systemd/system
.
Thenls /usr/lib/systemd/system | grep d.service
filter, you can see many daemons.
There is a sshd.service in it. When we use Xshell for remote connection, we use the SSH service to connect to our virtual machine. sshd.service is the daemon process of the SSH service.
windows view process
ctrl + alt +del
Open the task manager, these processes are divided into two categories: application and background process, we can think that the user process running in the foreground, most of these background processes are system services.
Linux view process
ps: process status Basic syntax of the process status: (
ps aux | grep xxx
Function description: View all processes in the system)
ps -ef | grep xxx
(Function description: You can view the relationship between child and parent processes)
Option description:
a
: List the processes of all users with terminals
x
: List All processes of the current user, including those without a terminal
u
: User-friendly display style
-e
: List all processes
-u
: List all processes associated with a user
-f
: Display a process list in full format
Example: Useps
display processes as shown below.
It only displays the processes invoked by the current user and all processes associated with the current terminal console, so there are very few.
Option classification:
①The style with bars is the standard unix style.
②The style with the bar is the standard BSD style. Linux inherited from Unix, and during the evolution of Unix, there was a derivative version, BSD, which had an impact on later Apple systems.
BSD style:
example: use tops aux
display related process information
We see that there are a lot of processes here, and we can make a pipelineps aux | more
to display them by flipping pages.
Example: Executeps -ef | more
a command to display process information.
There is a PPID in it, which is actually the ID of his parent process.
Note: You need to be careful when writing these commands, for example,ps aux
don’t write themps -aux
, because if you happen to havex
this user, it will displayx
related process. But by default, if the X user cannot be found, Linux will automatically understand itps aux
.
1.2 Detailed process information
Information about ps aux
Enter
ps aux | more
to display information about the process.
USER : which user generated the process
PID : the ID number of the process
%CPU : the percentage of CPU resources occupied by the process, the higher the occupation, the more resources the process consumes
%MEM : the percentage of physical memory occupied by the process, the higher the occupation, The process consumes more resources
VSZ : the size of the virtual memory occupied by the process, in KB
RSS : the actual physical memory occupied by the process, in KB
TTY : which terminal the process is running on.
----Question mark: Indicates that it does not have any terminal
----tty1: Graphical terminal (the early interactive terminal was something similar to a typewriter, so it was called a tele type writer)
----tty2-tty6: Local character interface terminal. These are the big black screens we entered by pressing ctrl + alt + F1~F6 earlier.
----pts/0-255: represents a virtual terminal. Whether you open a terminal directly in the current virtual machine or open a terminal in the X shell, a virtual terminal is actually generated.
STAT : Process status.
----R: Running state
----S: Sleeping state. The process has been started, but it is not being processed now, and it may be waiting for an event or signal to wake it up and continue execution.
----T: Suspended state
----Z: Zombie state. This process is about to end, but it has some information that has not been deleted. The parent process may still need some of its information, leaving only an empty shell. Under normal circumstances, when its parent process exits, it will be completely cleared.
----s: Contains child processes
----l: Multithreading
----+: Foreground display
----<: Very high priority
----N: Very low priority
START : This The start time of the process
TIME : The computing time of the CPU occupied by the process
COMMAND : The name of the command that generated this process
Note:
①Virtual memory occupies more, which is larger than physical memory. Isn't the swap partition used to expand physical memory? Why do you start using virtual memory when the physical memory is not used up?
Answer: Linux has a complete set of mechanisms for memory management. If there are some pages in the memory that are not commonly used, it is not to wait until the memory is full before replacing it with the virtual memory outside. Instead, as long as it is judged that some pages in the current memory have not been used for a long time, they will be directly replaced in the virtual memory. Only those that are frequently used are kept in the current physical memory, the current memory usage will be less, and it will be more efficient, and the physical memory can be freed up as much as possible to handle more things.
②The first one is the number one process with pid 1, the/usr/lib/systemd/systemd
command executed by the process.
The second process is responsible for the scheduling and management of all kernel threads and always runs in the kernel space. So you can see later that many system-level services run in the form of system threads
ps -ef info
Run
ps -ef
, the information is as follows.
The main bodies are similar, the biggest difference is that there is an extra PPID and C.
PPID: PID of the parent process. The parent process of process number one systemd and process number two kthreadd is process number 0. Process 0 is special, it is an idle process. Because process number one is the first user process to start, it can only be started by a system-level process.
C: Factor used by the CPU to calculate execution priority. A larger value indicates that the process is a CPU-intensive operation, and the execution priority will be lowered; a smaller value indicates that the process is an I/O-intensive operation, and the execution priority will be increased.
Summarize
If you want to check the CPU usage and memory usage of the process, you can use aux;
if you want to check the parent process ID of the process, you can use -ef
1.3 Check the remote login process
The remote login process is related to ssh. Using
ps -ef | grep sshd
the filter and ssh-related processes, three results were found.
① The first one is the command that we directly start the sshd service. The PID of the corresponding process is 1130, and its parent process is directly the No. 1 process. We use tosystemctl status sshd
view the status of the ssh service, we can see that it is running, and it is started at boot, that is, it is started directly by the first process.
②The second means that our XShell opened a virtual terminal as root to log in to our remote server. It is a child process created by the sshd daemon process.
③ Finally, there is a grep --color=auto sshd, which is the corresponding one generated by our current ps and then screening sssh command.
Create a new remote connection, log in as root user
Create a new link in XShell, log in as root
and execute itps -ef | grep sshd
, you can see that there are more pts/1, this is our current remote connection.
Create a new remote connection and log in as a normal user t
Create a new link in XShell and log in as a normal user.
Then execute itps -ef | grep sshd
, and you can see that there are two more sshd processes.
Reason:atguigu@pts/1
Obviously, we have opened another remote login terminal here, and the user is atguigu. There is one aboveatguigu [priv]
, the user is root. This is mainly for privilege separation. A process is listed individually. It retains the Root identity, and we use this process to perform operations when we want to use root privileges to perform some operations. If it is an ordinary Aite Silicon Valley user to operate, use the following remote login process to operate. In this way, permissions are separated, and we can get better guarantees in terms of security and performance.
2. Terminate the process
kill terminates the process
①
kill [选项] 进程号
(Functional description: kill process by process number)
②killall 进程名称
(Functional description: kill process by process name, wildcards are also supported, which is useful when the system becomes very slow due to excessive load)
Example: Now we remotely Logged in two root and one atguigu user
Now to terminate the atguigu user. You can use kill 3081 or kill 3085. Now look at the process information, you can find that the atguigu process is gone.
Going back to XShell, you can also see that the link showing atguigu has been closed by other hosts.
Example: You can also kill another remote connection process that uses root login.
Back to XShell, you can see that the link is broken.
Example: You can also kill yourself, and disconnect directly after Killing.
Example: Now we reconnect the three remote connection users, and then prepare to kill their daemon process 1163.
We execute kill 1163, and we can see that the parent processes of the three remote login processes have all changed to 1.
In addition, we can no longer log in other users through remote connections. And if these three remote connection processes are closed, they will no longer be able to connect.
Solution: Check the status of the sshd service, you can see that it is closed,
so we can reopen it, and you can see that it is in the running state.
Now we log in the atguigu user again, and we can see that the parent process of the atguigu process is the child process of the sshd daemon process 3740 we restarted.
Note: We have always had a process representing the current sshd command heregrep -color=auto sshd
, let's see who its parent process is. You can see thatps -ef | grep 3862
its parent process is our terminal interface bash. Now the call relationship of sshd is obvious:1
->sshd
->远程连接
->bash
.
kill -9 Forcefully terminate the process
We want to see all the current bash.
Now we want to kill the virtual terminal process of pts13402
, but we cannot kill it after trying. Because the Shell console is a running process, it will not work if you kill it directly.
Solution:kill 9 进程
This -9 represents the signal value of the system, which represents the kill signal.
Now we forcibly kill the bash of pts2, and we can see that it was successfully killed.
killall sshd
killall needs to be used carefully. For example, if we use it herekillall sshd
, it can be seen that all windows are disconnected. Even the daemon process is turned off, we can't reconnect, we can only go to the server to turn on sshd.
3. View the process tree
pstree
①Basic syntax:
pstree [选项]
②Option description:
-p
: Display the PID of the process
-u
: Display the user of the process
Example: Usepstree
the view process tree, you can see that the initial process is systemd, and then many processes are extended from it.
Usepstree -p
to display the pid.
Usepstree -p
to display the belonging user.
4. Real-time monitoring process
top Real-time monitoring system
ps: It’s more like a snapshot. It takes a snapshot of the currently active process information, and then uses more or less to display it in pages to see what’s inside.
top: real-time monitoring display, it will open an interactive interface for us, and then refresh the current process information in real time.
Example: runtop
, the information is as follows, a total of two parts.
①The first line of the upper part
: top is the name of the current program; display the current time; an up; the time since the system started running until now; how many users have logged in now (1 server-side + XShell 3 + server-side graphics When the desktop environment comes in, it is also a root user); average load (these three numbers represent the average load of the entire system in the past 1 minute, 5 minutes and 15 minutes. Generally, if the average load is less than 0.7, we consider it This load is not too large, if it is greater than 1, it means that the current system load is exceeded)
The second line: the total number of tasks (processes). Followed by the number of processes in various states.
The third line: CPU usage.
----us
Represents the ratio of CPU time occupied by user processes (user processes whose priority has not been changed by default);
----sy
Represents the percentage of current CPU time occupied by system processes.
----ni
isnice
the first two letters of the command. The nice command can assign a friendly value to the running process. The higher the friendly value, the friendlier the process, the lower its priority, and it will always make way for others. If the friendliness value is lower, its priority is higher, which means that it is particularly powerful and should be run first. So this refers to the proportion of all user processes in the CPU running time after the current priority is adjusted by the nice command;
----id
represents the idle time of the CPU;
----wa
It is the first two letters of wait, showing the proportion of time spent waiting for IO operations. Many processes may have finished their work, but they need to wait for an IO input and output message, then they will wait at this time, and the time taken up is displayed here.
----hi
is the abbreviation of hardware interrupt, representing the proportion of hard interrupt service request time;
----si
is the abbreviation of softwareinterrupt, representing the proportion of soft interrupt service request time;
----st
represents our machine is virtualized The percentage of time spent on the device.
The fourth line: the current memory usage, the unit is KB.
The fifth line: the current virtual memory usage, the unit is KB.
②The following part is about the status of the overall system operation.
----PID represents the number of the process
----USER represents which user is calling the process
----PR (priority) represents the priority of the current task scheduling
----NI represents the nice value specified by the user
--- -VIRT represents the size occupied by virtual memory
----RES represents the size occupied by actual memory
----SHR represents the size occupied by shared memory
----S represents the state of the current process. At present, most of them are S (sleeping)
----%CPU represents the proportion of CPU computing time of the current process
----%MEM represents the proportion of memory of the current process
----TIME+ represents the running time of the process (occupying the CPU total time). This plus sign means that the current accuracy is accurate to two percent behind the second, that is, accurate to 0.01 second.
----COMMAND represents the command to generate the current process.
Switch the sorting order:
①M
Orshift m
, sort according to the occupied memory from large to small.
②OrP
,shift p
sort according to the occupied CPU time from large to small (the default sorting).
③N
Orshift n
, sort by PID from large to small.
Option Description
-d 秒数
: Specify the top command to update every few seconds, the default is 3 seconds.
-i
: Make top not show any idle or zombie processes.
-p
: Only monitor a certain process by specifying the monitoring process ID.
Example: Usetop -p
command to filter out idle processes. The standard of idleness is that the CPU has not been occupied since the last time it was displayed until the present time. Therefore, the process status may not always be R. It may occupy the CPU and sleep again, so it may also be S.
Example: During monitoring, press the lowercase u, and then enter the user name to monitor the process of the specified user. For example, we log in to atguigu in XShell, and then come here to specify the process to display XShell.
Run, you can see the process related to atguigu.
Example: Press k during the monitoring process, and then enter the PID to kill the specified process.
Then you need to enter the signal name or signal value
5. Network status and port monitoring
netstat
Basic usage:
netstat -anp | grep process number (function description: view the network information of this process)
netstat –nlp | grep port number (function description: view network port number occupancy)
option description:
-a
: display all listening (listen) and Unmonitored socket (socket)
-n
: Refuse to display aliases, and convert all numbers that can be displayed into numbers
-l
: Only list the service status that is being monitored
-p
: Indicates which process is calling
Example: Use the commandnetstat -anp | less
to view
Proto: use sockets The network protocol corresponding to this network transmission, where tcp refers to some related protocols under IPV6.
Recv-Q: The number of bytes that has not been copied by the user program connected to the current socket, that is, the number of bytes that have been received but not yet copied.
Send-Q: The number of bytes that have been sent but the remote host has not confirmed the receipt, it may be data that has been lost and needs to be retransmitted.
Local Address: The current address (in the form of socket), that is, IP+colon+port number.
----0.0.0.0
: All local addresses of this machine
----127.0.0.1
: Loopback address, generally used for local monitoring and testing
Foreign Address: The remote address
192.168.123.1 is the IP address of our physical PC, here we have two users The 22 port of the VM is connected through different ports, and the state is ESTABLISHED.
6. System timing tasks
Basic syntax:
crontab [选项]
Option description:
-e
: Edit crontab Timing task
-l
: Query crontab task
-r
: Delete all crontab tasks of the current user
Parameter description:
①Enter the crontab editing interface. It will open vim to edit your work
② Special symbols
③ Specific time execution command
Example: Entercrontab -e
to enter the editing page, and then enter*/1 * * * * echo "hello, world" >> /root/hello
, which means adding the sentence hello, world to the hello file every minute.
Then look at the hello file every minute, and you can see that there is content.
We can also use totail -f hello
view the changes of the hello file,
or tocrontab -l
view the contents of the scheduled task file
, and finally tocrontab -r
clear the crontab task