cloud34221.beauty

Command-Line Process Inspector — Pause, Terminate, and Monitor

Written by

admin

in

Command-Line Process Viewer, Killer & Suspender: The Ultimate ToolkitEffective process management is a cornerstone of systems administration, development, and troubleshooting. While modern graphical tools provide convenience, command-line utilities remain indispensable for their speed, scriptability, low overhead, and availability in minimal or remote environments. This article explores command-line approaches to viewing, killing, and suspending processes across Unix-like systems and Windows, presents practical workflows and examples, and highlights best practices and troubleshooting tips.

Why use the command line for process control?

  • Speed and low overhead: CLI tools start instantly and consume minimal resources.
  • Remote operation: SSH and remote shells allow you to manage systems without GUIs.
  • Scriptability: Commands can be combined into scripts and automated tasks.
  • Precision: Filters and options let you target processes accurately.
  • Availability: Core tools exist on virtually all installations.

Core concepts

  • Process ID (PID): unique identifier for a running process.
  • Parent process (PPID): the process that spawned a child process.
  • Signals: mechanisms for communicating with processes (e.g., SIGTERM, SIGKILL, SIGSTOP, SIGCONT on Unix).
  • Process states: running, sleeping, stopped, zombie, etc.
  • Command-line vs. graphical tools: trade-offs between visual presentation and automation.

Unix-like systems (Linux, macOS, *BSD)

Viewing processes

  1. ps — snapshot of current processes
  • Example: ps aux lists all processes with user, CPU, memory, and command.
  • Filter by user: ps -u alice
  • Show tree: ps -ejH or ps -ef --forest on Linux.
  1. top / htop — interactive viewers
  • top is available almost everywhere; press k to kill, r to renice in some implementations.
  • htop (if installed) is more user-friendly: use arrow keys, F9 to kill, F7/F8 to renice.
  1. pgrep / pidof — find PIDs by name
  • pgrep nginx returns PIDs for processes matching “nginx”.
  • pidof program (Linux) returns PIDs of a running program.
  1. pstree — hierarchical view
  • pstree -p shows process tree with PIDs, useful for understanding parent-child relationships.
  1. ss / netstat — view network-bound processes
  • ss -tulpn shows TCP/UDP sockets and owning PIDs (requires root).
  • lsof -i :80 lists processes using port 80.
  1. procfs introspection (Linux)
  • /proc/<pid>/ contains detailed runtime info (cmdline, status, fd, limits, environ).

Examples

  • Find processes consuming most memory: 
    
ps aux --sort=-%mem | head -n 15
  • Find processes with name and show full command line: 
    
pgrep -a python

Killing processes

Signals matter: choose the least aggressive signal that accomplishes the goal.

Common signals:

  • SIGTERM (15): polite request to terminate; process can trap and clean up.
  • SIGINT (2): interrupt (like Ctrl+C).
  • SIGKILL (9): forceful termination; cannot be caught or blocked.
  • SIGSTOP: stops (suspends) process; cannot be caught.
  • SIGCONT: resumes a stopped process.

Commands:

  • kill — send a signal to PID(s):
    • kill <pid> (sends SIGTERM)
    • kill -9 <pid> (SIGKILL)
    • kill -STOP <pid> (suspend)
    • kill -CONT <pid> (resume)
  • killall — kill processes by name:
    • killall nginx (sends SIGTERM to all named processes)
    • killall -9 someproc
  • pkill — send signals by process name or other attributes:
    • pkill -f "python myscript.py" (match full cmdline)
    • pkill -u alice -TERM (kill processes for user alice)
  • xargs with pgrep/ps — bulk operations: 
    
pgrep -f "node server" | xargs -r kill

Best practices:

  • Prefer SIGTERM first; use SIGKILL only when necessary.
  • Check child processes and services — killing a parent may orphan children.
  • On production systems, consider notifying users or sending graceful shutdown commands where possible.

Suspending and resuming processes

  • Foreground jobs in shells:

    • Press Ctrl+Z to suspend, fg to resume in foreground, bg to resume in background.
    • Use jobs to list suspended/backgrounded shell jobs.

  • System-wide suspend/resume:

    • kill -STOP <pid> suspends a process.
    • kill -CONT <pid> resumes it.

  • Use cases:

    • Free CPU for higher-priority tasks.
    • Temporarily pause a misbehaving process for inspection.
    • Controlled testing by stopping and resuming services.

Caveats:

  • Suspended processes still hold memory and open file descriptors.
  • Network servers paused may cause client timeouts or broken connections.

Windows (PowerShell & Command Prompt)

Viewing processes

  • tasklist — basic list:

    tasklist

    Use /FI to filter, /S and /U for remote or different credentials.

  • Get-Process (PowerShell) — object-based:

    Get-Process | Sort-Object CPU -Descending | Select-Object -First 10

    Properties: Id, ProcessName, CPU, PM, WS, Path (with Get-Process -FileVersionInfo).

  • Get-Process -Name chrome | Format-List * for full details.

  • Get-Process with Where-Object:

    Get-Process | Where-Object {$_.ProcessName -like "*node*"}

  • Resource Monitor and Process Explorer (Sysinternals) are GUI but indispensable for deep inspection.

Killing and suspending

  • Stop-Process (PowerShell):

    • Stop-Process -Id 1234 (default terminates)
    • Stop-Process -Name notepad -Force (forceful)

  • taskkill (cmd/PowerShell):

    • taskkill /PID 1234
    • /F force, /T kill child processes: taskkill /PID 1234 /F /T

  • Suspending processes (Windows):

    • Windows doesn’t include a built-in suspend command in cmd/PowerShell.
    • Use Sysinternals PsSuspend: 
      
psSuspend.exe <pid> psSuspend.exe -r <pid>   # resume
    • Process Explorer supports suspend/resume via GUI.

Caveats:

  • Suspending system processes or service hosts may destabilize the system.
  • Administrative privileges are often required to terminate or suspend other users’ processes.

Advanced workflows and scripts

  1. Graceful restart of a service-like process (Unix example):

    # find master PID, send TERM, wait for children to exit, then start new instance pgrep -f 'myservice-master' | xargs -r -n1 kill -TERM sleep 5 if pgrep -f 'myservice-master' > /dev/null; then echo "Force-killing remaining instances" pgrep -f 'myservice-master' | xargs -r kill -9 fi systemctl start myservice

  2. Suspend CPU-heavy background jobs temporarily:

    # suspend node processes, do maintenance, then resume pgrep node | xargs -r kill -STOP # perform maintenance... pgrep node | xargs -r kill -CONT

  3. Find and kill runaway memory hogs:

    ps aux --sort=-%mem | awk 'NR<=5{print $2, $4, $11}'   # show top 5 by memory ps aux --sort=-%mem | awk 'NR>1 && $4>50 {print $2}' | xargs --no-run-if-empty kill

  4. Windows PowerShell: stop processes consuming excessive CPU:

    Get-Process | Sort-Object CPU -Descending | Select-Object -First 5 | ForEach-Object { if ($_.CPU -gt 100) { Stop-Process -Id $_.Id -Force } }

Safety, permissions, and auditing

  • Run commands as the least-privileged user necessary. Use sudo or elevated privileges only when required.
  • Audit actions: log which PIDs you killed and why. In critical environments, document change windows.
  • Use tools that integrate with system service managers (systemd, launchd, Windows services) for service processes; don’t arbitrarily kill service manager children.
  • For containers: use container runtime tools (docker kill, kubectl exec/kill) instead of host-level process management when dealing with containerized processes.

Troubleshooting tips

  • Process won’t die after SIGKILL: it may be stuck in uninterruptible sleep (D state) due to kernel wait on I/O; reboot or investigate kernel-level issues.
  • PID reused: be careful when scripts assume a PID remains the same for long periods — verify command line or start time.
  • Zombie processes: show as — these indicate a parent hasn’t wait()ed. Reap them by restarting or killing the parent.
  • Permission denied when killing: check ownership and privileges; use sudo or escalate appropriately.
  • Killing service host processes (like systemd or svchost) can crash multiple services—prefer service manager commands (systemctl, service, sc).
  • Unix-like: ps, top/htop, pgrep/pkill, kill/killall, pstree, lsof, ss, strace (for deep debugging), systemctl/service for services.
  • Windows: Get-Process, Stop-Process, tasklist, taskkill, Sysinternals Suite (Process Explorer, PsSuspend).
  • Cross-platform scripting: Python or Go scripts that use OS APIs to inspect and manage processes, or utilities like glances for a more holistic view.

Summary

Command-line process management gives administrators and developers rapid, scriptable control over running programs. Master the core viewers (ps, top/htop, Get-Process), learn to send the right signals (SIGTERM before SIGKILL; STOP/CONT for pause/resume), and prefer service-manager operations for system services. With careful use and auditing, the CLI toolkit is powerful, flexible, and essential for reliable system operation.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts