1. 进程类型
前台进程(foreground): Ctrl-c 可中断
后台进程(background): Ctrl-c 无法中断
# 进入后台状态:
1) command &
2) Ctrl-z 挂起正常运行的程序,此时进程状态为stopped
2. jobs, fg, bg 管理后台进程
# jobs 进程状态
jobs -l list
jobs -r running
jobs -s stopped
Job identifiers
Notation | Meaning |
---|---|
%N | Job number [N] |
%S | Invocation (command-line) of job begins with string S |
%?S | Invocation (command-line) of job contains within it string S |
%% | “current” job (last job stopped in foreground or started in background) |
%+ | “current” job (last job stopped in foreground or started in background) |
%- | Last job |
$! | Last background process |
# fg 后台切前台:
fg %jobnumber
# bg 将stopped的job切换到后台运行状态
bg %jobnumber
# 清除后台运行的job
kill -signal %jobnumber
kill -9 # 强制终止,中间过程临时文件等保留
kill -15 # 正常终止
# 切换被Ctrl-z挂起的进程至运行状态
[root@redhat6 ~]# jobs -l
[2]+ 2174 Stopped ping localhost
[root@redhat6 ~]# bg %2
[2]+ ping localhost &
[root@redhat6 ~]# kll -9 %2
3. nohup/setsid 脱机管理,与终端无关
# nohup 标准输出到~/nohup.out中
nohup command # 前台运行,即使终端被关闭
nohup command & # 后台运行,即使终端诶关闭 (非脱机下,终端关闭,后台运行的程序也一起被关闭)
# setsid,同nohup,但PPID永远是1,stdout需要自行重定向
setsid ping 127.0.0.1 > ping.out
4. ps, pstree, pidof 进程列表
-a all except both session leaders and processes and not associated with a terminal.
-e all
-f full-format
-l list
BSD-Style:
a all
x must have a tty
j job control format
ps aux
ps -ef
ps ajxf
pstree -Au
pidof awk
[root@redhat6 ~]# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 2157 2153 0 80 0 - 1308 - pts/0 00:00:00 bash
4 R 0 2181 2157 4 80 0 - 1212 - pts/0 00:00:00 ps
F: 程序权限(process flags)
4: root
1: 此子程序仅进行复制(fork),而没有实际运行(exec)
S: 程序状态(STAT)
R: Running
S: Sleep 处于睡眠(idl)e状态,可以被唤醒(signal)
D: 不可被唤醒的睡眠状态
T: Stopped 可能在后台stopped或者除错(traced)状态
Z: Zombie 程序已停止,但无法移除至内存外
C: CPU使用率
PRI/NI: Priority/Nice, 数值越小哎,代表该程序越快被CPU运行
ADDR/SZ/WCHAN: 与内存相关
ADDR 是kernel function,该程序在内存的哪个部分,正在running的程序,一般显示"-"
SZ 程序用掉多少内存
WCHAN 程序是否正在运行,"-"表示正在运行
TTY: 登录终端机位置
TIME: 使用的CPU时间
[root@redhat6 ~]# ps aux | head
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 2864 1404 ? Ss 05:44 0:01 /sbin/init
root 2 0.0 0.0 0 0 ? S 05:44 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 05:44 0:00 [migration/0]
root 4 0.0 0.0 0 0 ? S 05:44 0:00 [ksoftirqd/0]
VSZ: 虚拟内存用量(KBytes)
RSS: 内存用量(KBytes)
STAT: 程序状态,与ps -l的S旗语一样(R/S/T/Z)
START: 启动时间
# 程序的运行顺序
PRI: 值越低,优先级越高。由kernel动态调节,使用者无法直接调节
NI: root可调节任意用户,范围[-20,19],普通用户只能够调节自己,范围[0,19]。
NI的值可能影响到PRI,但最终的PRI由系统分析决定
PRI(new) = PRI(old) + NI
5. top 动态监控进程
# 2秒刷新一次
top -d 2
# 2次top结果
top -b -n 2 > /tmp/top.txt
# 监控单独进程
top -d 2 -p 19751
6. kill, killall 结束进程
# signal, kill -signal PID
1 SIGHUP 启动被终止的程序,可让该PID重读自己的配置文件,类似重启
2 SIGINT 中断 【Ctrl-c】
9 SIGKILL 强制中断程序,不处理过程文件
15 SIGTERM 正常终止
17 SIGSTOP 暂停 【Ctrl-z】
# 强制关闭所有httpd进程
killall -9 httpd
7. fuser 文件或socket识别进程
-k kill
-u username
-v verbose
-i interact
-m filename
[root@redhat6 ~]# fuser -uv .
USER PID ACCESS COMMAND
.: root 2157 ..c.. (root)bash
# ACCESS权限
c current directory.
e executable being run.
f open file.
F open file for writing.
r root directory.
m mmap’ed file or shared library.
# 所有使用/proc文件系统的程序
[root@redhat6 ~]# fuser -muv /proc
USER PID ACCESS COMMAND
/proc: root 1659 f.... (root)vmtoolsd
root 1761 f.... (root)rsyslogd
root 1863 f.... (root)acpid
haldaemon 1872 f.... (haldaemon)hald
# 找到/var下的FIFO文件,并找出读取该文件的程序
[root@redhat6 ~]# find /var -type p
/var/spool/postfix/public/pickup
/var/spool/postfix/public/qmgr
[root@redhat6 ~]# fuser -uv /var/spool/postfix/public/pickup
USER PID ACCESS COMMAND
/var/spool/postfix/public/pickup:
root 2022 F.... (root)master
postfix 2028 F.... (postfix)pickup
# 结束进程
[root@redhat6 ~]# fuser -ki /var/spool/postfix/public/pickup
/var/spool/postfix/public/pickup: 2022 2028
Kill process 2022 ? (y/N) y
8. lsof 列出正打开文件(list open file)
-a and
-c command
-u username
-g gid
+d /DIR 显示目录下被进程打开的文件
+D /DIR 同上,但是搜索子目录
-d FD 显示指定文件描述符的进程
-n 不将IP转换为hostname
-i [46] [protocol][@hostname|hostaddr][:service|port]
lsof -c init
lsof -u root
lsof -d cwd,txt,mem
lsof -n
lsof -i :22
lsof -i :ssh
lsof -i TCP
lsof -i @192.168.1.100
lsof -a -u root -d txt
# log recovery
[root@redhat6 ~]# lsof | grep /var/log/messages
rsyslogd 1761 root 2w REG 8,2 367 918495 /var/log/messages
[root@redhat6 ~]# ls -l /proc/1761/fd
total 0
lrwx------. 1 root root 64 Feb 24 06:29 0 -> socket:[16691]
lr-x------. 1 root root 64 Feb 24 06:29 1 -> /proc/kmsg
l-wx------. 1 root root 64 Feb 24 06:29 3 -> /var/log/cron
l-wx------. 1 root root 64 Feb 24 06:29 4 -> /var/log/maillog
l-wx------. 1 root root 64 Feb 24 06:32 5 -> /var/log/secure
[root@redhat6 ~]# cat /proc/1761/fd/2 > /var/log/messages
[root@redhat6 ~]# ln -s /var/log/messages /proc/1761/fd/2
# delete file completely
[root@redhat6 fd]# lsof | grep /tmp
vmware-vm 1637 root 3u REG 8,2 3907 406349 /tmp/vmware-root/apploader-1632.log
vmtoolsd 1659 root 3u REG 8,2 4865 406351 /tmp/vmware-root/apploader-1659.log
[root@redhat6 fd]# ps -ef | grep 1637
root 1637 1 0 05:44 ? 00:00:00 /usr/sbin/vmware-vmblock-fuse -o subtype=vmware-vmblock,default_permissions,allow_other /var/run/vmblock-fuse
root 4252 2157 0 06:55 pts/0 00:00:00 grep 1637
[root@redhat6 fd]# kill -9 1637