Previous Page
Next Page

Viewing a Process


Explain how to view system processes.

Solaris is a multitasking environment in which a number of programs run at the same time. This means that many users can be active on the system at the same time, running many jobs (processes) simultaneously. Each Solaris program can start and stop multiple processes while it is running, but only one job is active per processor at any given time while the other jobs wait in a job queue. Because each process takes its turn running in very short time slices (much less than a second each), multitasking operating systems give the appearance that multiple processes are running at the same time. A parent process forks a child process, which, in turn, can fork other processes.


Forks The term fork is used to describe a process started from another process. As with a fork in the road, one process turns into two. You'll also see the term spawn usedthe two words are interchangeable for the purposes of this subject.

A program can be made up of many processes. A process is part of a program running in its own address space. A process under Solaris consists of an address space and a set of data structures in the kernel to keep track of that process. The address space is divided into various sections that include the instructions that the process may execute, memory allocated during the execution of the process, the stack, and memory-mapped files. The kernel must keep track of the following data for each process on the system:

  • Address space

  • Current status of the process

  • Execution priority of the process

  • Resource usage of the process

  • Current signal mask

  • Ownership of the process

A process is distinct from a job, command, or program that can be composed of many processes working together to perform a specific task. For example, a computer-aided design application is a single program. When this program starts, it spawns other processes as it runs. When a user logs in to the program, it spawns yet other processes. Each process has a process ID associated with it and is referred to as a PID. You can monitor processes that are currently executing by using one of the commands listed in Table 5.1.

Table 5.1. Commands to Display Processes




Executed from the command line to display information about active processes.


Executed from the command line to find processes by a specific name or attribute.


Executed from the command line to display information about active processes on the system.


A GUI used to display and control processes on a system. This utility requires the X Window System (also known as X Windows).

SMC process tool

A GUI available in the Solaris Management Console used to monitor and manage processes on a system.


Executed from the command line to examine the arguments and environment variables of a process.


With the -p option, this Service Management Facility command will list processes associated with each service instance.

Before getting into the commands used to monitor processes, you first need to become familiar with process attributes. A process has certain attributes that directly affect execution. These are listed in Table 5.2.

Table 5.2. Process Attributes




The process identification (a unique number that defines the process within the kernel)


The parent PID (the parent of the process)


The user ID number of the user who owns the process


The effective user ID of the process


The group ID of the user who owns the process


The effective group ID that owns the process


The priority at which the process runs

Use the ps command to view processes currently running on the system. Use the ps command when you're on a character-based terminal and don't have access to a graphical display. Adding the -l option to the ps command displays a variety of other information about the processes currently running, including the state of each process (listed under S). The codes used to show the various process states are listed in Table 5.3.

Table 5.3. Process States


Process State




The process is running on a processor.



The process is waiting for an event to complete.



The process is on the run queue.


Zombie state

The process was terminated and the parent is not waiting.



The process was stopped by a signal because the parent is tracing it.

To see all the processes that are running on a system, type the following:

ps -el

The system responds with the following output:

# ps -el

19 T   0     0     0  0   0 SY   ?     0        ?    0:18 sched
 8 S   0     1     0  0  40 20   ?   150      ? ?    0:00 init
19 S   0     2     0  0   0 SY   ?     0      ? ?    0:00 pageout
19 S   0     3     0  0   0 SY   ?     0      ? ?    0:01 fsflush
 8 S   0   309     1  0  40 20   ?   217      ? ?    0:00 sac
 8 S   0   315     1  0  40 20   ?   331      ? ?    0:00 sshd
 8 S   0   143     1  0  40 20   ?   273      ? ?    0:00 rpcbind
 8 S   0    51     1  0  40 20   ?   268      ? ?    0:00 sysevent
 8 S   0    61     1  0  40 20   ?   343      ? ?    0:01 picld
 8 S   0   453   403  0  50 20   ?  1106      ? ?    0:00 dtfile
 8 S   0   189     1  0  40 20   ?   509      ? ?    0:00 automoun
 8 S   0   165     1  0  40 20   ?   292      ? ?    0:00 inetd
 8 S   0   200     1  0  40 20   ?   415      ? ?    0:00 syslogd
 8 S   0   180     1  0  40 20   ?   266      ? ?    0:00 lockd
 8 S   0   219     1  0  40 20   ?   391      ? ?    0:00 lpsched
 8 S   1   184     1  0  40 20   ?   306      ? ?    0:00 statd
 8 S   0   214     1  0  40 20   ?   365      ? ?    0:00 nscd
 8 S   0   204     1  0  40 20   ?   254      ? ?    0:00 cron
 8 S   0   232     1  0  40 20   ?   173      ? ?    0:00 powerd
 8 S   0   255   254  0  40 20   ?   215      ? ?    0:00 smcboot
 8 S   0   258     1  0  40 20   ?   356      ? ?    0:02 vold

The manual page for the ps command describes all the fields displayed with the ps command, as well as all the command options. Table 5.4 lists some important fields.

Table 5.4. Process Fields




Flags associated with the process.


The state of the process. The two most common values are S for sleeping and R for runnable. An important value to look for is X, which means that the process is waiting for memory to become available. When you frequently see this on your system, you are out of memory. Refer to Table 5.3 for a complete list of the process states.


The user ID of the process owner. For many processes, this is 0 because they run setuid.


The process ID of each process. This value should be unique. Generally, PIDs are allocated lowest to highest, but they wrap at some point. This value is necessary for you to send a signal, such as the kill signal, to a process.


The parent process ID. This identifies the parent process that started the process. Using the PPID enables you to trace the sequence of process creation that took place.


The priority of the process. Without the -c option, higher numbers mean lower priority. With the -c option, higher numbers mean higher priority.


The nice value, used in priority computation. This is not printed when the -c option is used. The process's nice number contributes to its scheduling priority. Making a process nicer means lowering its priority.


The memory address of the process.


The SIZE field. This is the total number of pages in the process. Page sizes are 8192 bytes on sun4u systems, but vary on different hardware platforms. Issue the /usr/bin/pagesize command to display the page size on your system.


The address of an event for which the process is sleeping (if it's -, the process is running).


The starting time of the process (in hours, minutes, and seconds).


The terminal assigned to your process.


The cumulative CPU time used by the process in minutes and seconds.


The command that generated the process.

You often want to look at all processes. You can do this using the command ps -el. A number of options available with the ps command control what information gets printed. A few of them are listed in Table 5.5.

Table 5.5. ps Command Options




Lists information for all processes. Identical to the -e option.


Lists information about all the most frequently requested processes. Processes not associated with a terminal will not be listed.


Lists information about every process on the system.


Generates a full listing.


Generates a long listing.


Prints the number of the processor to which the process is bound, if any, under an additional column header PSR. This is a useful option on systems that have multiple processors.

-u <username>

Lists only process data for a particular user. In the listing, the numerical user ID is printed unless you give the -f option, which prints the login name.

For a complete list of options to the ps command, refer to the Solaris online manual pages.


sort Command The sort command is useful when you're looking at system processes. Use the sort command as the pipe output to sort by size or PID. For example, to sort by the SZ field, use the command ps -el | sort +9 (remember, sort starts numbering fields with 0).


The pgrep command replaces the combination of the ps, grep, egrep, and awk commands that were used to manage processes in earlier releases of Solaris. The pgrep command examines the active processes on the system and reports the process IDs of the processes whose attributes match the criteria you specify on the command line. The command syntax for the pgrep command is shown here:

pgrep <options> <pattern>

pgrep options are described in Table 5.6.

Table 5.6. pgrep Options



-d <delim>

Specifies the output delimiter string to be printed between each matching process ID. If no -d option is specified, the default is a newline character.


The regular expression pattern should be matched against the full process argument string. If no -f option is specified, the expression is matched only against the name of the executable file.

-g <pgrplist>

Matches only processes whose process group ID is in the given list.

-G <gidlist>

Matches only processes whose real group ID is in the given list. Each group ID may be specified as either a group name or a numerical group ID.


Long output format. Prints the process name along with the process ID of each matching process.


Matches only the newest (most recently created) process that meets all other specified matching criteria.

-P <ppidlist>

Matches only processes whose parent process ID is in the given list.

-s <sidlist>

Matches only processes whose process session ID is in the given list.

-t <termlist>

Matches only processes that are associated with a terminal in the given list. Each terminal is specified as the suffix following /dev/ of the terminal's device pathname in /dev (for example, term/a or pts/0).

-u <euidlist>

Matches only processes whose effective user ID is in the given list. Each user ID may be specified as either a login name or a numerical user ID.

-U <uidlist>

Matches only processes whose real user ID is in the given list. Each user ID may be specified as either a login name or a numerical user ID.


Matches all processes except those that meet the specified matching criteria.


Considers only processes whose argument string or executable filename exactly matches the specified pattern.


A pattern to match against either the executable filename or full process argument string.

For example, the following pgrep command finds all processes that have "dt" in the process argument string:

pgrep -l -f "dt"

The system responds with this:

  500 /usr/dt/bin/dtlogin -daemon
16224 ./dtterm
  438 /usr/dt/bin/dtlogin -daemon
  448 /usr/openwin/bin/Xsun :0 -defdepth 24 -nobanner -auth /var/dt/A:0-p_aW2a
  520 dtgreet -display :0

To find the process ID for the lpsched process, issue this command:

pgrep -l lpsched

The system responds with this:

6899 lpsched


Use the prstat command from the command line to monitor system processes. Again, like the ps command, it provides information on active processes. The difference is that you can specify whether you want information on specific processes, UIDs, CPU IDs, or processor sets. By default, prstat displays information about all processes sorted by CPU usage. Another nice feature with prstat is that the information remains on the screen and is updated periodically. The information displayed by the prstat command is described in Table 5.7.

Table 5.7. Column Headings for the prstat Command

Column Heading



The process identification (a unique number that defines the process within the kernel)


The login ID name of the owner of the process


The total virtual memory size of the process in kilobytes (K), megabytes (M), or gigabytes (G)


The resident set size of the process in kilobytes, megabytes, or gigabytes


The state of the process:


cpu<n>Process is running on CPU.


sleepProcess is waiting for an event to complete.


runProcess is in the run queue.


zombieProcess has terminated and parent is not waiting.


stopProcess is stopped.


The priority of the process


The value used in priority computation


The cumulative execution time for the process


The percentage of recent CPU time used by the process


The name of the process


The number of lightweight processes (LWPs) in the process

This section will introduce some new terminology, so Table 5.8 defines a few terms related to processing in general.

Table 5.8. Process Terminology




A technique used in an operating system for sharing a single processor among several independent jobs.

Multitasking introduces overhead because the processor spends some time choosing the next job to run and saving and restoring tasks' state. However, it reduces the worst-case time from job submission to completion compared with a simple batch system, in which each job must finish before the next one starts. Multitasking also means that while one task is waiting for some external event, the CPU is free to do useful work on other tasks.

A multitasking operating system should provide some degree of protection of one task from another to prevent tasks from interacting in unexpected ways, such as accidentally modifying the contents of each other's memory areas.

The jobs in a multitasking system may belong to one or many users. This is distinct from parallel processing, in which one user runs several tasks on several processors. Time sharing is almost synonymous with multitasking, but it implies that there is more than one user.

Parallel processing

The simultaneous use of more than one CPU to solve a problem. The processors either may communicate to cooperate in solving a problem or may run completely independently, possibly under the control of another processor that distributes work to the others and collects results from them.


Multithreaded is a process that has multiple flows (threads) of control. The traditional Unix process contained, and still contains, a single thread of control. Multithreading (MT) separates a process into many execution threads, each of which runs independently. For more information, see the Multithreaded Programming Guide at Part number 816-5137-10.

Lightweight process (LWP)

A single-threaded subprocess. LWPs are scheduled by the kernel to use available CPU resources based on their scheduling class and priority. LWPs include a kernel thread, which contains information that must be in memory all the time, and a LWP, which contains information that is swappable. A process can consist of multiple LWPs and multiple application threads. A lightweight process is somewhere between a thread and a full process.

Application thread

A series of instructions with a separate stack that can execute independently in a user's address space. The threads can be multiplexed on top of LWPs.

Address space

The range of addresses that a processor or process can access, or at which a device can be accessed. The term may refer to either a physical address or a virtual address. The size of a processor's address space depends on the width of the processor's address bus and address registers. Processes running in 32-bit mode have a 4 gigabyte address space (232 bytes) and processes running in 64-bit mode have a 16 terabyte (264 bytes) address space.

Shared memory

Usually refers to RAM, which can be accessed by more than one process in a multitasking operating system with memory protection.

The syntax for the prstat command is as follows:

prstat [options] <count> <interval>

Table 5.9 describes a few of the prstat command options and arguments.

Table 5.9. prstat Options and Arguments



prstat Options


Displays separate reports about processes and users at the same time.


Continuously prints new reports beneath previous reports instead of overwriting them.

-j <projlist>

Reports only processes or LWPs whose project ID is in the given list. Each project ID can be specified as either a project name or a numerical project ID.


Reports information about processes and projects.

-k <tasklist>

Reports only processes or LWPs whose task ID is in tasklist.


Reports microstate process accounting information. In addition to all fields listed in -v mode, this mode also includes the percentage of time the process has spent processing system traps, text page faults, and data page faults, and waiting for user locks and waiting for CPU (latency time).

-n <nproc>

Restricts the number of output lines. The <nproc> argument specifies how many lines of process or LWP statistics are reported.

-p <pidlist>

Reports only processes that have a PID in the given list.

-P <cpulist>

Reports only processes or LWPs that have most recently executed on a CPU in the given list. The <cpulist> argument identifies each CPU by an integer as reported by psrinfo.

-S <key>

Sorts output lines by <key> in descending order. Values for <key> can be

cpuSorts by process CPU usage. This is the default.

timeSorts by process execution time.

sizeSorts by size of process image.

rssSorts by resident set size.

priSorts by process priority.

-s <key>

Sorts output lines by <key> in ascending order. See the -S option for a list of valid keys to use.


Reports total usage summary for each user.

-u <uidlist>

Reports only processes whose effective user ID is in the given list. The value for <uidlist> may be specified as either a login name or a numerical user ID.

-U <uidlist>

Reports only processes whose real user ID is in the given list. The value for <uidlist> may be specified as either a login name or a numerical user ID.

prstat Arguments


Specifies the number of times that the statistics are repeated. By default, prstat reports statistics until a termination signal is received.


Specifies the sampling interval in seconds; the default interval is 5 seconds.


psrinfo Command psrinfo displays one line for each configured processor, displaying whether it is online, non-interruptible, offline, or powered off, as well as when that status last changed.

The following example uses the prstat command to view the four most active root processes running. The -n option is used here to restrict the output to the top four processes. The next number, 5, specifies the sampling interval in seconds, and the last number, 3, runs the command three times:

prstat -u root -n 4 5 3

The system displays the following output:

4375 root     4568K 4344K cpu0    59    0   0:00:00 0.4% prstat/1
4298 root     7088K 5144K sleep   59    0   0:00:02 0.2% dtterm/1
 304 root     2304K 1904K sleep   59    0   0:02:35 0.0% mibiisa/7
 427 root     1832K 1304K sleep   59    0   0:00:00 0.0% rpc.rstatd/1
Total: 53 processes, 111 lwps, load averages: 0.02, 0.01, 0.01

The output updates on your display five times every three seconds.

I described projects in Chapter 4, "User and Security Administration," where user accounts can be assigned to project groups. These projects can also be used to label workloads and separate projects and a project's related processes from one another.

The project provides a networkwide administrative identifier for related work. A project consists of tasks, which collect a group of processes into a manageable entity that represents a workload component.

You can use the prstat command with the -J option to monitor the CPU usage of projects and the -k option to monitor tasks across your system. Therefore, you can have prstat report on the processes related to a project rather than just list all system processes. In addition, the system administrator can set processing limits on the project, such as setting a limit on the total amount of physical memory, in bytes, that is available to processes in the project. For more information on projects and resource capping, read the man pages on the following commands: rcapd(1M), project(4), rcapstat(1), and rcapadm(1M).

Process Manager

In the Desktop Environment (CDE & JAVA Desktop) you have access to the Process Manager GUI, sdtprocess, a graphical tool that provides a process manager window for monitoring and controlling system processes.

Exam Alert

The exam will most likely ask you about the command-line tools used to manage system processes, such as kill, pkill, pargs, and pgrep. You only need to understand that GUI tools can be used to manage processes and you should be prepared to identify these GUI tools.

The advantage of using the Process Manager is that you can view and control processes without knowing all the complex options associated with the ps and kill commands. For example, you can display processes that contain specific character strings, and you can sort the process list alphabetically or numerically. You can initiate a search using the find command, or you can terminate a process simply by highlighting it and clicking kill.

To open the Process Manager, you need to log into the Desktop windowing environment. You can start the GUI by executing the command sdtprocess, as follows:

sdtprocess &

Or, you can click Find Process on the Tools subpanel, as shown in Figure 5.1.

Figure 5.1. Front panel.

The Process Manager window opens, as shown in Figure 5.2.

Figure 5.2. Process Manager window.

Each process attribute in the header of the Process Manager window provides detailed information about the process and is described in Table 5.10.

Table 5.10. Process Manager Window

Column Heading



Process ID


Process name


Login ID name of the owner of the process


Ratio of CPU time available in the same period, expressed as a percentage


Amount of RAM currently occupied by this process


Total swap size in virtual memory


Actual start time (or date, if other than current)


Process ID of parent process, or PPID


Actual Unix command (truncated) being executed

Click any of the column headings to sort the processes by that attribute. For example, click the CPU heading to sort all processes by their CPU usage. The list updates every 30 seconds, but you can enter a value in the Sampling field to update the list as frequently as you like. Finally, you can enter a text string that is common to the process entries of all the processes you want to display in the Find drop-down menu. In Figure 5.3, I entered "root" in the Find field to display all processes owned by root. I also changed the sampling rate to every 5 seconds and clicked the CPU heading to sort processes by their CPU usage.

Figure 5.3. Sorted Process Manager window.

Another nice feature of the Process Manager is the capability to display the ancestry of a process. When a Unix process initiates one or more processes, these are child processes, or children. Child and parent processes have the same user ID. To view a parent process and all the child processes that belong to it, highlight the process in the Process Manager window. Click Process from the toolbar at the top of the window and select Show Ancestry, as shown in Figure 5.4.

Figure 5.4. Selecting Show Ancestry.

The window shown in Figure 5.5 displays showing all the processes belonging to the parent.

Figure 5.5. Show Ancestry window.

The command-line equivalent to the Ancestry selection in the Process Manager is the ptree command. Use this command when you don't have a graphical display terminal. The ptree command displays the process ancestry trees containing the specified PIDs or users. The child processes are displayed indented from their respective parent processes. For example, here is the process tree for the -sh process, which has a PID of 293:

ptree 293

The system responds with this:

293 /usr/dt/bin/dtlogin -daemon
  316   /usr/dt/bin/dtlogin -daemon
    333   /bin/ksh /usr/dt/bin/Xsession
      376   /usr/dt/bin/sdt_shell -c  unset DT;DISPLAY=:0;/usr/dt/bin/dt
        379  -sh -c unset DT; DISPLAY=:0; usr/dt/bin/dtsession_res - \
          392   /usr/dt/bin/dtsession
            402   /usr/dt/bin/dtterm -session dthIaGth -C -ls
              418   -sh

SMC Process Tool

The Solaris Management Console (SMC) includes a GUI called the Process Tool, which is used for viewing and managing processes, similar to the Desktop Process Manager tool described in the previous section. You can use the job scheduler tool to

  • Suspend a process

  • Resume a suspended process

  • Kill a process

  • Display information about a process

To open the Process Tool, follow Step by Step 5.1.

Step By Step 5.1: Opening the Process Tool

Start up the Solaris Management Console by typing


The SMC Welcome window appears as shown in Figure 5.6.

Figure 5.6. SMC Welcome Window.

In the SMC navigation pane, open the Process Tool by clicking on the This Computer icon, then click on the System Status icon, then click on the Processes icon as shown in Figure 5.7.

Figure 5.7. Opening the Job Scheduler.

The Process Tool displays as shown in Figure 5.8

Figure 5.8. Process Tool.

The Process Tool works much the same way as the Process Manager tool described earlier.


The pargs command is used from the command line to examine the arguments and environment variables of a process (or number of processes). pargs can also be used to examine core files.

The syntax for the pargs command is as follows:

pargs [options] pid | core

Table 5.11 describes the pargs command options and arguments.

Table 5.11. pargs Options and Arguments




Prints the process arguments.


Treats strings in the target process as though they were encoded in 7-bit ASCII.


Prints process environment variables and values.


Force. Grabs the target process even if another process has control.


Prints process auxiliary vector.


Process ID list. The PID list can be a single process ID or multiple PIDs separated by a space.


Processes a core file.

For example, use the pargs command to view all of the environment variables associated with the telnetd process, I first need to find the PID of the telnetd process using pgrep as follows:

# pgrep telnetd

Next, I issue the pargs command using the PID for the telnetd process as an argument:

# pargs -e 16173

The system responds with

16173:  /usr/sbin/in.telnetd
envp[0]: SMF_RESTARTER=svc:/network/inetd:default
envp[1]: SMF_FMRI=svc:/network/telnet:default
envp[2]: SMF_METHOD=inetd_start
envp[3]: PATH=/usr/sbin:/usr/bin
envp[4]: TZ=US/Michigan


The Service Management Facility (SMF) was described in Chapter 3, "Perform System Startup and Shutdown Procedures," so I won't be redundant by describing it again here. However, this is just a reminder that you can use the svcs command with the -p option to list all processes associated with each service instance.

Previous Page
Next Page