In Linux, processes may need to be killed in various situations, including when they become unresponsive or consume excessive system resources, hindering system performance.
Killing processes is often necessary during software updates, installations, or when misconfigurations cause issues. It can be essential for security reasons, such as terminating suspicious processes or enforcing policies.
Additionally, administrators might terminate user sessions in multi-user systems, and processes may need to be stopped for a clean system shutdown or reboot.
Identify the processes
Understanding which processes to kill in Linux is crucial for maintaining system stability and ensuring the integrity of ongoing operations. Terminating the wrong processes can lead to data loss, system instability, or even system crashes. It is essential to identify and selectively terminate processes that are unresponsive, consuming excessive resources, or causing specific issues.
A nuanced understanding allows users and administrators to make informed decisions, prioritizing processes that pose a threat to system functionality while avoiding unnecessary disruption to critical tasks or services.
How to find the Process PID?
The Process ID (PID) is a unique numerical identifier assigned to each running process on a computer system. It is used by the operating system’s kernel to track and manage processes. Every time a new process is created, the kernel assigns it a PID, which distinguishes it from other processes. PIDs are crucial for various system-related tasks, such as process management, resource allocation, and communication between processes.
In Linux and Unix-like operating systems, PIDs are positive integers. The PID 1 is typically reserved for the init process, which is the first process started by the kernel during system initialization. Subsequent processes are assigned increasing PIDs.
To list all processes and their Process IDs (PIDs), you can use the following ps command options:
ps auxWhen you run the above command, here is the sample output you’re going to get on your terminal:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 12345 6789 ? Ss Jan01 0:02 /sbin/init
john 123 1.0 1.5 98765 43210 pts/0 S Jan01 2:30 /usr/bin/example
alice 456 0.5 0.8 54321 12345 pts/1 R Jan02 1:15 /usr/bin/another
bob 789 2.5 2.0 120000 67890 tty2 Sl Jan03 3:45 /usr/bin/someprocess
mary 1011 0.1 0.3 24680 9876 ? S Jan04 0:10 /usr/bin/test
sam 1313 0.0 0.2 13579 4321 pts/2 Ss+ Jan05 0:05 /usr/bin/ssh-agent
david 1717 1.2 1.0 75321 23456 pts/3 Sl Jan06 1:30 /usr/bin/editor
kate 2020 0.3 0.4 45678 13579 ? S Jan07 0:25 /usr/bin/browser
guest 2525 0.7 0.6 67890 24680 pts/4 R+ Jan08 1:50 /usr/bin/musicplayer
admin 3030 0.9 1.2 87654 34567 tty3 Ssl Jan09 2:15 /usr/bin/adminpanel
...I advise you to follow this detailed guide on how to list Linux Processes using the Terminal. This will help you to understand everything you need to know in detail
Using the kill command
The kill command in Linux is used to send signals to processes, allowing you to manage their behavior. While its primary purpose is to terminate processes, it can also be used to instruct a process to reload its configuration or perform other actions. The basic syntax of the kill command is:
kill [options] <PID>Here, <PID> is the Process ID of the target process.
As I said above, you can use the ps aux command to identify the process PIDs and then decide what to kill.
ps auxThe output of the above command will be as follows:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 12345 6789 ? Ss Jan01 0:02 /sbin/init
www-data 100 0.1 0.5 54321 12345 ? S Jan02 1:15 /usr/sbin/apache2 -k start
ftp 200 0.2 0.3 45678 13579 ? S Jan03 1:30 /usr/sbin/vsftpd
root 300 0.0 0.2 24680 9876 ? S Jan04 0:10 /usr/bin/nmap -sP 192.168.1.1-10
rdp 400 0.5 1.0 98765 43210 ? S Jan05 2:30 /usr/sbin/xrdp
...
The above output shows that multiple processes are running, each with its assigned PID numerical value.
To kill any of these processes, we’re going to use their PID value and run the command like this;
sudo kill -15 200This command will kill the FTP process using its PID value, which is 200 in our case. For your case, the PID values could differ.
You can also notice that in the above command, there is a -15 value. This is called the SIGTERM signal default value.
The relationship between the kill command and the SIGTERM signal
The kill command in Unix-like operating systems is used to send signals to processes. One of the commonly used signals with the kill command is SIGTERM (Signal Terminate). SIGTERM is a signal that requests a process to terminate gracefully.
When you use the kill command without specifying a signal, it defaults to sending SIGTERM (signal number 15). You can use either the signal name (SIGTERM) or its numerical equivalent (15) with the kill command.
When to use the SIGTERM and SIGKILL Signals when killing Linux processes
The SIGKILL signal is a more forceful signal compared to SIGTERM. While SIGTERM allows a process to perform cleanup operations before termination, SIGKILL immediately terminates the process without giving it any chance to clean up.
Here’s information about SIGKILL and its use in the kill command:
- Signal Name:
SIGKILL - Signal Number:
9
For example, the following command uses the kill command and SIGKILL signal to forcefully end the process:
kill -9 PIDThe SIGKILL signal is often used under the following circumstances:
- When a process is unresponsive to the
SIGTERMsignal or in situations where immediate termination is necessary. - When a process is not responding to normal termination requests.
- In emergencies where a process needs to be terminated immediately.
- In scenarios where a process is stuck in an unrecoverable state.
While SIGKILL is effective for terminating processes, it should be used with caution, as it does not allow the process to perform any cleanup operations. This can potentially lead to data loss or corruption if the process is in the middle of critical operations. It is generally recommended to try SIGTERM first and resort to SIGKILL only if necessary.
Using the pkill command
The pkill command in Linux is used to send signals to processes based on their names or other attributes. It simplifies the process of finding and killing processes compared to using ps and kill commands together. Here are some examples of how to use the pkill command:
To kill a process by name using the pkill command, you can use the following syntax:
pkill process_nameReplace process_name with the name of the process you want to terminate. This sends the default signal, SIGTERM, to the specified process.
Specify Signal
You can specify a different signal using the -signal option. For example, to use SIGKILL:
pkill -9 process_nameThe above command will forcefully kill the process using the SIGKILL signal
Kill Process by User
To kill all processes owned by a specific user:
pkill -u usernameReplace username with the name of the user.
Case-Insensitive Matching
By default, pkill performs case-sensitive matching. To perform a case-insensitive match:
pkill -i process_nameUsing the killall command
The killall command in Linux is used to terminate processes based on their names. It is similar to pkill but has some differences in behavior and options. Here are examples of how to use the killall command:
Syntax Usage
To kill a process by name, you can use the following syntax:
killall process_nameReplace process_name with the name of the process you want to terminate. This sends the default signal, SIGTERM, to the specified process.
Specify Signal
You can specify a different signal using the -signal option. For example, to use SIGKILL:
killall -9 process_nameReplace process_name with the name of the process.
Kill Process by User
To kill all processes owned by a specific user:
killall -u usernameReplace username with the name of the user.
Case-Insensitive Matching
By default, killall performs case-sensitive matching. To perform a case-insensitive match:
killall -i process_nameWhat is the difference between the pkill and killall commands?
pkill and killall are commands in Linux used to terminate processes based on their names, but they exhibit differences in behavior and options. pkill allows for more flexible matching criteria, as it can terminate processes based on any part of the process name or other attributes like the command line. It also provides the -i option for case-insensitive matching and supports specifying signals with the -signal option. Additionally, pkill offers a dry run option (-n), allowing users to preview matching processes without actually terminating them.
On the other hand, killall is more restrictive in its matching criteria, as it primarily matches processes based on the entire process name. Like pkill, it supports case-sensitive and case-insensitive matching with the -i option, and it allows users to specify signals using the -signal option. While not as versatile as pkill in terms of matching criteria, killall is known for its simplicity and strictness in focusing on complete process name matches.
Both commands are widely available on Unix-like systems, with pkill being more commonly found across different distributions. Users can choose between pkill and killall based on their specific requirements, with pkill offering more flexibility and additional features, while killall provides a straightforward approach with strict matching based on the entire process name.
