Next to files, processes are the most important things on a UNIX/Linux system. In this chapter, we will take a closer look at those processes. We will learn more about: Multi-user processing and multi-tasking Process types Controlling processes with different signals Process attributes The life cycle of a process System startup and shutdown SUID and SGID System speed and response Scheduling processes The Vixie cron system How to get the most out of your system Now that we are more used to our environment and we are able to communicate a little bit with our system, it is time to study the processes we can start in more detail. Not every command starts a single process. Some commands initiate a series of processes, such as mozilla; others, like ls, are executed as a single command. Furthermore, Linux is based on UNIX, where it has been common policy to have multiple users running multiple commands, at the same time and on the same system. It is obvious that measures have to be taken to have the CPU manage all these processes, and that functionality has to be provided so users can switch between processes. In some cases, processes will have to continue to run even when the user who started them logs out. And users need a means to reactivate interrupted processes. We will explain the structure of Linux processes in the next sections. Interactive processesprocessesinteractive are initialized and controlled through a terminal session. In other words, there has to be someone connected to the system to start these processes; they are not started automatically as part of the system functions. These processes can run in the foregroundprocessesforeground, occupying the terminal that started the program, and you can't start other applications as long as this process is running in the foreground. Alternatively, they can run in the background, so that the terminal in which you started the program can accept new commands while the program is running. Until now, we mainly focussed on programs running in the foreground - the length of time taken to run them was too short to notice - but viewing a file with the less command is a good example of a command occupying the terminal session. In this case, the activated program is waiting for you to do something. The program is still connected to the terminal from where it was started, and the terminal is only useful for entering commands this program can understand. Other commands will just result in errors or unresponsiveness of the system. While a process runs in the backgroundprocessesbackground, however, the user is not prevented from doing other things in the terminal in which he started the program, while it is running. The shell offers a feature called job controljob control which allows easy handling of multiple processes. This mechanismprocessesjob control switches processes between the foreground and the background. Using this system, programs can also be started in the background immediately. Running a process in the background is only useful for programs that don't need user input (via the shell). Putting a job in the background is typically done when execution of a job is expected to take a long time. In order to free the issuing terminal after entering the command, a trailing ampersand is added. In the example, using graphical mode, we open an extra terminal window from the existing one: billy:~> xterm & [1] 26558 billy:~> jobsjobs [1]+ Running xterm & The full job control features are explained in detail in the bash Info pages, so only the frequently used job controlBashjob control applications are listed hereprocessesjob control overview: (part of) command Meaning regular_commandRuns this command in the foreground.command &Run this command in the background (release the terminal)jobsShow commands running in the background.Ctrl+ZSuspend (stop, but not quit) a process running in the foreground (suspend).Ctrl+CInterrupt (terminate and quit) a process running in the foreground.%nEvery process running in the background gets a number assigned to it. By using the % expression a job can be referred to using its number, for instance fg %2.bgbgReactivate a suspended program in the background.fgfgPuts the job back in the foreground.killkillEnd a process (also see Shell Builtin Commands in the Info pages of bash) More practical examples can be found in the exercises. Most UNIX systems are likely to be able to run screenscreen, which is useful when you actually want another shell to execute commands. Upon calling screen, a new session is created with an accompanying shell and/or commands as specified, which you can then put out of the way. In this new session you may do whatever it is you want to do. All programs and operations will run independent of the issuing shell. You can then detach this session, while the programs you started in it continue to run, even when you log out of the originating shell, and pick your screen up again any time you like. This program originates from a time when virtual consoles were not invented yet, and everything needed to be done using one text terminal. To addicts, it still has meaning in Linux, even though we've had virtual consoles for almost ten years. Automaticprocessesautomatic or batch processes are not connected to a terminal. Rather, these are tasks that can be queued into a spooler area, where they wait to be executed on a FIFO (first-in, first-out) basis. Such tasks can be executed using one of two criteria: At a certain date and time: done using the at command, which we will discuss in the second part of this chapter. At times when the total system load is low enough to accept extra jobs: done using the batchbatch command. By default, tasks are put in a queue where they wait to be executed until the system load is lower than 0.8. In large environments, the system administrator may prefer batch processing when large amounts of data have to be processed or when tasks demanding a lot of system resources have to be executed on an already loaded system. Batch processing is also used for optimizing system performance. Daemonsdaemonsdefinition are server processesprocessesdaemons that run continuously. Most of the time, they are initialized at system startup and then wait in the background until their service is required. A typical example is the networking daemon, xinetd, which is started in almost every boot procedure. After the system is booted, the network daemon just sits and waits until a client program, such as an FTP client, needs to connect. A process has a series of characteristicsprocessesproperties, which can be viewed with the psprocessesdisplaying command: The process ID or PIDPID: a unique identification number used to refer to the process. The parent process ID or PPIDPPID: the number of the process (PID) that started this process. Nice number: the degree of friendlinessprocessesnice number of this process toward other processes (not to be confused with process priority, which is calculated based on this nice number and recent CPU usage of the process). Terminal or TTYTTY: terminal to which the process is connected. User name of the real and effective user (RUIDRUID and EUIDEUID): the owner of the process. The real owner is the user issuing the command, the effective user is the one determining access to system resources. RUID and EUID are usually the same, and the process has the same access rights the issuing user would have. An example to clarify this: the browser mozilla in /usr/bin is owned by user root: theo:~> ls -l /usr/bin/mozilla -rwxr-xr-x 1 root root 4996 Nov 20 18:28 /usr/bin/mozilla* theo:~> mozilla & [1] 26595 theo:~> ps -af UID PID PPID C STIME TTY TIME CMD theo 26601 26599 0 15:04 pts/5 00:00:00 /usr/lib/mozilla/mozilla-bin theo 26613 26569 0 15:04 pts/5 00:00:00 ps -af When userEUIDexample theo starts this program, the process itself and all processes started by the initial process, will be owned by user theo and not by the system administrator. When mozilla needs access to certain files, that access will be determined by theo's permissions and not by root's. Real and effective group owner (RGIDRGID and EGIDEGID): The real group owner of a process is the primary group of the user who started the process. The effective group owner is usually the same, except when SGID access mode has been applied to a file. The ps command is one of the tools for visualizingprocessesdisplaying processes. This command has several options which can be combined to display different process attributes. With no options specified, ps only gives information about the current shell and eventual processespssimple example: theo:~> ps PID TTY TIME CMD 4245 pts/7 00:00:00 bash 5314 pts/7 00:00:00 ps Since this does not give enough information - generally, at least a hundred processes are running on your system - we will usually select particular processes out of the list of all processes, using the grep command in a pipe, see , as in this line, which will select and display all processes owned by a particularpsexample with options user: ps -ef | grep username This example shows all processes with a process name of bash, the most common login shell on Linux systems: theo:> ps auxw | grep bash brenda 31970 0.0 0.3 6080 1556 tty2 S Feb23 0:00 -bash root 32043 0.0 0.3 6112 1600 tty4 S Feb23 0:00 -bash theo 32581 0.0 0.3 6384 1864 pts/1 S Feb23 0:00 bash theo 32616 0.0 0.3 6396 1896 pts/2 S Feb23 0:00 bash theo 32629 0.0 0.3 6380 1856 pts/3 S Feb23 0:00 bash theo 2214 0.0 0.3 6412 1944 pts/5 S 16:18 0:02 bash theo 4245 0.0 0.3 6392 1888 pts/7 S 17:26 0:00 bash theo 5427 0.0 0.1 3720 548 pts/7 S 19:22 0:00 grep bash In these cases, the grep command finding lines containing the string bash is often displayed as well on systems that have a lot of idletime. If you don't want this to happen, use the pgreppgrep command. Bash shells are a special case: this process list also shows which ones are login shells (where you have to give your username and password, such as when you log in in textmode or do a remote login, as opposed to non-login shells, started up for instance by clicking a terminal window icon). Such login shells are preceded with a dash (-). We will explain about the | operator in the next chapter, see . More info can be found the usual way: ps --help or man ps. GNU ps supports different styles of option formats; the above examples don't contain errors. Note that ps only gives a momentary state of the active processes, it is a one-time recording. The toptop program displays a more precise view by updating the results given by ps (with a bunch of options) once every five seconds, generating a new list of the processes causing the heaviestprocessescontinuous display load periodically, meanwhile integrating more information about the swap space in use and the state of the CPU, from the proc file systemtopexample: 12:40pm up 9 days, 6:00, 4 users, load average: 0.21, 0.11, 0.03 89 processes: 86 sleeping, 3 running, 0 zombie, 0 stopped CPU states: 2.5% user, 1.7% system, 0.0% nice, 95.6% idle Mem: 255120K av, 239412K used, 15708K free, 756K shrd, 22620K buff Swap: 1050176K av, 76428K used, 973748K free, 82756K cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 5005 root 14 0 91572 15M 11580 R 1.9 6.0 7:53 X 19599 jeff 14 0 1024 1024 796 R 1.1 0.4 0:01 top 19100 jeff 9 0 5288 4948 3888 R 0.5 1.9 0:24 gnome-terminal 19328 jeff 9 0 37884 36M 14724 S 0.5 14.8 1:30 mozilla-bin 1 root 8 0 516 472 464 S 0.0 0.1 0:06 init 2 root 9 0 0 0 0 SW 0.0 0.0 0:02 keventd 3 root 9 0 0 0 0 SW 0.0 0.0 0:00 kapm-idled 4 root 19 19 0 0 0 SWN 0.0 0.0 0:00 ksoftirqd_CPU0 5 root 9 0 0 0 0 SW 0.0 0.0 0:33 kswapd 6 root 9 0 0 0 0 SW 0.0 0.0 0:00 kreclaimd 7 root 9 0 0 0 0 SW 0.0 0.0 0:00 bdflush 8 root 9 0 0 0 0 SW 0.0 0.0 0:05 kupdated 9 root -1-20 0 0 0 SW< 0.0 0.0 0:00 mdrecoveryd 13 root 9 0 0 0 0 SW 0.0 0.0 0:01 kjournald 89 root 9 0 0 0 0 SW 0.0 0.0 0:00 khubd 219 root 9 0 0 0 0 SW 0.0 0.0 0:00 kjournald 220 root 9 0 0 0 0 SW 0.0 0.0 0:00 kjournald The first line of top contains the same information displayed by the uptimeuptime command: jeff:~> uptime 3:30pm, up 12 days, 23:29, 6 users, load average: 0.01, 0.02, 0.00 The data for these programs is stored among others in /var/run/utmp (information about currently connected users) and in the virtual file system /procproc, for example /proc/loadavg (average load information). There are all sorts of graphical applications to view this data, such as the Gnome System MonitorGnome System Monitor and lavaps. Over at FreshMeat and SourceForge you will find tens of applications that centralize this information along with other server data and logs from multiple servers on one (web) server, allowing monitoring of the entire IT infrastructure from one workstation. The relationsprocessesrelations between processes can be visualized using the pstreepstree command: sophie:~> pstree init-+-amd |-apmd |-2*[artsd] |-atd |-crond |-deskguide_apple |-eth0 |-gdm---gdm-+-X | `-gnome-session-+-Gnome | |-ssh-agent | `-true |-geyes_applet |-gkb_applet |-gnome-name-serv |-gnome-smproxy |-gnome-terminal-+-bash---vim | |-bash | |-bash---pstree | |-bash---ssh | |-bash---mozilla-bin---mozilla-bin---3*[mozilla-bin] | `-gnome-pty-helper |-gpm |-gweather |-kapm-idled |-3*[kdeinit] |-keventd |-khubd |-5*[kjournald] |-klogd |-lockd---rpciod |-lpd |-mdrecoveryd |-6*[mingetty] |-8*[nfsd] |-nscd---nscd---5*[nscd] |-ntpd |-3*[oafd] |-panel |-portmap |-rhnsd |-rpc.mountd |-rpc.rquotad |-rpc.statd |-sawfish |-screenshooter_a |-sendmail |-sshd---sshd---bash---su---bash |-syslogd |-tasklist_applet |-vmnet-bridge |-xfs `-xinetd-ipv6 The -u and -a options give additional information. For more options and what they do, refer to the Info pages. In the next section, we will see how one process can create another. A new processprocessescreation is created because an existing process makes an exact copy of itself. This child process has the same environment as its parent, only the process ID number is different. This procedure is called forkingprocessesforking. After the forking process, the address space of the child process is overwritten with the new process data. This is done through an execprocessesexec call to the system. The fork-and-execfork-and-exec mechanism thus switches an old command with a new, while the environment in which the new program is executed remains the same, including configuration of input and output devices, environment variables and priority. This mechanism is used to create all UNIX processes, so it also applies to the Linux operating system. Even the first process, initinit, with process ID 1, is forked during the boot procedure in the so-called bootstrappingbootstrapping procedure. This scheme illustrates the fork-and-exec mechanism. The process ID changes after the fork procedure:

Fork creates a new process with the same content as the parent in memory but a different PID, exec replaces the content with the actual data to be processed, PID stays the same.

There are a couple of cases in which init becomes the parent of a process, while the process was not started by init, as we already saw in the pstree example. Many programs, for instance, daemonizeprocessesdaemonizing their child processes, so they can keep on running when the parent stops or is being stopped. A window manager is a typical example; it starts an xterm process that generates a shell that accepts commands. The window manager then denies any further responsibility and passes the child process to init. Using this mechanism, it is possible to change window managers without interrupting running applications. Every now and then things go wrong, even in good families. In an exceptional case, a process might finish while the parent does not wait for the completion of this process. Such an unburied process is called a zombie processprocesseszombie. When a processprocessesending ends normally (it is not killed or otherwise unexpectedly interrupted), the program returns its exit statusexit status to the parent. This exit status is a number returned by the program providing the results of the program's execution. The system of returning information upon executing a job has its origin in the C programming language in which UNIX has been written. The return codesprocessesreturn codes can then be interpreted by the parent, or in scripts. The values of the return codes are program-specific. This information can usually be found in the man pages of the specified program, for example the grep command returns -1 if no matches are found, upon which a message on the lines of No files found can be printed. Another example is the Bash builtin command true, which does nothing except return an exit status of 0, meaning success. Processes endprocessesstopping because they receive a signalprocessessignal. There are multiple signals that you can send to a process. Use the killkill command to send a signal to a process. The command kill -l shows a list of signals. Most signals are for internal use by the system, or for programmers when they write code. As a user, you will need the following signalssignalsoverview: Signal nameSignal numberMeaning SIGTERMSIGTERM15Terminate the process in an orderly way. SIGINTSIGINT2Interrupt the process. A process can ignore this signal. SIGKILLSIGKILL9Interrupt the process. A process can not ignore this signal. SIGHUPSIGHUP1For daemons: reread the configuration file. You can read more about default actions that are taken when sending a signal to a process in man 7 signal. As promised in the previous chapter, we will now discuss the special modes SUIDSUID and SGIDSGID in more detail. These modes exist to provide normal users the ability to execute tasks they would normally not be able to do because of the tight file permission scheme used on UNIX based systems. In the ideal situation special modes are used as sparsely as possible, since they include security risks. Linux developers have generally tried to avoid them as much as possible. The Linux ps version, for example, uses the information stored in the /proc file system, which is accessible to everyone, thus avoiding exposition of sensitive system data and resources to the general public. Before that, and still on older UNIX systems, the ps program needed access to files such as /dev/memmem and /dev/kmemkmem, which had disadvantages because of the permissions and ownerships on these files: rita:~> ls -l /dev/*mem crw-r----- 1 root kmem 1, 2 Aug 30 22:30 /dev/kmem crw-r----- 1 root kmem 1, 1 Aug 30 22:30 /dev/mem With older versions of ps, it was not possible to start the program as a common user, unless special modes were applied to it. While we generally try to avoid applying any special modes, it is sometimes necessary to use an SUID. An example is the mechanism for changing passwords. Of course users will want to do this themselves instead of having their password set by the system administrator. As we know, user names and passwords are listed in the /etc/passwdpasswd file, which has these access permissions and owners: bea:~> ls -l /etc/passwd -rw-r--r-- 1 root root 1267 Jan 16 14:43 /etc/passwd Still, users need to be able to change their own information in this file. This is achieved by giving the passwd program special permissions: mia:~> which passwd passwd is /usr/bin/passwd mia:~> ls -l /usr/bin/passwd -r-s--x--x 1 root root 13476 Aug 7 06:03 /usr/bin/passwd* When called, the passwd command will run using the access permissionsfile permissionsSUID of root, thus enabling a common user to edit the password file which is owned by the system admin. SGID modes on a file don't occur nearly as frequently as SUID, because SGID often involves the creation of extra groups. In some cases, however, we have to go through this trouble in order to build an elegant solution (don't worry about this too much - the necessary groups are usually created upon installation). This is the case for the writewrite4dwx and wallwall programs, which are used to send messages to other users' terminalsterminalsend a message (ttys). The write command writes a message to a single user, while wall writes to all connected users. Sending text to another user's terminal or graphical display is normally not allowed. In order to bypass this problem, a group has been created, which owns all terminal devices. When the write and wall commands are granted SGID permissions, the commands will run using the access rights as applicable to this group, tty in the example. Since this group has write access to the destination terminal, also a user having no permissions to use that terminal in any way can send messages to it. In the example below, user joe first finds out on which terminal his correspondent is connected, using the who command. Then he sends her a message using the write command. Also illustrated are the access rights on the write program and on the terminals occupied by the receiving user: it is clear that others than the user owner have no permissionsfile permissionsSGID on the device, except for the group owner, which can write to it. joe:~> which write write is /usr/bin/write joe:~> ls -l /usr/bin/write -rwxr-sr-x 1 root tty 8744 Dec 5 00:55 /usr/bin/write* joe:~> whowhoexample jenny tty1 Jan 23 11:41 jenny pts/1 Jan 23 12:21 (:0) jenny pts/2 Jan 23 12:22 (:0) jenny pts/3 Jan 23 12:22 (:0) joe pts/0 Jan 20 10:13 (lo.callhost.org) joe:~> ls -l /dev/tty1 crw--w---- 1 jenny tty 4, 1 Jan 23 11:41 /dev/tty1 joe:~> write jenny tty1 hey Jenny, shall we have lunch together? ^C User jenny gets this on her screen: Message from joe@lo.callhost.org on ptys/1 at 12:36 ... hey Jenny, shall we have lunch together? EOF After receiving a message, the terminal can be cleared using the Ctrl+L key combination. In order to receive no messages at all (except from the system administrator), use the mesg command. To see which connected users accept messages from others use who -w. All features are fully explained in the Info pages of each command. The group scheme is specific to the distribution. Other distributions may use other names or other solutions. One of the most powerful aspects of Linux concerns its open method of startingboot and stoppingshutdown the operating system, where it loads specified programs using their particular configurations, permits you to change those configurations to control the boot process, and shuts down in a graceful and organized way. Beyond the question of controlling the boot or shutdown process, the open nature of Linux makes it much easier to determine the exact source of most problems associated with starting up or shutting down your system. A basic understanding of this process is quite beneficial to everybody who uses a Linux system. A lot of Linux systems use lilobootLILO, the LInux LOaderLILO for booting operating systems. We will only discuss GRUBbootGRUB, however, which is easier to use and more flexible. Should you need information about lilo, refer to the man pages and HOWTOs. Both systems support dual boot installations, we refer to the HOWTOs on this subject for practical examples and background information. When an x86 computer is booted, the processor looks at the end of the system memory for the BIOSbootBIOS (Basic Input/Output SystemBIOS) and runs it. The BIOS program is written into permanent read-only memory and is always available for use. The BIOS provides the lowest level interface to peripheral devices and controls the first step of the boot process. The BIOS tests the system, looks for and checks peripherals, and then looks for a drive to use to boot the system. Usually it checks the floppy drive (or CD-ROM drive on many newer systems) for bootable media, if present, and then it looks to the hard drive. The order of the drives used for booting is usually controlled by a particular BIOS setting on the system. Once Linux is installed on the hard drive of a system, the BIOS looks for a Master Boot RecordMBR (MBR) starting at the first sector on the first hard drive, loads its contents into memory, then passes control to it. This MBRbootMBR contains instructions on how to load the GRUBGRUB (or LILO) boot-loader, using a pre-selected operating system. The MBR then loads the boot-loaderbootboot-loader, which takes over the process (if the boot-loader is installed in the MBR). In the default Red Hat Linux configuration, GRUB uses the settings in the MBR to display boot options in a menu. Once GRUB has received the correct instructions for the operating system to start, either from its command line or configuration file, it finds the necessary boot file and hands off control of the machine to that operating system. This boot method is called direct loadingbootdirect loading because instructions are used to directly load the operating system, with no intermediary code between the boot-loaders and the operating system's main files (such as the kernel). The boot process used by other operating systems may differ slightly from the above, however. For example, Microsoft's DOS and Windows operating systems completely overwrite anything on the MBR when they are installed without incorporating any of the current MBR's configuration. This destroys any other information stored in the MBR by other operating systems, such as Linux. The Microsoft operating systems, as well as various other proprietary operating systems, are loaded using a chain loading boot method. With this method, the MBR points to the first sector of the partition holding the operating system, where it finds the special files necessary to actually boot that operating system. GRUBGRUBfeatures supports both boot methods, allowing you to use it with almost any operating system, most popular file systems, and almost any hard disk your BIOS can recognize. GRUB contains a number of other features; the most important include: GRUB provides a true command-based, pre-OS environment on x86 machines to allow maximum flexibility in loading operating systems with certain options or gathering information about the system. GRUB supports Logical Block Addressing (LBALBA) mode, needed to access many IDE and all SCSI hard disks. Before LBA, hard drives could encounter a 1024-cylinder limit, where the BIOS could not find a file after that point. GRUB's configuration file is read from the disk every time the system boots, preventing you from having to write over the MBR every time you change the boot options. A full description of GRUB may be found by issuing the info grub command or at the GRUB site. The Linux Documentation Project has a Multiboot with GRUB Mini-HOWTO. The kernel, once it is loaded, finds initbootinit in sbin and executesinit it. When init starts, it becomes the parent or grandparent of all of the processes that start up automatically on your Linux system. The first thing init does, is reading its initialization file, /etc/inittabinittab. This instructs init to read an initial configuration script for the environment, which sets the path, starts swapping, checks the file systems, and so on. Basically, this step takes care of everything that your system needs to have done at system initialization: setting the clock, initializing serial ports and so forth. Then init continues to read the /etc/inittab file, which describes how the system should be set up in each run level and sets the default run levelrun level. A run level is a configuration of processes. All UNIX-like systems can be run in different process configurations, such as the single user modesingle user mode, which is referred to as run level 1 or run level S (or s). In this mode, only the system administrator can connect to the system. It is used to perform maintenance tasks without risks of damaging the system or user data. Naturally, in this configuration we don't need to offer user services, so they will all be disabled. Another run level is the reboot run level, or run level 6, which shuts down all running services according to the appropriate procedures and then restarts the system. Use the whorun leveldisplay to check what your currentwho run level is: willy@ubuntu:~$ who -r run-level 2 2006-10-17 23:22 last=S More about run levels in the next section, see . After having determined the default run level for your system, init starts all of the background processes necessary for the system to run by looking in the appropriate rc directoryrun levelrc files for that run level. init runs each of the killinitkill scripts scripts (their file names start with a K) with a stop parameter. It then runs all of the startinitstart scripts scripts (their file names start with an S) in the appropriate run level directory so that all services and applications are started correctly. In fact, you can execute these same scripts manually after the system is finished booting with a command like /etc/init.d/httpd stop or service httpd stop logged in as root, in this case stopping the web server. Note that on system startup, the scripts in rc2.d and rc3.d are usually executed. In that case, no services are stopped (at least not permanently). There are only services that are started. None of the scriptsprocessesinit scripts that actually start and stop the services are locatedrc*.d in /etc/rc<x>.d. Rather, all of the files in /etc/rc<x>.d are symbolic links that point to the actual scripts located in /etc/init.d. A symbolic link is nothing more than a file that points to another file, and is used in this case because it can be created and deleted without affecting the actual scripts that kill or start the services. The symbolic links to the various scripts are numbered in a particular order so that they start in that order. You can change the order in which the services start up or are killed by changing the name of the symbolic link that refers to the script that actually controls the service. You can use the same number multiple times if you want a particular service started or stopped right before or after another service, as in the example below, listing the content of /etc/rc5.d, where crond and xfs are both started from a linkname starting with S90. In this case, the scripts are started in alphabetical order. [jean@blub /etc/rc5.d] ls K15httpd@ K45named@ S08ipchains@ S25netfs@ S85gpm@ K16rarpd@ K46radvd@ S08iptables@ S26apmd@ S90crond@ K20nfs@ K61ldap@ S09isdn@ S28autofs@ S90xfs@ K20rstatd@ K65identd@ S10network@ S30nscd@ S95anacron@ K20rusersd@ K74ntpd@ S12syslog@ S55sshd@ S95atd@ K20rwalld@ K74ypserv@ S13portmap@ S56rawdevices@ S97rhnsd@ K20rwhod@ K74ypxfrd@ S14nfslock@ S56xinetd@ S99local@ K25squid@ K89bcm5820@ S17keytable@ S60lpd@ K34yppasswdd@ S05kudzu@ S20random@ S80sendmail@ After init has progressed through the run levels to get to the default run level, the /etc/inittab script forks a gettygetty process for each virtual console (login prompt in text mode). getty opens tty lines, sets their modes, prints the login prompt, gets the user's name, and then initiates a login process for that user. This allows users to authenticate themselves to the system and use it. By default, most systems offer 6 virtual consoles, but as you can see from the inittab file, this is configurable. /etc/inittab can also tell init how it should handle a user pressing Ctrl+Alt+Delete at the console. As the system should be properly shut down and restarted rather than immediately power-cycled, init is told to executeshutdown the command /sbin/shutdown -t3 -r now, for instance, when a user hits those keys. In addition, /etc/inittab states what init should do in case of power failures, if your system has a UPS unit attached to it. On most RPM-based systems the graphical login screen is started in run level 5, where /etc/inittab runs a script called /etc/X11/prefdmprefdm. The prefdm script runs the preferred X display manager, based on the contents of the /etc/sysconfig/desktop directory. This is typically gdmgdm if you run GNOME or kdmkdm if you run KDE, but they can be mixed, and there's also the xdm that comes with a standard X installation. But there are other possibilities as well. On Debian, for instance, there is an initscript for each of the display managers, and the content of the /etc/X11/default-display-manager is used to determine which one to start. More about the graphical interface can be read in . Ultimately, your system documentation will explain the details about the higher level aspects of init. The /etc/defaultdefault and/or /etc/sysconfigsysconfig directories contain entries for a range of functions and services, these are all read at boot time. The location of the directory containing system defaults might be somewhat different depending on your Linux distribution. Besides the graphical user environment, a lot of other services may be started as well. But if all goes well, you should be looking at a login prompt or login screen when the boot process has finished. We explained how SysVinitSysV/BSD init works on x86 based machines. Startup procedures may vary on other architectures and distributions. Other systems may use the BSD-style init, where startup files are not split up into multiple /etc/rc<LEVEL>.d directories. It might also be possible that your system uses /etc/rc.d/init.d instead of /etc/init.d. The idea behind operating differentinitrun levels services at different run levels essentially revolves around the fact that different systems can be used in different ways. Some services cannot be used until the system is in a particular state, or mode, such as being ready for more than one user or having networking available. There are times in which you may want to operate the system in a lower mode. Examples are fixing disk corruption problems in run level 1 so no other users can possibly be on the system, or leaving a server in run level 3 without an X session running. In these cases, running services that depend upon a higher system mode to function does not make sense because they will not work correctly anyway. By already having each service assigned to start when its particular run level is reached, you ensure an orderly start up process, and you can quickly change the mode of the machine without worrying about which services to manually start or stop. Available run levels are generally described in /etc/inittab, which is partially shown below: # # inittab This file describes how the INIT process should set up # the system in a certain run-level. # Default run level. The run levels are: # 0 - halt (Do NOT set initdefault to this) # 1 - Single user mode # 2 - Multiuser, without NFS # (The same as 3, if you do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:5:initdefault: <--cut--> Feel free to configure unused run levels (commonly run level 4) as you see fit. Many users configure those run levels in a way that makes the most sense for them while leaving the standard run levels as they are by default. This allows them to quickly move in and out of their custom configuration without disturbing the normal set of features at the standard run levels. If your machine gets into a state where it will not boot due to a bad /etc/inittab or will not let you log in because you have a corrupted /etc/passwd file (or if you have simply forgotten your password), boot into single-user mode. When you are working in text mode because you didn't get presented a graphical login screen on the console of your machine, you can normally switch to console 7 or up to have a graphical login. If this is not the case, check the current run level using the command who -r. If it is set to something else than the original default from /etc/inittab, chances are that the system does not start up in graphical mode by default. Contact your system administrator or read man init in that case. Note that switching run levelsrun levelsswitching is done preferably using the telinittelinit command; switching from a text to a graphical console or vice versa does not involve a run level switch. The discussion of run levels, scripts and configurations in this guide tries to be as general as possible. Lots of variations exist. For instance, Gentoo Linux stores scripts in /etc/run levels. Other systems might first run through (a) lower run level(s) and execute all the scripts in there before arriving at the final run level and executing those scripts. Refer to your system documentation for more information. You might also read through the scripts that are refered to in /etc/inittab to get a better comprehension of what happens on your system. The chkconfigchkconfig or update-rc.dupdate-rc.d utilities, when installed on your system, provide a simple command-line tool for maintaining the /etc/init.dinit.d directory hierarchy. These relieveinit scriptsadministration system administrators from having to directly manipulate the numerous symbolic links in the directories under /etc/rc[x].d. In addition, some systems offer the ntsysvntsysv tool, which provides a text-based interface; you may find this easier to use than chkconfig's command-line interface. On SuSE Linux, you will find the yastyast and insservinsserv tools. For Mandrake easy configuration, you may want to try DrakConfDrakConf, which allows among other features switching between run levels 3 and 5. In Mandriva this became the Mandriva Linux Control Center. Most distributions provide a graphical user interface for configuring processes, check with your system documentation. All of these utilities must be run as root. The system administrator may also manually create the appropriate links in each run level directory in order to start or stop a service in a certain run level. UNIX was not made to be shut down, but if you really must, use the shutdownshutdown command. After completing the shutdown procedure, the -h option will halt the system, while -r will rebootreboot it. The reboot and halthalt commands are now able to invoke shutdown if run when the system is in run levels 1-5, and thus ensure proper shutdown of the system,but it is a bad habit to get into, as not all UNIX/Linux versions have this feature. If your computer does not power itself down, you should not turn off the computer until you see a message indicating that the system is halted or finished shutting down, in order to give the system the time to unmount all partitions. Being impatient may cause data loss. While managing system resourcesprocessesmanaging, including processes, is a task for the local system administrator, it doesn't hurt a common user to know something about it, especially where his or her own processes and their optimal execution are concerned. We will explain a little bit on a theoretical level about system performance, though not as far as hardware optimization and other advanced procedures. Instead, we will study the daily problems a common user is confronted with, and actions such a user can take to optimally use the resources available. As we learn in the next section, this is mainly a matter of thinking before acting.

Man-powered computer: one person works the pedals, one person works with the comp.

Bash offers a built-in timetime command that displays how long a command takes to execute. The timingprocessestiming is highly accurate and can be used on any command. In the example below, it takes about a minute and a half to make this book: tilly:~/xml/src> time make Output written on abook.pdf (222 pages, 1619861 bytes). Transcript written on abook.log. real 1m41.056s user 1m31.190s sys 0m1.880s The GNU time command in /usr/bin (as opposed to the shell built-in version) displays more information that can be formatted in different ways. It also shows the exit status of the command, and the total elapsed time. The same command as the above using the independent time gives this output: tilly:~/xml/src> /usr/bin/time make Output written on abook.pdf (222 pages, 1595027 bytes). Transcript written on abook.log. Command exited with non-zero status 2 88.87user 1.74system 1:36.21elapsed 94%CPU (0avgtext+0avgdata 0maxresident)k 0inputs+0outputs (2192major+30002minor)pagefaults 0swaps Refer again to the Info pages for all the information. To a user, performancesystemperformance means quick execution of commands. To a system manager, on the other hand, it means much more: the system admin has to optimize system performanceperformance for the whole system, including users, all programs and daemons. System performance can depend on a thousand tiny things which are not accounted for with the time command: the program executing is badly written or doesn't use the computer appropriately access to disks, controllers, display, all kinds of interfaces, etc. reachability of remote systems (network performance) amount of users on the system, amount of users actually working simultaneously time of day ... In short: the loadsystemload depends on what is normalload for your system. My old P133 running a firewall, SSH server, file server, a route daemon, a sendmail server, a proxy server and some other services doesn't complain with 7 users connected; the load is still 0 on average. Some (multi-CPU) systems I've seen were quite happy with a load of 67. There is only one way to find out - check the load regularly if you want to know what's normal. If you don't, you will only be able to measure system load from the response time of the command line, which is a very rough measurement since this speed is influenced by a hundred other factors. Keep in mind that different systems will behave different with the same load average. For example, a system with a graphics card supporting hardware acceleration will have no problem rendering 3D images, while the same system with a cheap VGA card will slow down tremendously while rendering. My old P133 will become quite uncomfortable when I start the X server, but on a modern system you hardly notice the difference in the system load. A big environment can slow you down. If you have lots of environment variables set (instead of shell variables), long search paths that are not optimized (errors in setting the path environment variable) and more of those settings that are usually made on the fly, the system will need more time to search and read data. In X, window managers and desktop environments can be real CPU-eaters. A really fancy desktop comes with a price, even when you can download it for free, since most desktops provide add-ons ad infinitum. Modesty is a virtue if you don't buy a new computer every year. The priorityprocessespriority or importance of a job is defined by it's nice numbernice number. A program with a high nice number is friendly to other programs, other users and the system; it is not an important job. The lower the nice number, the more important a job is and the more resources it will take without sharing them. Making a job nicer by increasing its nice number is only useful for processes that use a lot of CPU time (compilers, math applications and the like). Processes that always use a lot of I/O time are automatically rewarded by the system and given a higher priority (a lower nice number), for example keyboard input always gets highest priority on a system. Defining the priority of a program is done with the nicenice command. Most systems also provide the BSD renicerenice command, which allows you to change the niceness of a running command. Again, read the man page for your system-specific information. It is NOT a good idea to nice or renice an interactive program or a job running in the foreground. Use of these commands is usually a task for the system administrator. Read the man page for more info on extra functionality available to the system administrator. On every Linux system, many programs want to use the CPUsystemCPU resources(s) at the same time, even if you are the only user on the system. Every program needs a certain amount of cycles on the CPU to run. There may be times when there are not enough cycles because the CPU is too busy. The uptimeuptime command is wildly inaccurate (it only displays averages, you have to know what is normal), but far from being useless. There are some actions you can undertake if you think your CPU is to blame for the unresponsiveness of your system: Run heavy programs when the load is low. This may be the case on your system during the night. See next section for scheduling. Prevent the system from doing unnecessary work: stop daemons and programs that you don't use, use locate instead of a heavy find, ... Run big jobs with a low priority If none of these solutions are an option in your particular situation, you may want to upgrade your CPU. On a UNIX machine this is a job for the system admin. When the currently running processessystemmemory resources expect more memory than the system has physically available, a Linux system will not crash; it will start paging, or swappingswapping, meaning the process uses the memory on disk or in swap space, moving contents of the physical memory (pieces of running programs or entire programs in the case of swapping) to disk, thus reclaiming the physical memory to handle more processes. This slows the system down enormously since access to disk is much slower than access to memory. The toptop command can be used to display memory and swap use. Systems using glibc offer the memusage and memusagestat commands to visualize memory usage. If you find that a lot of memory and swap space are being used, you can try: Killing, stopping or renicing those programs that use a big chunk of memory Adding more memory (and in some cases more swap space) to the system. Tuning system performance, which is beyond the scope of this document. See the reading list in for more. While I/O limitationssystemI/O resources are a major cause of stress for system admins, the Linux system offers rather poor utilities to measure I/O performance. The psps, vmstatvmstat and toptop tools give some indication about how many programs are waiting for I/O; netstatnetstat displays network interface statistics, but there are virtually no tools available to measure the I/O response to system load, and the iostatiostat command gives a brief overview of general I/O usage. Various graphical front-ends exist to put the output of these commands in a humanly understandable form. Each device has its own problems, but the bandwidth available to network interfaces and the bandwidth available to disks are the two primary causes of bottlenecks in I/O performance. Network I/O problems: Network overload: The amount of data transported over the network is larger than the network's capacity, resulting in slow execution of every network related task for all users. They can be solved by cleaning up the network (which mainly involves disabling protocols and services that you don't need) or by reconfiguring the network (for example use of subnets, replacing hubs with switches, upgrading interfaces and equipment). Network integrity problems: Occurs when data is transferred incorrectly. Solving this kind of problem can only be done by isolating the faulty element and replacing it. Disk I/O problems: per-process transfer rate too low: Read or write speed for a single process is not sufficient. aggregate transfer rate too low: The maximum total bandwidth that the system can provide to all programs that run is not enough. This kind of problem is more difficult to detect, and usually takes extra hardware in order to re-divide data streams over buses, controllers and disks, if overloaded hardware is cause of the problem. One solution to solve this is a RAID array configuration optimized for input and output actions. This way, you get to keep the same hardware. An upgrade to faster buses, controlers and disks is usually the other option. If overload is not the cause, maybe your hardware is gradually failing, or not well connected to the system. Check contacts, connectors and plugs to start with. Users can be divided in several classes, depending on their behavior with resourceusersclassification usage: Users who run a (large) number of small jobs: you, the beginning Linux user, for instance. Users who run relatively few but large jobs: users running simulations, calculations, emulators or other programs that eat a lot of memory, and usually these users have accompanying large data files. Users who run few jobs but use a lot of CPU time (developers and the like). You can see that system requirements may vary for each class of users, and that it can be hard to satisfy everyone. If you are on a multi-user system, it is useful (and fun) to find out habits of other users and the system, in order to get the most out of it for your specific purposes. For the graphical environment, there are a whole bunch of monitoringsystemmonitoring tools available. Below is a screen shot of the Gnome System Monitormonitoring, which has features for displaying and searching process information, and monitoringGnome System Monitor system resources:

This GUI shows a graphic of how load and memory usage vary with time.

There are also a couple of handy icons you can install in the task bar, such as a disk, memory and load monitor. xloadxload is another small X application for monitoring system load. Find your favorite! As a non-privileged user, you can only influence your own processes. We already saw how you can display processes and filter out processes that belong to a particular user, and what possible restrictions can occur. When you see that one of your processes is eating too much of the system's resourcesprocessesmanage load, there are two things that you can do: Make the process use less resources without interrupting it; Stop the process altogether. In the case that you want the process to continue to run, but you also want to give the other processes on the system a chance, you can renice the process. Appart from using the nice or renice commands, toptopchanging process priority is an easy way of spotting the troublesome process(es) and reducing priorityprocesseschanging priority. Identify the process in the NI column, it will most likely have a negative priority. Type r and enter the process ID of the process that you want to renice. Then enter the nice value, for instance 20. That means that from now on, this process will take 1/5 of the CPU cycles at the most. Examples of processes that you want to keep on running are emulators, virtual machines, compilers and so on. If you want to stop a process because it hangs or is going totally berserk in the way of I/O consumption, file creation or use of other system resources, use the kill command. If you have the opportunity, first try to kill the process softly, sending it the SIGTERMSIGTERM signal. This is an instruction to terminate whatever it is doing, according to procedures as described in the code of the programkillexample: joe:~> ps -ef | grep mozilla joe 25822 1 0 Mar11 ? 00:34:04 /usr/lib/mozilla-1.4.1/mozilla- joe:~> kill -15 25822 In the example above, user joe stopped his Mozilla browser because it hung. Some processes are a little bit harder to get rid of. If you have the time, you might want to send them the SIGINTSIGINT signal to interrupt them. If that does not do the trick either, use the strongest signal, SIGKILLSIGKILL. In the example below, joe stopskillexample a Mozilla that is frozen: joe:~> ps -ef | grep mozilla joe 25915 1 0 Mar11 ? 00:15:06 /usr/lib/mozilla-1.4.1/mozilla- joe:~> kill -9 25915 joe:~> ps -ef | grep 25915 joe 2634 32273 0 18:09 pts/4 00:00:00 grep 25915 In such cases, you might want to check that the process is really dead, using the grep filter again on the PID. If this only returns the grep process, you can be sure that you succeeded in stopping the process. Among processes that are hard to kill is your shell. And that is a good thing: if they would be easy to kill, you woud loose your shell every time you type Ctrl-C on the command line accidentally, since this is equivalent to sending a SIGINT. The usage of pipes (|) for using output of one command as input of another is explained in the next chapter, . In a graphical environment, the xkillxkill program is very easy to use. Just type the name of the command, followed by an Enter and select the window of the application that you want to stop. It is rather dangerous because it sends a SIGKILL by default, so only use it when an application hangs. A Linux system can have a lot to suffer from, but it usually suffersprocessesscheduling only during office hours. Whether in an office environment, a server room or at home, most Linux systems are just idling away during the morning, the evening, the nights and weekends. Using this idle time can be a lot cheaper than buying those machines you'd absolutely need if you want everything done at the same time. There are three typesschedulingtypes of delayed execution: Waiting a little while and then resuming job execution, using the sleepsleep command. Execution time depends on the system time at the moment of submission. Running a command at a specifiedat time, using the at command. Execution of the job(s) depends on system time, not the time of submission. Regularly running a command on a monthly, weekly, daily or hourly basis, using the croncron facilities. The following sections discuss each possibility. The Info page on sleep is probably one of the shortest there is. All sleepschedulingsleep does is wait. By default the time to wait is expressed in seconds. So why does it exist? Some practical examplessleepexamples: Somebody calls you on the phone, you say "Yes I'll be with you in half an hour" but you're about drowned in work as it is and bound to forget your lunch: (sleep 1800; echo "Lunch time..") & When you can't use the at command for some reason, it's five o'clock, you want to go home but there's still work to do and right now somebody is eating system resources: (sleep 10000; myprogram) & Make sure there's an auto-logout on your system, and that you log out or lock your desktop/office when submitting this kind of job, or run it in a screen session. When you run a series of printouts of large files, but you want other users to be able to print in between: lp lotoftext; sleep 900; lp hugefile; sleep 900; lp anotherlargefile Printing files is discussed in . Programmers often use the sleep command to halt script or program execution for a certain time. The at commandschedulingat executes commands at a given time, using your default shell unless you tell the command otherwise (see the man page). The options to at are rather user-friendly, which is demonstrated in the examplesatexample below: steven@home:~> at tomorrow + 2 days warning: commands will be executed using (in order) a) $SHELL b) login shell c) /bin/sh at> cat reports | mail myboss@mycompany at> <EOT> job 1 at 2001-06-16 12:36 Typing Ctrl+D quits the at utility and generates the EOT message. User steven does a strange thing here combining two commands; we will study this sort of practice in , Redirecting Input and Output. steven@home:~> at 0237 warning: commands will be executed using (in order) a) $SHELL b) login shell c) /bin/sh at> cd new-programs at> ./configure; make at> <EOT> job 2 at 2001-06-14 02:00 The -m option sends mail to the user when the job is done, or explains when a job can't be done. The command atq lists jobs; perform this command before submitting jobs in order prevent them from starting at the same time as others. With the atrm command you can remove scheduled jobs if you change your mind. It is a good idea to pick strange executionschedulingexecution time times, because system jobs are often run at round hours, as you can see in the next section. For example, jobs are often run at exactly 1 o'clock in the morning (e.g. system indexing to update a standard locate database), so entering a time of 0100 may easily slow your system down rather than fire it up. To prevent jobs from running all at the same time, you may also use the batchschedulingbatch command, which queues processes and feeds the work in the queue to the system in an evenly balanced way, preventing excessive bursts of system resource usage. See the Info pages for more information. The cron system is managed by the cron daemondaemonscron. It gets information about which programs and when they should run from the system's and users' crontabschedulingcron entries. Only the root user has access to the system crontabs, while each user should only have access to his own crontabs. On some systems (some) users may not have access to the cron facility. At system startup the cron daemon searches /var/spool/cron/ for crontab entries which are named after accounts in /etc/passwd, it searches /etc/cron.d/cron.d and it searches /etc/crontabcrontab, then uses this information every minute to check if there is something to be done. It executes commands as the user who owns the crontab file and mails any output of commands to the owner. On systems using VixiecronVixie cron cron, jobs that occur hourly, daily, weekly and monthly are kept in separate directories in /etc to keep an overview, as opposed to the standard UNIX cron function, where all tasks are entered into one big file. Example of a Vixie crontabcrontabexample file: [root@blob /etc]# more crontab SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # run-parts # commands to execute every hour 01 * * * * root run-parts /etc/cron.hourly # commands to execute every day 02 4 * * * root run-parts /etc/cron.daily # commands to execute every week 22 4 * * 0 root run-parts /etc/cron.weekly commands to execute every month 42 4 1 * * root run-parts /etc/cron.monthly You could also use the crontab -l command to display crontabs. Some variables are set, and after that there's the actual scheduling, one line per job, starting with 5 timecroncrontab syntax and date fields. The first field contains the minutes (from 0 to 59), the second defines the hour of execution (0-23), the third is day of the month (1-31), then the number of the month (1-12), the last is day of the week (0-7, both 0 and 7 are Sunday). An asterisk in these fields represents the total acceptable range for the field. Lists are allowed; to execute a job from Monday to Friday enter 1-5 in the last field, to execute a job on Monday, Wednesday and Friday enter 1,3,5. Then comes the user who should run the processes which are listed in the last column. The example above is from a Vixie cron configuration where root runs the program run-partsrun-parts on regular intervalscronrun-parts, with the appropriate directories as options. In these directories, the actual jobs to be executed at the scheduled time are stored as shell scripts, like this little script that is run daily to update the database used by the locate command: billy@ahost cron.daily]$ cat slocate.cron #!/bin/sh renice +19 -p $$ >/dev/null 2>&1 /usr/bin/updatedb -f "nfs,smbfs,ncpfs,proc,devpts" -e \ "/tmp,/var/tmp, /usr/tmp,/afs,/net" Users are supposed to edit their crontabscronedit crontab in a safe way using the crontab -e commandcrontab. This will prevent a user from accidentally opening more than one copy of his/her crontab file. The default editor is vi (see , but you can use any text editor, such as gvim or gedit if you feel more comfortable with a GUI editor. When you quit, the system will tell you that a new crontab is installed. This crontab entry reminds billy to go to his sports club every Thursday night: billy:~> crontab -l # DO NOT EDIT THIS FILE - edit the master and reinstall. # (/tmp/crontab.20264 installed on Sun Jul 20 22:35:14 2003) # (Cron version -- $Id$) 38 16 * * 3 mail -s "sports evening" billy After adding a new scheduled task, the system will tell you that a new crontab is installed. You do not need to restart the cron daemon for the changes to take effect. In the example, billy added a new line pointing to a backup script: billy:~> crontab -e 45 15 * * 3 mail -s "sports evening" billy 4 4 * * 4,7 /home/billy/bin/backup.sh <--write and quit--> crontab: installing new crontab billy:~> The backup.sh script is executed every Thursday and Sunday. See for an introduction to shell scripting. Keep in mind that output of commands, if any, is mailed to the owner of the crontab file. If no mail service is configured, you might find the output of your commands in your local mailbox, /var/spool/mail/<your_username>, a plain text file. You don't have to specify the user who should run the commands. They are executed with the user's own permissions by default. Linux is a multi-user, multi-tasking operating system that has a UNIX-like way of handling processes. Execution speed of commands can depend on a thousand tiny things. Among others, we learned a lot of new commands to visualize and handle processes. Here's a list: CommandMeaning atQueue jobs for later execution. atqLists the user's pending jobs. atrmDeletes jobs, determined by their job number. batchExecutes commands when system load level permits. crontabMaintain crontab files for individual users. haltStop the system. init run levelProcess control initialization. jobsLists currently executing jobs. killTerminate a process. mesgControl write access to your terminal. netstatDisplay network connections, routing tables, interface statistics, masquerade connections and multicast memberships. niceRun a program with modified scheduling priority. pgrepDisplay processes. psReport process status. pstreeDisplay a tree of processes. rebootStop the system. reniceAlter priority of running processes. shutdownBring the system down. sleepDelay for a specified time. timeTime a command or report resource usage. topDisplay top CPU processes. uptimeShow how long the system has been running. vmstatReport virtual memory statistics. wShow who is logged on and what they are doing. wallSend a message to everybody's terminals. whoShow who is logged on. writeSend a message to another user. These are some exercises that will help you get the feel for processes running on your system. Run top in one terminal while you do the exercises in another. Run the ps command. Read the man pages to find out how to display all your processes. Run the command find /. What effect does it have on system load? Stop this command. In graphical mode, start the xclock program in the foreground. Then let it run in the background. Stop the program using the kill command. Run the xcalc directly in the background, so that the prompt of the issuing terminal is released. What does kill -9 -1 do? Open two terminals or terminal windows again and use write to send a message from one to the other. Issue the dmesg command. What does it tell? How long does it take to execute ls in the current directory? Based on process entries in /proc, owned by your UID, how would you work to find out which processes these actually represent? How long has your system been running? Which is your current TTY? Name 3 processes that couldn't have had init as an initial parent. Name 3 commands which use SUID mode. Explain why this is so. Name the commands that are generally causing the highest load on your system. Can you reboot the system as a normal user? Why is that? According to your current run level, name the steps that are taken during shutdown. How do you change the system run level? Switch from your default run level to run level 1 and vice versa. Make a list of all the services and daemons that are started up when your system has booted. Which kernel is currently load at startup? Suppose you have to start some exotic server at boot time. Up until now, you logged in after booting the system and started this server manually using a script named deliver_pizza in your home directory. What do you have to do in order to have the service start up automatically in run level 4, which you defined for this purpose only? Use sleep to create a reminder that your pasta is ready in ten minutes. Create an at job that copies all files in your home directory to /var/tmp within half an hour. You may want to create a sub-directory in /var/tmp. Make a cronjob that does this task every Monday to Friday during lunch. Check that it works. Make a mistake in the crontab entry, like issuing the nonexistent command coppy instead of cp. What happens upon execution of the task?