Get Parent Processes and Subprocesses with pstree

Last updated: March 18, 2024

Reviewed by: Michal Aibin
Baeldung Pro – Linux – NPI EA (cat = Baeldung on Linux)
announcement - icon

Learn through the super-clean Baeldung Pro experience:

>> Membership and Baeldung Pro.

No ads, dark-mode and 6 months free of IntelliJ Idea Ultimate to start with.

Partner – Orkes – NPI EA (tag=Kubernetes)
announcement - icon

Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.

Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.

With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.

Try a 14-Day Free Trial of Orkes Conductor today.

1. Overview

In Linux systems, it is very important for us to know the structural relation between the parent and child processes. We can use the pstree command to get a deep insight into the hierarchy of the running processes. It provides a structured view of the processes in a tree-like structure.

In this tutorial, we’ll explore the use of pstree to know the relation among various processes.

2. pstree Installation

pstree command utility is mostly preinstalled on all Linux systems. However, in some restricted environments, we need to install it separately. To understand, let’s explore the command to install pstree:

$ sudo apt-get install psmisc

In the above command, we can see that we installed psmisc as pstree is part of the psmisc package. Once the installation is done, we can use it to view the process structure, hence it could be used for process monitoring as well.

3. View the Entire Process Tree

On running pstree without any argument, it provides the details of all the processes running inside the machine starting from the root process. Typically, the root process is named systemd or init process and later branches out to the child process. At the top of the pstree output, we’ll always find the root process, which serves as the starting point for all the processes running inside the system.

3.1. Navigation of the Tree

As we explore more the output of the pstree, we notice that the processes are organised hierarchically. Child processes are always beneath the parent processes. This forms a visual representation of the processes. This overall helps us to find the direct relation between the various processes. Let’s look at the command to view the entire process tree:

$ pstree
-+= 00001 root /sbin/launchd
 |--= 00101 root /usr/libexec/logd
 |--= 00103 root /usr/libexec/UserEventAgent (System)
 |--= 00105 root /System/Library/PrivateFrameworks/Uninstall.framework/Resources/uninstalld
 |--= 00106 root /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/
 |-+= 91573 admin /Applications/Sublime Text.app/Contents/MacOS/Sublime Text
 | \--- 91579 admin /Applications/Sublime Text.app/Contents/MacOS/plugin_host 91573 --auto-shell-env

In the above output, we can see the hierarchical tree structure of all the processes with the child processes for each process. On Linux systems, we often encounter vulnerable or malicious processes. So in such situations, it helps us identify malicious processes and kill them safely.

3.2. Focusing on a Specific Process

pstree provides details of all the processes but we can also use pstree to examine a specific process. We can provide a process ID (PID) along with the pstree command. Let’s look at the pstree command with a specific PID to view the structure results:

$ pstree 91573       
-+= 91573 admin /Applications/Sublime Text.app/Contents/MacOS/Sublime Text
 \--- 91579 admin /Applications/Sublime Text.app/Contents/MacOS/plugin_host 91573 --auto-shell-env

In the above output, we can see the tree structure of the sublime process. We can find the PID of the sublime process using the ps or top command and then pass it to the pstree command to get full process details. The pstree structure starts with the main process PID detail and later reveals the sub-process details. We can traverse into the multiple levels of the pstree by executing the pstree on the main process and then later on a specific child process.

4. Conclusion

In this article, we explored the use of pstree to get an insight into parent and child processes. First, we looked at the installation of the pstree utility. After that, we explored pstree with an argument-specific PID.

In short, we covered all the steps required to install the pstree utility and use the pstree command to view the process details. Moreover, this helps us in monitoring the process by providing the details of all its child processes.