Linux Process

A process is a running instance of a program, or in other words, representation of a program when executing by the processor.

A program is a file that contains machine code, which can be understood and executed by a processor. It is obtained from code written in some programming language and undergoes a transformation to become machine code and thus a program.

Here is an example of code written in C programming language:

  #include <stdio.h>
  #include <unistd.h>

  int main(void)
  {
    /* Display 'Hello World' */
    printf("\n Hello World\n");

    /* Wait for 10 secode */
    sleep(10);

    return 0;
  }

Save this code into a file named myFirstCode.c and compile the program using the following command to generate a program:

  gcc -Wall myFirstCode.c -o myFirstCode

Now we can execute the program:

  ./myFirstCode

Once the program is executed, a process is created, and we can check it:

  ps -aef | grep myFirst*

Every process has a parent process and may or may not have a child process. Let's run the command ps -aef and analyse the result:

vts        15519    1209  0 11:54 ?        00:00:00 alacritty
vts        15529   15519  0 11:54 pts/0    00:00:00 /usr/bin/bash
root       15992       2  0 11:55 ?        00:00:00 [kworker/1:0-events]
vts        16309   15529  0 11:56 pts/0    00:00:00 ps -aef

In the above output, the second and third columns represent the process and process's parent ID, respectively. When we run the ps program, a process is created with a process ID of 16309 and has parent process with ID 15529, which represents the bash process. The bash process itself has 15519 as its parent, corresponding to my Alacritty terminal from where I executed the command ps -aef.

INFO: Process ID 0 represents the scheduler.

A process can create a child process by calling the fork() function in the code and subsequently use the exec() function to execute another program.

The first thing that gets loaded into memory when booting a Linux system is vmlinuz. It is a compressed version of the Linux kernel executable. This will launch init or systemd in modern Linux distributions as the first process. It's worth noting that there are no technical constraints mandating this to be the first process; it is merely conventional.

When the parent process of a process is terminated, the init or systemd process becomes the new parent of that process. To observe this, create a process, background it, and use the disown ¹ command to prevent the terminal from sending the SIGHUP signal, which would otherwise cause the process to stop:

  ./myFirstCode &
  disown

If we examine the process tree using the command pstree -s -p 24166, where 24166 is the process ID of the myFirstCode process obtained using the command pgrep myFirstCode, we will obtain the following:

systemd(1)───login(780)───bash(837)───startx(1051)───xinit(1066)───i3(1082)───alacritty(11261)───bash(11271)───myFirstCode(24166)

If I close my Alacritty terminal, which is the parent process of myFirstCode, the latter will be owned by the systemd process. Here is the output of the pstree command from another terminal after closing the earlier terminal:

  systemd(1)───myFirstCode(24166)