NAME
ps —
process status
SYNOPSIS
ps |
[-AaCcdehjlmrSsTuvwx]
[-k key]
[-M core]
[-N
system]
[-O fmt]
[-o fmt]
[-p pid]
[-t tty]
[-U user]
[-W
swap] |
DESCRIPTION
ps displays a header line followed by lines containing
information about running processes. By default, the display includes only
processes that have controlling terminals and are owned by your uid. The
default sort order of controlling terminal and (among processes with the same
controlling terminal) process ID may be changed using the
-k,
-m, or
-r options.
The information displayed for each process is selected based on a set of
keywords (see the
-L,
-O, and
-o options). The default output format includes, for each
process, the process' ID, controlling terminal, CPU time (including both user
and system time), state, and associated command.
The options are as follows:
-
-
- -A
- Display information about all processes. This is equivalent
to -a -x.
-
-
- -a
- Display information about other users' processes as well as
your own. Note that this does not display information about processes
without controlling terminals.
-
-
- -C
- Change the way the CPU percentage is calculated by using a
“raw” CPU calculation that ignores “resident” time
(this normally has no effect).
-
-
- -c
- Do not display full command with arguments, but only the
executable name. This may be somewhat confusing; for example, all
sh(1) scripts will show as
“sh”.
-
-
- -d
- Arrange processes into descendancy order and prefix each
command with indentation text showing sibling and parent/child
relationships. If either of the -m and
-r options are also used, they control how sibling
processes are sorted relative to each other.
-
-
- -e
- Display the environment as well. The environment for other
users' processes can only be displayed by the super-user.
-
-
- -h
- Repeat the information header as often as necessary to
guarantee one header per page of information.
-
-
- -j
- Print information associated with the following keywords:
user, pid,
ppid, pgid,
sess, jobc,
state, tt,
time, and command.
-
-
- -k
key
- Sort the output using the space or comma separated list of
keywords. Multiple sort keys may be specified, using any of the
-k, -m, or -r
options. The default sort order is equivalent to -k
tdev,pid.
-
-
- -L
- List the set of available keywords.
-
-
- -l
- Display information associated with the following keywords:
uid, pid,
ppid, cpu,
pri, nice,
vsz, rss,
wchan, state,
tt, time, and
command.
-
-
- -M
core
- Extract values from the specified core file instead of the
running system.
-
-
- -m
- Sort by memory usage. This is equivalent to
-k vsz.
-
-
- -N
system
- Extract the name list from the specified system instead of
the default, “/netbsd”. Ignored unless
-M is specified.
-
-
- -O
fmt
- Display information associated with the space or comma
separated list of keywords specified. The -O option does
not suppress the default display; it inserts additional keywords just
after the pid keyword in the default display, or
after the pid keyword (if any) in a non-default
display specified before the first use of the -O flag.
Keywords inserted by multiple -O options will be
adjacent.
An equals sign (“=”) followed by a customised header string may
be appended to a keyword, as described in more detail under the
-o option.
-
-
- -o
fmt
- Display information associated with the space or comma
separated list of keywords specified. Use of the -o
option suppresses the set of keywords that would be displayed by default,
or appends to the set of keywords specified by other options.
An equals sign (“=”) followed by a customised header string may
be appended to a keyword. This causes the printed header to use the
specified string instead of the default header associated with the
keyword.
Everything after the first equals sign is part of the customised header
text, and this may include embedded spaces (“ ”), commas
(“,”), or equals signs (“=”). To specify multiple
keywords with customised headers, use multiple -o or
-O options.
If all the keywords to be displayed have customised headers, and all the
customised headers are entirely empty, then the header line is not printed
at all.
-
-
- -p
pid
- Display information associated with the specified process
ID.
-
-
- -r
- Sort by current CPU usage. This is equivalent to
-k %cpu.
-
-
- -S
- Change the way the process time is calculated by summing
all exited children to their parent process.
-
-
- -s
- Display one line for each LWP, rather than one line for
each process, and display information associated with the following
keywords: uid, pid,
ppid, cpu,
lid, nlwp,
pri, nice,
vsz, rss,
wchan, lstate,
tt, time, and
command.
-
-
- -T
- Display information about processes attached to the device
associated with the standard input.
-
-
- -t
tty
- Display information about processes attached to the
specified terminal device. Use a question mark (“?”) for
processes not attached to a terminal device and a minus sign
(“-”) for processes that have been revoked from their terminal
device.
-
-
- -U
user
- Display processes belonging to the specified user, given
either as a user name or a uid.
-
-
- -u
- Display information associated with the following keywords:
user, pid,
%cpu, %mem,
vsz, rss,
tt, state,
start, time, and
command. The -u option implies the
-r option.
-
-
- -v
- Display information associated with the following keywords:
pid, state,
time, sl,
re, pagein,
vsz, rss,
lim, tsiz,
%cpu, %mem, and
command. The -v option implies the
-m option.
-
-
- -W
swap
- Extract swap information from the specified file instead of
the default, “/dev/drum”. Ignored unless
-M is specified.
-
-
- -w
- Use 132 columns to display information instead of the
default, which is your window size. If the -w option is
specified more than once, ps will use as many columns as
necessary without regard to your window size.
-
-
- -x
- Also display information about processes without
controlling terminals.
A complete list of the available keywords are listed below. Some of these
keywords are further specified as follows:
-
-
- %cpu
- The CPU utilization of the process; this is a decaying
average over up to a minute of previous (real) time. Since the time base
over which this is computed varies (since processes may be very young) it
is possible for the sum of all %CPU fields to exceed 100%.
-
-
- %mem
- The percentage of real memory used by this process.
-
-
- flags
- The flags (in hexadecimal) associated with the process as
in the include file
<sys/proc.h>:
P_ADVLOCK |
0x00000001 |
process may hold a POSIX advisory lock |
P_CONTROLT |
0x00000002 |
process has a controlling terminal |
P_NOCLDSTOP |
0x00000008 |
no SIGCHLD
when children stop |
P_PPWAIT |
0x00000010 |
parent is waiting for child to exec/exit |
P_PROFIL |
0x00000020 |
process has started profiling |
P_SELECT |
0x00000040 |
selecting; wakeup/waiting danger |
P_SINTR |
0x00000080 |
sleep is interruptible |
P_SUGID |
0x00000100 |
process had set id privileges since last exec |
P_SYSTEM |
0x00000200 |
system process: no sigs or stats |
P_TIMEOUT |
0x00000400 |
timing out during sleep |
P_TRACED |
0x00000800 |
process is being traced |
P_WAITED |
0x00001000 |
debugging process has waited for child |
P_WEXIT |
0x00002000 |
working on exiting |
P_EXEC |
0x00004000 |
process called
execve(2) |
P_OWEUPC |
0x00008000 |
owe process an addupc() call at next ast |
P_FSTRACE |
0x00010000 |
tracing via file system |
P_NOCLDWAIT |
0x00020000 |
no zombies when children die |
P_32 |
0x00040000 |
32-bit process (used on 64-bit kernels) |
P_BIGLOCK |
0x00080000 |
process needs kernel ``big lock'' to run |
P_INEXEC |
0x00100000 |
process is exec'ing and cannot be traced |
-
-
- lim
- The soft limit on memory used, specified via a call to
setrlimit(2).
-
-
- lstart
- The exact time the command started, using the
“%c” format described in
strftime(3).
-
-
- nice
- The process scheduling increment (see
setpriority(2)).
-
-
- rss
- the real memory (resident set) size of the process (in 1024
byte units).
-
-
- start
- The time the command started. If the command started less
than 24 hours ago, the start time is displayed using the
“%l:%M%p” format described in
strftime(3). If the
command started less than 7 days ago, the start time is displayed using
the “%a%p” format. Otherwise, the start time is displayed
using the “%e%b%y” format.
-
-
- state
- The state is given by a sequence of letters, for example,
“RNs”. The first letter indicates the run state of the
process:
- D
- Marks a process in device or other short term,
uninterruptible wait.
- I
- Marks a process that is idle (sleeping interruptibly
for longer than about
MAXSLP
(default 20)
seconds).
- O
- Marks a process running on a processor.
- R
- Marks a runnable process, or one that is in the process
of creation.
- S
- Marks a process that is sleeping interruptibly for less
than about
MAXSLP
(default 20) seconds.
- T
- Marks a stopped process.
- U
- Marks a suspended process.
- Z
- Marks a dead process that has exited, but not been
waited for (a “zombie”).
Additional characters after these, if any, indicate additional state
information:
- +
- The process is in the foreground process group of its
control terminal.
- -
- The LWP is detached (can't be waited for).
- <
- The process has raised CPU scheduling priority.
- a
- The process is using scheduler activations
(deprecated).
- E
- The process is in the process of exiting.
- K
- The process is a kernel thread or system process.
- l
- The process has multiple LWPs.
- N
- The process is niced (has reduced CPU scheduling
priority) (see
setpriority(2)).
- s
- The process is a session leader.
- V
- The process is suspended during a
vfork(2).
- X
- The process is being traced or debugged.
-
-
- tt
- An abbreviation for the pathname of the controlling
terminal, if any. The abbreviation consists of the two letters following
“/dev/tty” or, for the console,
“co”. This is followed by a “-” if the process can
no longer reach that controlling terminal (i.e., it has been
revoked).
-
-
- wchan
- The event (an address in the system) on which a process
waits. When printed numerically, the initial part of the address is
trimmed off and the result is printed in hex, for example, 0x80324000
prints as 324000.
When printing using the
command keyword, a process that
has exited and has a parent that has not yet waited for the process (in other
words, a zombie) is listed as “⟨defunct⟩”, and a
process which is blocked while trying to exit is listed as
“⟨exiting⟩”.
ps will try to locate the processes' argument vector from the
user area in order to print the command name and arguments. This method is not
reliable because a process is allowed to destroy this information. The
ucomm (accounting) keyword will always contain the real
command name as contained in the process structure's
p_comm field.
If the command vector cannot be located (usually because it has not been set, as
is the case of system processes and/or kernel threads) the command name is
printed within square brackets.
To indicate that the argument vector has been tampered with,
ps will append the real command name to the output within
parentheses if the basename of the first argument in the argument vector does
not match the contents of the real command name.
In addition,
ps checks for the following two situations and
does not append the real command name parenthesized:
-
-
- -shellname
- The login process traditionally adds a ‘-’ in
front of the shell name to indicate a login shell. ps
will not append parenthesized the command name if it matches with the name
in the first argument of the argument vector, skipping the leading
‘-’.
-
-
- daemonname:
current-activity
- Daemon processes frequently report their current activity
by setting their name to be like “daemonname:
current-activity”. ps will not append
parenthesized the command name, if the string preceding the
‘:’ in the first argument of the argument vector matches the
command name.
KEYWORDS
The following is a complete list of the available keywords and their meanings.
Several of them have aliases (keywords which are synonyms).
- %cpu
- percentage CPU usage (alias
pcpu)
- %mem
- percentage memory usage (alias
pmem)
- acflag
- accounting flag (alias acflg)
- comm
- command (the argv[0] value)
- command
- command and arguments (alias
args)
- cpu
- short-term CPU usage factor (for scheduling)
- cpuid
- CPU number the current process or lwp is running on.
- ctime
- accumulated CPU time of all children that have exited
- egid
- effective group id
- egroup
- group name (from egid)
- emul
- emulation name
- etime
- elapsed time since the process was started, in the form
[[dd-]hh:]mm:ss
- euid
- effective user id
- euser
- user name (from euid)
- flags
- the process flags, in hexadecimal (alias
f)
- gid
- effective group id
- group
- group name (from gid)
- groupnames
- group names (from group access list)
- groups
- group access list
- inblk
- total blocks read (alias
inblock)
- jobc
- job control count
- ktrace
- tracing flags
- ktracep
- tracing vnode
- laddr
- kernel virtual address of the struct lwp belonging to the
LWP.
- lid
- ID of the LWP
- lim
- memory use limit
- lname
- descriptive name of the LWP
- logname
- login name of user who started the process (alias
login)
- lstart
- time started
- lstate
- symbolic LWP state
- ltime
- CPU time of the LWP
- majflt
- total page faults
- minflt
- total page reclaims
- msgrcv
- total messages received (reads from pipes/sockets)
- msgsnd
- total messages sent (writes on pipes/sockets)
- nice
- nice value (alias ni)
- nivcsw
- total involuntary context switches
- nlwp
- number of LWPs in the process
- nsigs
- total signals taken (alias
nsignals)
- nvcsw
- total voluntary context switches
- nwchan
- wait channel (as an address)
- oublk
- total blocks written (alias
oublock)
- p_ru
- resource usage pointer (valid only for zombie)
- paddr
- kernel virtual address of the struct proc belonging to the
process.
- pagein
- pageins (same as majflt)
- pgid
- process group number
- pid
- process ID
- ppid
- parent process ID
- pri
- scheduling priority
- re
- core residency time (in seconds; 127 = infinity)
- rgid
- real group ID
- rlink
- reverse link on run queue, or 0
- rlwp
- number of LWPs on a processor or run queue
- rss
- resident set size
- rsz
- resident set size + (text size / text use count) (alias
rssize)
- ruid
- real user ID
- ruser
- user name (from ruid)
- sess
- session pointer
- sid
- session ID
- sig
- pending signals (alias pending)
- sigcatch
- caught signals (alias caught)
- sigignore
- ignored signals (alias ignored)
- sigmask
- blocked signals (alias blocked)
- sl
- sleep time (in seconds; 127 = infinity)
- start
- time started
- state
- symbolic process state (alias
stat)
- stime
- accumulated system CPU time
- svgid
- saved gid from a setgid executable
- svgroup
- group name (from svgid)
- svuid
- saved uid from a setuid executable
- svuser
- user name (from svuid)
- tdev
- control terminal device number
- time
- accumulated CPU time, user + system (alias
cputime)
- tpgid
- control terminal process group ID
- tsess
- control terminal session pointer
- tsiz
- text size (in Kbytes)
- tt
- control terminal name (two letter abbreviation)
- tty
- full name of control terminal
- uaddr
- kernel virtual address of the struct user belonging to the
LWP.
- ucomm
- name to be used for accounting
- uid
- effective user ID
- upr
- scheduling priority on return from system call (alias
usrpri)
- user
- user name (from uid)
- utime
- accumulated user CPU time
- vsz
- virtual size in Kbytes (alias
vsize)
- wchan
- wait channel (as a symbolic name)
- xstat
- exit or stop status (valid only for stopped or zombie
process)
FILES
- /dev
- special files and device names
- /dev/drum
- default swap device
- /var/run/dev.cdb
- /dev name database
- /var/db/kvm.db
- system name list database
- /netbsd
- default system name list
SEE ALSO
kill(1),
pgrep(1),
pkill(1),
sh(1),
w(1),
kvm(3),
strftime(3),
dev_mkdb(8),
pstat(8)
HISTORY
A
ps utility appeared in
Version 3
AT&T UNIX in section 8 of the manual.
BUGS
Since
ps cannot run faster than the system and is run as any
other scheduled process, the information it displays can never be exact.