UNIX processes are created when one process calls fork, which splits the running executable into two. The process can then execute one of the system calls in the exec family, which replaces the current running image with the new one.

When the parent process dies, all its children are adopted by init, which is PID 1. If the child dies before the parent, a signal is sent to the parent, and then the child moves to a zombie state until the signal is acknowledged, or the parent process is killed.

Now that you understand how processes are created and destroyed, you’re better equipped to deal with the processes running your system, especially those that make heavy use of multiple processes, such as Apache. Being able to follow the process tree for a particular process also lets you track any application back to the process that created it, should you need to do some troubleshooting.

Related Post