A Guide to Kill Process in Different Ways on Linux

September 20, 2016 | By in LINUX COMMANDS
| Reply More

The kill command is used on linux and other Unix-like operating systems ( Solaris,  AIX, HP-Unix, Mac). It doesn’t matter which operating system you are using to terminate processes without having to log out or reboot the computer. A process also referred to as a task, is an executing (i.e., running) instance of a program. Each process is automatically assigned a unique process identification number (PID) when it is created for use by the system to reference the process.

The syntax for kill is

kill [signal or option] PIDNumber

The only argument (i.e, input) that is required is a PID, and as many PIDs as desired can be used in a single command. The kill command will kill a process using the kill signal and PID given by the user

$ sh ImE.sh &
 [1] 13452
$ jobs
 [1]+ Running sh ImE.sh &
$ jobs -l 1
 [1]+ 13452 Running ImE.sh &
$ kill -9 13452

The killall command kills all process with a particular name, if Firefox or java program is running in multiple and the user does not know the PID, use the killall command killall -9 firefox or killall -9 java

$ ps
 PID TTY TIME CMD
 13156 pts/0 00:00:00 bash
 13309 pts/0 00:00:00 sh
 13310 pts/0 00:00:05 java
 13452 pts/0 00:00:00 sh
 13453 pts/0 00:00:05 java
$ killall java

Principles of kill command

Linux supports both POSIX reliable signals ("standard signals") and POSIX real-time signals. A signal is nothing but some sort of inter-process communication (techniques for the exchanging data among multiple threads in one or more processes or commands) in Linux and Unix like operating systems. A signal is sent to a process or command in order notify an event that occurred. For example, while running a command called ls -R /, you may hit CTRL+C (or Break) to cancel command execution. As soon as you hit CTRL+C, a signals called SIGINT (2) sent to indicate interrupt from the keyboard. When SIGINT is sent to ls command, Linux interrupts the process's normal flow of execution. In this example, ls command get terminated.

However, you can register a signal handler for CTRL+C and take some sort of action like ignore it or display a message on the screen when ls command is interrupted by SIGINT. You need to use the trap command to catch signals and handle errors under Linux shell scripts. You can send various signals to commands and process. For example, to terminate foreground process you can hit Ctrl+C key combination. To kill background process you can use the kill command and send SIGTERM (terminate command):

$ kill -TERM pid
$ kill -TERM 1234

To list available signals of kill command, enter:

# kill -l
 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1
11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM
16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP
21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR
31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3
38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12
53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7
58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2
63) SIGRTMAX-1 64) SIGRTMAX

The kill command can send all of the above signals to commands and process. However, commands only give a response if they are programmed to recognize those signals. Particularly useful signals include:

1. SIGHUP (1) - Hangup detected on controlling terminal or death of controlling process.
2. SIGINT (2) - Interrupt from the keyboard.
3. SIGKILL (9) - Kill signal i.e. kill running process.
4. SIGSTOP (19) - Stop process.
5. SIGCONT (18) - Continue process if stopped.

Definition of a process

Linux is a multiuser (multiple users can login to Linux and share its resources) and multitasking operating system. It means you can run multiple commands and carry out multiple tasks at a time.

For example, you can write a c program, while listening mp3s or download files using P2P in the background. A process is a program (or command typed by user) to perform specific Job. In Linux when you start a process, it is given a unique number called a PID or process-id. PIDs start from 0 to 65535. PID 1 is always assigned to init process, which is the first process started at boot time.

Parent and child processes

A parent process is a Linux process that has created one or more child processes. A process can fork a child i.e create a child process. For example, if a user types the ls command at a shell prompt. The shell executes ls command. The Linux kernel will duplicate the shell's pages of memory and then execute the ls command.

In UNIX, every process is created using fork and exec method. However, this model results in a waste of system resources. Under Linux, the fork method is implemented using copy-on-write pages, so the only penalty that it incurs is the time and memory required to duplicate the parent's page tables, and to create a unique task structure for the child. The copy-on-write model avoids creation of unnecessary copies of structures when creating new processes. For example, user types ls command at a shell prompt. The Linux kernel will fork and create a sub-process or child process of bash. In this example, bash is parent and ls command is child. In other words, the ls command is pointed to the same pages of memory as the bash shell. Then, the child execs the ls command using copy-on-write.

Process states

Every Linux process has its own life cycle such as creation, execution, termination, and removal. Every process has its own state that shows what is currently happening in the process. The status of the process which can be one of the following:

  • D (uninterruptible sleep) - Process is sleeping and cannot be brought back until an event such as I/O occurred. For example, process foo is a process waiting for keyboard interrupt.
  • R (running) - Process is running or executing.
  • S (sleeping) - Process is not running and is waiting for an event or a signal.
  • T (traced or stopped) - Process is stopped by signals such as SIGINT or SIGSTOP.
  • Z (zombie or defunct) - Processes marked are dead processes (so-called "zombies") that remain because their parent has not destroyed them properly. These processes will be destroyed by init if the parent process exits.

You can view the states of a process with ps command as below

ps -C processName -o pid=,cmd,stat

For example, to display states of lighttpd, php-cgi and firefox-bin processes, enter:

$ ps -C chrome -o pid=,cmd,stat
 CMD STAT
 4423 /opt/google/chrome/chrome SLl+
 4434 /opt/google/chrome/chrome - S+
 4439 /opt/google/chrome/chrome - S+
$ ps -C pulseaudio -o pid=,cmd,stat
 CMD STAT
 3674 /usr/bin/pulseaudio --start S<l
 3989 /usr/bin/pulseaudio --start S<l

List active processes

To view processes which are running on your system, you can use some commands. so, you need to use the ps command, pstree command, and pgrep command.

  • ps : the command displays information about active processes. it is used to view current process
# ps
 PID TTY TIME CMD
 15013 pts/2 00:00:00 su
 15019 pts/2 00:00:00 bash
 15169 pts/2 00:00:00 ps

To print all processes owned by a user

# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.4 43244 2336 ? Ss Apr13 0:47 /usr/lib/sys
root 2 0.0 0.0 0 0 ? S Apr13 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S Apr13 0:12 [ksoftirqd/0
root 5 0.0 0.0 0 0 ? S< Apr13 0:00 [kworker/0:0
root 7 0.0 0.0 0 0 ? S Apr13 0:00 [migration/0

To print all processes owned by a user and sort a particular process with grep command

# ps aux | grep "mysqld"
 root 15189 0.0 0.0 103308 868 pts/2 S+ 10:26 0:00 grep mysqld
  • pstree:  the command shows running processes as a tree. The tree is rooted at either pid or init if pid is omitted.
# pstree
 init─┬─BESClient─┬─XBESClientUI───2*[{XBESClientUI}]
 │ └─5*[{BESClient}]
 ├─NetworkManager───{NetworkManager}
 ├─acpid
 ├─agnLogd
 ├─agnclientd───{agnclientd}
 ├─atd
 ├─auditd───{auditd}
 ├─automount───4*[{automount}]
 ├─blue-coat-unifi───32*[{blue-coat-unif}]
 ├─bluetoothd
 ├─bonobo-activati───{bonobo-activat}
 ├─ciscod
 ├─clock-applet
 ├─console-kit-dae───63*[{console-kit-da}]
 ├─crond
 ├─cups-ipm-confid
 ├─cupsd
 ├─3*[dbus-daemon───{dbus-daemon}]
 ├─3*[dbus-launch]
 ├─

1. Kill processes by pid 

You can send various signals to commands/process and shell scripts using the pkill command, kill command or killall command. kill command is used to send a signal to a process using its pid. To send a kill signal to PID # 1234, you have some methods to use:

# kill -9 1234
# kill -KILL 1234
# kill -SIGKILL 1234

2. kill processes by name

killall command sends a signal to all processes running any of the specified commands. If no signal name is specified, SIGTERM is sent. You can terminate all the process (child and parent) of a particular process.

For example, let's search the process we want to kill

$ ps -ef|grep -i chrome
franhes+ 4423 1 6 Apr26 tty2 00:13:56 /opt/google/chrome/chrome
franhes+ 4436 4434 0 Apr26 tty2 00:00:00 /opt/google/chrome/nacl_helper

Now we can kill the process

# killall chrome

The pkill command allows you also to kill a program simply by specifying the name.  It can kill all command with the same process ID. You could have executed a particular script or command and you want to kill it. you can use pgrep command to have its pid to be sure that the process is running and kill it with pkill command.

For example, we launch the script below

# ./continue
What is the difference between a duck and a bird ?
(Press Enter to see your response)

Imagine that we have forgotten the script and we want to kill it later, we need to be sure if it's still running. We will use pgrep -f to have the pid of the process which matches the full command line we have executed earlier. It is the -f option

# pgrep -f './continue'
20037

Now we can kill the full command by its name with pkill -f. the -f option is used to kill the full command line.

# pkill -f './continue'

3. Kill all processes in linux

You could need to kill all the process on your system, I say all the process and it is very amazing and it is not most recommended. To do it, you can use killall5 -9. It sends a signal to all processes except kernel threads and the processes in its own session, so it won't kill the shell that is running the script it was called from. killall5 is the SystemV killall command.

$ killall5 -9

You can kill all of a given user's processes using one of these:

$ killall -u username
$ pkill -u username

or you can use the numeric UID instead of the username. Beware that killall functions differently (similarly to killall5) on some systems such as Solaris. The pkill command is another command with additional options to kill process by its name, user name, group name, terminal, UID, EUID, and GID. It will send the specified signal (by default SIGTERM) to each process instead of listing them on stdout.

pkill - kill process

To send a kill signal to php-cgi process, enter:

$ pkill -KILL php-cgi

The above example will kill all users php-cgi process. However, -u option will kill only processes whose effective user ID is set to shaha:

$ pkill -KILL -u shaha php-cgi

4. Terminating processes

Generally, all process terminates on their own. In this example, find command will terminate when it completed its task:

# find /home -name "*.c" 2>error.log 1>filelists &
  • You can terminate foreground process by pressing CTRL+C. It will send a TERM signal to the process. For example, run the command below
# ls -R /
  • To terminate simply press CTRL+C to send an in interrupt signal to the ls command.  To terminate unwanted background process use kill command with -9 signal as described in sending signal to processes section:
# kill -TERM pid
# kill -KILL pid
  • To stop (suspend) a foreground process hit CTRL+Z. To resume the foreground process use the fg command associated to the job number of the foreground process. In the example below, we will execute command in background:
$ sh ImE.sh &
 [1] 17565
# vim file10 &
[4] 20325

5. Kill and stop background running job

You can run multiple processes in the background while you continue to work in the foreground. The shell does not have to wait for a background process to end before it can run the other processes. To run a program in the background, just add the ampersand & at the end of the command. It is like running a minimized application.

A foreground process is a process which can show the progression of its execution or an interface through which the user can interact with the program. Sometimes the user must wait for one foreground process to complete before running another one. To start a foreground process, enter a command at the prompt

# vim file10

When s process is running on foreground, you can terminate this process by CTRL+C key combination or or stop the process using CTRL+Z (put in foreground). We can transform a foreground process to a background process. You can thereafter manage these backgrounds tasks with jobs command (kill them, etc.). Please note that the background command is not detached from your tty

# jobs
[1] Running ./continue
[2]- Running vim file10
[3]+ Running ./administration

We can manipulate background and foreground processes with the commands below:

  • CTRL+C: Terminating a Process
  • CTRL+Z: Suspending a Process
  • jobs: show the status of all background and suspended jobs
  • bg: moving foreground/suspending processes to the background
  • fg: moving background processes to the foreground

We move our script to foreground

# fg %1
./continue

We will move our second script in background

# bg %3
[3] ./administration &

You can kill a background running job with kill -9 %job-number command

# kill -9 %1
[1]- Stopped ./continuer

See the result of jobs command

# jobs
[1]  killed ./continue
[2]- Running vim file10
[3]+ Running ./administration

If you forget the -9 option, you will terminate the process. See below

# kill %3
[3]- Stopped ./administration &

Now let's look the result

# jobs
[2]- Running vim file10
[3]+ Terminated ./administration

You can see the difference with Terminated and Killed.

A background job is just one that is not interacting with the user, Ctrl+Z is the most common default keyboard mapping for the key sequence that suspends a foreground process. SIGSTOP signal used for stop a running background job. We can use either pid or job-id.

jobs -l displays the pid of the process

# jobs -l
[3]- 20409 Running ./administration
[4]+ 20417 Running ./my_name

Now we can kill by two methods

$ kill -SIGSTOP 20409
$ kill -SIGSTOP %4

6. How to find and kill a zombie process

You can find the zombie processes with ps aux | grep Z command. The processes with Z in the STATE field are zombie processes:

# ps aux | grep Z
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 20430 0.0 0.1 112648 960 pts/1 R+ 04:15 0:00 grep --color=auto Z
# ps -A -ostat,ppid | awk '/[zZ]/{print $2}'
 3817
 4720
 4720

To kill a zombie process, find the zombie’s parent PID (PPID) and send him the SIGCHLD (17) signal: kill -17 ppid I use this command to find a PPID: ps -p PID -o ppid

# ps -p 20736 -o ppid
 PPID
 20735
# kill -17 20735

or

# kill $(ps -A -ostat,ppid | awk '/[zZ]/{print $2}')

Note: If you kill the parent of a zombie process, also the zombie process dies.

7. How to find and kill all sleep process

A process in S state is usually in a blocking system call, such as reading or writing to a file or the network, or waiting for another called program to finish.
You can use strace -p pid_value command to find out which system call is currently happening. It will produce output like

# ps -A -ostat,ppid | awk '/[sS]/{print $1 "\t" $2}'
 STAT PPID
 S 0
 S 2
 S 2
 S 2
# kill -9 $(ps -A -ostat,ppid | awk '/[Ss]/{print $2}')

8. How to find and kill all STOP process

A stopped job is one that has been temporarily put into the background and is no longer running but is still using resources such (i.e. system memory). Because that job is not attached to the current terminal, it cannot produce output and is not receiving input from the user.

# ps -A -ostat,ppid | awk '/[T]/{print $1 "\t" $2}'
 STAT PPID
 T 18187
 Tl 18310
# kill -9 $(ps -A -ostat,ppid | awk '/[T]/{print $2}')

Conclusion

The kill command is used on Linux and other Unix-like operating systems to terminate processes without having to log out or reboot (i.e., restart) the computer. Thus, it is particularly important to the stability of such systems.A process also referred to as a task, is an executing (i.e., running) instance of a program. Each process is automatically assigned a unique process identification number (PID) when it is created for use by the system to reference the process.

Filed Under : LINUX COMMANDS, LINUX HOWTO

Tagged With :

Free Linux Ebook to Download

Leave a Reply

All comments are subject to moderation.