System Administration

Linux Process and

Service Management
Thái Minh Tuấn - minhtuan@ctu.edu.vn
Slides are adapted from:
[1] Slides prepared by Prof. Brian D. Davison (http://www.cse.lehigh.edu/~brian/)
[2] The Practice of System and Network Administration, 3rd Ed., by Limoncelli, Hogan, and Chalup (Addison Wesley, 2017) 1
[3] Practical Linux System Administration: A Guide to Installation, Configuration, and Management, by Kenneth Hess (O'Reilly Media, 2023)
Components of a process
● A process is the instantiation of a program
● From the kernel's perspective, a process is:
○ An address space (the set of memory pages with code, libraries, and data)
○ Set of data structures (within the kernel)
■ The process's address space map
■ Current status
■ Execution priority
■ Resources used
■ Signal mask (which signals are blocked)
■ The owner
■ Which instructions are currently being executed

2
Process attributes
● Process ID – PID
○ Unique identifier, wraps around
● Parent PID – PPID
○ When a process is cloned, there is a parent and a child
● Real and effective user ID – UID and EUID
○ EUID is used to determine what permissions the process has
○ Also records original EUID (saved UID)
■ Can be re-accessed later in program (even after changing EUID)
● Real and effective group ID – GID and EGID
● Niceness
○ The CPU time available depends on its scheduling priority
○ Users can make their processes 'nicer' to the rest of the system
● Control terminal – where stdin, stdout, stderr are attached
3
Process life cycle
● An existing process calls fork(2)
○ Parent is told PID of child
○ Child process is told 0
● Child can use exec (or similar) to start a new program
● When ready to die, process calls _exit(2) with exit code
○ Process becomes a zombie
● Parent must wait(2) to collect status of dead children
○ Resource usage, why killed
● Orphans are re-mapped to init

4
Signals
● Signals are process-level interrupt requests
● Uses
○ Inter-process communication
○ Terminal driver can kill, interrupt or suspend processes (Ctrl-C, Ctrl-Z)
○ Can be sent by admin (with kill) for various purposes
○ Can be sent by kernel when process breaks a rule
■ e.g., division by zero
○ Can be sent by kernel for i/o available, death of child

5
Handling signals
● Process can designate a signal handler for a particular signal
● If no handler, kernel takes some default action
● When handler is finished catching signal, execution continues where the
signal was received
● Process can request that particular signals be ignored, or blocked
● If signal is received while blocked, one instance of that signal is buffered
until it is unblocked

6
Important signals

7
More signals

8
Sending signals
● $kill [-signal] pid
○ $kill -STOP 2388
● $kill pid
○ sends TERM signal by default
● $kill -9 pid -> kill -KILL pid
○ “Guarantees” that the process will die
● $kill -USR1 910 3044
● $sudo killall -USR1 httpd
○ killall removes need for pid

9
Process states
● Process exists in one of four states
○ Runnable – can be executed
○ Sleeping – waiting for some resources
■ Gets no CPU time until resource is available
○ Zombie – trying to die (parent hasn't waited)
○ Stopped – process is suspended (i.e., not permitted to run)
■ Like sleeping, but can't wake until CONT received

10
Scheduling priority
● “Niceness” is hint to kernel about how often to schedule the
process
● Linux ranges from -20 (high priority, not nice) to +19 (low priority,
very nice), 0 is default
● User/process can raise, but not lower niceness
○ Root can lower
● Examples
○ $nice +5 ~/bin/longtask
○ $renice -5 8829
○ $sudo renice 5 -u boggs

11
Monitoring processes: ps
● /bin/ps primary tool
● Shows
○ PID, UID, priority, control terminal
○ Memory usage, CPU time, status
● Multiple variations of ps
○ $ps -aux (BSD, Linux)
○ $ps -Af (Solaris)

12
Example ps output

13
Monitoring processes: top
● Shows top-n CPU-using processes
○ Plus other stats, like memory usage and availability, system load
○ Can renice within top
○ Automatically refreshes screen every 5 seconds
○ Can focus on a particular user

14
Sample top output

15
Runaway processes
● What can you do about processes using an unusual
amount of resources (memory, CPU, disk space)?
○ Identify resource hogs using top and/or ps
○ Contact owner and ask about resource usage
○ Suspend using STOP signal (might break job)
■ Contact owner, restart or kill later
○ Renice CPU hog

16
Creating periodic processes
● Automation, as you've heard, is key to efficiency
● Instead of manually performing tasks daily, weekly, or
monthly, you can schedule them
○ cron
○ anacron
● Includes tasks like:
○ monitoring, log rotation, backups, file distribution

17
cron
● cron daemon performs tasks at scheduled times
● crontab files are examined by cron for schedule
○ /etc/crontab, /etc/cron.d/*, /var/spool/cron/*
● cron wakes up each minute and checks to see if anything needs to
be executed
● cron is susceptible to changes in time
○ doesn't compensate for when machine is down, or time changes (clock
adjustments or daylight savings time) that are sufficiently large (3 hours, at
least for some implementations)

18
crontab files
● Example crontab entries:
○ # run make at 2:30 each Monday morning
○ 30 2 * * 1 (cd /home/joe4/project; make)

19
Managing crontabs
● Use crontab -e to edit
○ Checks out a copy
○ Uses EDITOR environment variable
○ Resubmits it to the /var/spool/cron/ directory
● crontab -l will list the contents to stdout
● /etc/cron.allow and /etc/cron.deny can control access
to cron facilities

20
Using cron
● Distributions set up crontab entries to automatically run scripts in
○ /etc/cron.monthly/
○ /etc/cron.weekly/
○ /etc/cron.daily/
○ /etc/cron.hourly/
● Typical tasks:
○ Cleaning the filesystem (editor files, core files) using find
○ Distributing files (mail aliases, sendmail config, etc.) using rsync, rdist, or
expect
○ Log rotation

21
Daemon/Service
● A background process rather than under the control of an interactive user
○ Often named with a trailing d
○ Equivalent to a “service” under Windows
● Common services
○ sendmail: MTA
○ vsftpd: very secure ftp daemon
○ named: DNS server
○ httpd: WWW server
○ sshd: secure remote logins
○ smbd: Windows-compatible file and print services
○ dhcpd: dynamic address assignment
○ etc.

22
/etc/services file

23
systemd
● A suite of basic building blocks for a Linux system.
● Providing a system and service manager
○ runs as PID 1 and starts the rest of the system.
● Syntax:
○ Starts a service: $sudo systemctl start name.service
○ Stops a service: $sudo systemctl stop name.service
○ Restarts a service: $sudo systemctl restart name.service
○ Checks if a service is running: $sudo systemctl status name.service
○ Enables a service: $sudo systemctl enable name.service
○ Disables a service: $sudo systemctl disable name.service

24