1. Overview
In Linux systems, it is very important for us to know the structural relation between the parent and child processes. We can use the pstree command to get a deep insight into the hierarchy of the running processes. It provides a structured view of the processes in a tree-like structure.
In this tutorial, we’ll explore the use of pstree to know the relation among various processes.
2. pstree Installation
pstree command utility is mostly preinstalled on all Linux systems. However, in some restricted environments, we need to install it separately. To understand, let’s explore the command to install pstree:
$ sudo apt-get install psmiscIn the above command, we can see that we installed psmisc as pstree is part of the psmisc package. Once the installation is done, we can use it to view the process structure, hence it could be used for process monitoring as well.
3. View the Entire Process Tree
On running pstree without any argument, it provides the details of all the processes running inside the machine starting from the root process. Typically, the root process is named systemd or init process and later branches out to the child process. At the top of the pstree output, we’ll always find the root process, which serves as the starting point for all the processes running inside the system.
3.1. Navigation of the Tree
As we explore more the output of the pstree, we notice that the processes are organised hierarchically. Child processes are always beneath the parent processes. This forms a visual representation of the processes. This overall helps us to find the direct relation between the various processes. Let’s look at the command to view the entire process tree:
$ pstree
-+= 00001 root /sbin/launchd
|--= 00101 root /usr/libexec/logd
|--= 00103 root /usr/libexec/UserEventAgent (System)
|--= 00105 root /System/Library/PrivateFrameworks/Uninstall.framework/Resources/uninstalld
|--= 00106 root /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/
|-+= 91573 admin /Applications/Sublime Text.app/Contents/MacOS/Sublime Text
| \--- 91579 admin /Applications/Sublime Text.app/Contents/MacOS/plugin_host 91573 --auto-shell-envIn the above output, we can see the hierarchical tree structure of all the processes with the child processes for each process. On Linux systems, we often encounter vulnerable or malicious processes. So in such situations, it helps us identify malicious processes and kill them safely.
3.2. Focusing on a Specific Process
pstree provides details of all the processes but we can also use pstree to examine a specific process. We can provide a process ID (PID) along with the pstree command. Let’s look at the pstree command with a specific PID to view the structure results:
$ pstree 91573
-+= 91573 admin /Applications/Sublime Text.app/Contents/MacOS/Sublime Text
\--- 91579 admin /Applications/Sublime Text.app/Contents/MacOS/plugin_host 91573 --auto-shell-envIn the above output, we can see the tree structure of the sublime process. We can find the PID of the sublime process using the ps or top command and then pass it to the pstree command to get full process details. The pstree structure starts with the main process PID detail and later reveals the sub-process details. We can traverse into the multiple levels of the pstree by executing the pstree on the main process and then later on a specific child process.
4. Conclusion
In this article, we explored the use of pstree to get an insight into parent and child processes. First, we looked at the installation of the pstree utility. After that, we explored pstree with an argument-specific PID.
In short, we covered all the steps required to install the pstree utility and use the pstree command to view the process details. Moreover, this helps us in monitoring the process by providing the details of all its child processes.