Chapter 5: Process Control

If a program freezes on Windows, you press Ctrl + Alt + Delete, open the Task Manager, and violently click "End Task" until the window disappears. On a headless Linux server, there are no windows to click. If a rogue script starts consuming 100% of your CPU, you have to hunt it down and terminate it from the command line.

Every single program running on a Linux machine is called a Process, and every process is assigned a unique tracking number called a PID (Process ID). To control the server, you must learn how to manipulate these IDs.

1. The Heartbeat: `top`

To see exactly what your computer is thinking about in real-time, you use the top command. This is the ultimate terminal task manager. It displays a live-updating list of every running process, sorted by how much CPU and RAM they are consuming.

top

Power User Tip: Most modern sysadmins install a heavily upgraded, colorful version of this tool called htop. It allows you to scroll vertically and horizontally through your processes using the arrow keys.

2. The Snapshot: `ps`

The top command is great for live monitoring, but because the list constantly jumps around, it can be hard to read. If you just want to take a static, frozen snapshot of what is currently running, you use the ps (Process Status) command.

By default, ps only shows processes running in your immediate terminal window. To see absolutely everything running across the entire system, you use the legendary aux flags.

ps aux

3. The Assassin: `kill`

Once you use top or ps to identify the PID of a frozen or malicious program, it is time to shut it down. You do this using the kill command followed by the target PID.

kill 4092

By default, this sends a SIGTERM (Signal Terminate) request to the program. It politely asks the program to save its data, close its files, and shut down gracefully.

4. The Nuclear Option: `kill -9`

Sometimes, a program is so badly frozen that it completely ignores your polite request to shut down. When this happens, you must bypass the program's logic and order the Linux Kernel itself to instantly execute the process. You do this by attaching the -9 flag (which sends a SIGKILL signal).

kill -9 4092

Warning: Using -9 will instantly destroy the process without saving any data. Only use it as a last resort.

🔥 Try It Yourself

A rogue cryptocurrency miner has infected our virtual server! Use your new process management skills in the terminal to hunt it down and destroy it.

  1. Type ps to take a snapshot of the running processes.
  2. Look closely at the output and identify the PID of the program named rogue_miner.sh.
  3. Type kill followed by the PID you found (e.g., kill 1337) to terminate it.
  4. Type ps one more time to verify the threat has been eliminated!
← Back: Chapter 4 Next: Chapter 6 (Shell Scripting) →