ps示例

博客PS示例

一显示指定真正用户名(RUID)或用户ID的进程

打开另外一个终端

[root@centos72 ~]# id  wang
uid=1000(wang) gid=1000(wang) groups=1000(wang)
[root@centos72 ~]# su  -  wang
Last login: Thu May  9 16:22:21 CST 2019 on pts/1
[wang@centos72 ~]$ passwd
Changing password for user wang.
Changing password for wang.
(current) UNIX password: 

uid,euid都表示有效用户是root，真正的用户是wang

因为这是因为普通用户具有suid权限

[root@centos72 ~]#  ps  axo   pid,cmd,ni,%cpu,uid,euid,ruid  |  tail
  1252 [kworker/0:2]                 0  0.0     0     0     0
  1269 [kworker/0:0]                 0  0.0     0     0     0
  1270 [kworker/1:0]                 0  0.0     0     0     0
  1273 [kworker/1:2]                 0  0.0     0     0     0
  1276 su - wang                     0  0.0     0     0     0
  1277 -bash                         0  0.0  1000  1000  1000
  1300 passwd                        0  0.1     0     0  1000
  1305 [kworker/0:1]                 0  0.0     0     0     0
  1308 ps axo pid,cmd,ni,%cpu,uid,   0  0.0     0     0     0
  1309 tail                          0  0.0     0     0     0

显示wang用户，会显示真正发起进程的用户以及有效用户

 -f: 显示完整格式程序信息

-U userlist 指定真正的用户ID或名称

从下面可以看出执行passwd进程的真正用户是root

[root@centos72 ~]# ps -fU   wang
UID         PID   PPID  C STIME TTY          TIME CMD
wang       2135   2134  0 00:49 pts/3    00:00:00 -bash
root       2195   2135  0 00:55 pts/3    00:00:00 passwd

[wang@centos72 ~]$ passwd
Changing password for user wang.
Changing password for wang.
(current) UNIX password: 

二显示指定有效用户名(RUID)或用户ID的进程

ps -fu wang 或者ps -fu 1000显示指定有效用户名(EUID)或用户ID的进程

-u userlist 指定有效的用户ID或名称

[root@centos72 ~]# ps -fu wang
UID         PID   PPID  C STIME TTY          TIME CMD
wang       2135   2134  0 00:49 pts/3    00:00:00 -bash

3100

查看以root用户权限（实际和有效ID）运行的每个进程：
ps -U   root -u root

[root@centos72 ~]# ps -U root -u root  |   head
   PID TTY          TIME CMD
     1 ?        00:00:01 systemd
     2 ?        00:00:00 kthreadd
     3 ?        00:00:00 ksoftirqd/0
     5 ?        00:00:00 kworker/0:0H
     6 ?        00:00:00 kworker/u256:0
     7 ?        00:00:00 migration/0
     8 ?        00:00:00 rcu_bh
     9 ?        00:00:00 rcu_sched
    10 ?        00:00:00 lru-add-drain

[root@centos72 ~]# ps -U root -u root  |   tail
  2053 ?        00:00:00 sshd
  2057 pts/2    00:00:00 bash
  2110 ?        00:00:00 sshd
  2114 pts/3    00:00:00 bash
  2134 pts/3    00:00:00 su
  2189 ?        00:00:00 kworker/0:0
  2195 pts/3    00:00:00 passwd
  2214 ?        00:00:00 kworker/0:2
  2227 pts/2    00:00:00 ps
  2228 pts/2    00:00:00 tail
[root@centos72 ~]# ps -U root -u root  |  wc
    108     432    3822

三列出实际组真正组拥有的所有进程（实际组ID：RGID或名称）

[wang@centos72 ~]$ passwd
Changing password for user wang.
Changing password for wang.
(current) UNIX password: 

[root@centos72 ~]# id  wang
uid=1000(wang) gid=1000(wang) groups=1000(wang)
[root@centos72 ~]# ps -fG   wang
UID         PID   PPID  C STIME TTY          TIME CMD
wang       2135   2134  0 00:49 pts/3    00:00:00 -bash
root       2195   2135  0 00:55 pts/3    00:00:00 passwd

[root@centos72 ~]# ps -fG   1000
UID         PID   PPID  C STIME TTY          TIME CMD
wang       2135   2134  0 00:49 pts/3    00:00:00 -bash
root       2195   2135  0 00:55 pts/3    00:00:00 passwd

四列出有效组名称（或会话）所拥有的所有进程

很明显实际和有效是有区别的

[wang@centos72 ~]$ passwd
Changing password for user wang.
Changing password for wang.
(current) UNIX password: 
[root@centos72 ~]# ps -fg  1000
UID         PID   PPID  C STIME TTY          TIME CMD

[root@centos72 ~]# ps -fG  1000
UID         PID   PPID  C STIME TTY          TIME CMD
wang       2135   2134  0 00:49 pts/3    00:00:00 -bash
root       2195   2135  0 00:55 pts/3    00:00:00 passwd

五通过进程ID来显示所属的进程

 -p pid 显示指pid的进程

[root@centos72 ~]# ps -fp  1
UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 00:28 ?        00:00:01 /usr/lib/systemd/systemd --switched-root --system --de

显示指定PID的多个进程：
ps -fp  多个进程编号，以逗号分开

[root@centos72 ~]# ps -fp   1,2110
UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 00:28 ?        00:00:01 /usr/lib/systemd/systemd --switched-root --system --de
root       2110    785  0 00:49 ?        00:00:00 sshd: root@pts/3

六以父进程ID来显示其下所有的进程

ps -f --ppid

[root@centos72 ~]# pstree  -p
systemd(1)─┬─NetworkManager(544)─┬─{NetworkManager}(591)
           │                     └─{NetworkManager}(593)
           ├─VGAuthService(545)
           ├─agetty(558)
           ├─auditd(515)───{auditd}(516)
           ├─crond(555)
           ├─dbus-daemon(540)───{dbus-daemon}(542)
           ├─irqbalance(538)
           ├─master(869)─┬─pickup(870)
           │             └─qmgr(871)
           ├─polkitd(539)─┬─{polkitd}(541)
           │              ├─{polkitd}(543)
           │              ├─{polkitd}(569)
           │              ├─{polkitd}(570)
           │              └─{polkitd}(573)
           ├─rsyslogd(787)─┬─{rsyslogd}(790)
           │               └─{rsyslogd}(791)
           ├─sshd(785)─┬─sshd(1421)───bash(1425)
           │           ├─sshd(1916)───bash(1920)
           │           ├─sshd(2053)───bash(2057)───pstree(2255)
           │           └─sshd(2110)───bash(2114)───su(2134)───bash(2135)───passwd(2195)
           ├─systemd-journal(357)
           ├─systemd-logind(548)
           ├─systemd-udevd(388)
           ├─tuned(784)─┬─{tuned}(1026)
           │            ├─{tuned}(1027)
           │            ├─{tuned}(1028)
           │            └─{tuned}(1041)
           └─vmtoolsd(546)───{vmtoolsd}(580)

第1个进程的子进程

[root@centos72 ~]# ps -f --ppid   1
UID         PID   PPID  C STIME TTY          TIME CMD
root        357      1  0 00:28 ?        00:00:00 /usr/lib/systemd/systemd-journald
root        388      1  0 00:28 ?        00:00:01 /usr/lib/systemd/systemd-udevd
root        515      1  0 00:28 ?        00:00:00 /sbin/auditd
root        538      1  0 00:28 ?        00:00:00 /usr/sbin/irqbalance --foreground
polkitd     539      1  0 00:28 ?        00:00:00 /usr/lib/polkit-1/polkitd --no-debug
dbus        540      1  0 00:28 ?        00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --nof
root        544      1  0 00:28 ?        00:00:00 /usr/sbin/NetworkManager --no-daemon
root        545      1  0 00:28 ?        00:00:00 /usr/bin/VGAuthService -s
root        546      1  0 00:28 ?        00:00:02 /usr/bin/vmtoolsd
root        548      1  0 00:28 ?        00:00:00 /usr/lib/systemd/systemd-logind
root        555      1  0 00:28 ?        00:00:00 /usr/sbin/crond -n
root        558      1  0 00:28 tty1     00:00:00 /sbin/agetty --noclear tty1 linux
root        784      1  0 00:28 ?        00:00:00 /usr/bin/python -Es /usr/sbin/tuned -l -P
root        785      1  0 00:28 ?        00:00:00 /usr/sbin/sshd -D
root        787      1  0 00:28 ?        00:00:00 /usr/sbin/rsyslogd -n
root        869      1  0 00:28 ?        00:00:00 /usr/libexec/postfix/master -w

           ├─sshd(785)─┬─sshd(1421)───bash(1425)
           │           ├─sshd(1916)───bash(1920)
           │           ├─sshd(2053)───bash(2057)───pstree(2261)
           │           └─sshd(2110)───bash(2114)───su(2134)───bash(2135)───passwd(2195)
           ├─systemd-journal(357)
           ├─systemd-logind(548)
           ├─systemd-udevd(388)
           ├─tuned(784)─┬─{tuned}(1026)
           │            ├─{tuned}(1027)
           │            ├─{tuned}(1028)
           │            └─{tuned}(1041)
           └─vmtoolsd(546)───{vmtoolsd}(580)
[root@centos72 ~]# ps -f --ppid   785
UID         PID   PPID  C STIME TTY          TIME CMD
root       1421    785  0 00:29 ?        00:00:00 sshd: root@pts/0
root       1916    785  0 00:34 ?        00:00:00 sshd: root@pts/1
root       2053    785  0 00:39 ?        00:00:00 sshd: root@pts/2
root       2110    785  0 00:49 ?        00:00:00 sshd: root@pts/3

七按tty显示所属进程:ps -ft

好处就是杀死非法的终端进程

实际上只要把父进程杀死就可以了

[root@centos72 ~]# tty
/dev/pts/2
[root@centos72 ~]# ps -ft
   PID TTY      STAT   TIME COMMAND
  2057 pts/2    Ss     0:00 -bash
  2265 pts/2    R+     0:00  \_ ps -ft
[root@centos72 ~]# 
[root@centos72 ~]# 
[root@centos72 ~]# ps -ft  /dev/pts/2
UID         PID   PPID  C STIME TTY          TIME CMD
root       2057   2053  0 00:39 pts/2    00:00:00 -bash
root       2269   2057  0 01:22 pts/2    00:00:00 ps -ft /dev/pts/2
[root@centos72 ~]# ps -ft  pts/2
UID         PID   PPID  C STIME TTY          TIME CMD
root       2057   2053  0 00:39 pts/2    00:00:00 -bash
root       2270   2057  0 01:22 pts/2    00:00:00 ps -ft pts/2

八以进程树显示系统中的进程如何相互链接

ps -e --forest

[root@centos72 ~]# ps -e --forest
   PID TTY          TIME CMD
     2 ?        00:00:00 kthreadd
     3 ?        00:00:00  \_ ksoftirqd/0
     5 ?        00:00:00  \_ kworker/0:0H
     6 ?        00:00:00  \_ kworker/u256:0
     7 ?        00:00:00  \_ migration/0
     8 ?        00:00:00  \_ rcu_bh
     9 ?        00:00:00  \_ rcu_sched
    10 ?        00:00:00  \_ lru-add-drain
    11 ?        00:00:00  \_ watchdog/0
    12 ?        00:00:00  \_ watchdog/1
    13 ?        00:00:00  \_ migration/1
    14 ?        00:00:00  \_ ksoftirqd/1
    15 ?        00:00:00  \_ kworker/1:0
    16 ?        00:00:00  \_ kworker/1:0H
    18 ?        00:00:00  \_ kdevtmpfs
    19 ?        00:00:00  \_ netns
    20 ?        00:00:00  \_ khungtaskd
    21 ?        00:00:00  \_ writeback
    22 ?        00:00:00  \_ kintegrityd
    23 ?        00:00:00  \_ bioset
    24 ?        00:00:00  \_ kblockd
    25 ?        00:00:00  \_ md
    26 ?        00:00:00  \_ edac-poller
    32 ?        00:00:00  \_ kswapd0
    33 ?        00:00:00  \_ ksmd
    34 ?        00:00:00  \_ khugepaged
    35 ?        00:00:00  \_ crypto
    43 ?        00:00:00  \_ kthrotld
    45 ?        00:00:00  \_ kmpath_rdacd
    46 ?        00:00:00  \_ kaluad
    47 ?        00:00:00  \_ kworker/1:1
    48 ?        00:00:00  \_ kpsmoused
    50 ?        00:00:00  \_ ipv6_addrconf
    63 ?        00:00:00  \_ deferwq
    94 ?        00:00:00  \_ kauditd
   104 ?        00:00:00  \_ kworker/1:2
   236 ?        00:00:00  \_ ata_sff
   239 ?        00:00:00  \_ mpt_poll_0
   241 ?        00:00:00  \_ mpt/0
   245 ?        00:00:00  \_ scsi_eh_0
   246 ?        00:00:00  \_ scsi_tmf_0
   247 ?        00:00:00  \_ kworker/u256:2
   248 ?        00:00:00  \_ scsi_eh_1
   249 ?        00:00:00  \_ scsi_tmf_1
   250 ?        00:00:00  \_ scsi_eh_2
   251 ?        00:00:00  \_ scsi_tmf_2
   253 ?        00:00:00  \_ ttm_swap
   254 ?        00:00:00  \_ irq/16-vmwgfx
   277 ?        00:00:00  \_ bioset
   278 ?        00:00:00  \_ xfsalloc
   279 ?        00:00:00  \_ xfs_mru_cache
   280 ?        00:00:00  \_ xfs-buf/sda2
   281 ?        00:00:00  \_ xfs-data/sda2
   282 ?        00:00:00  \_ xfs-conv/sda2
   283 ?        00:00:00  \_ xfs-cil/sda2
   284 ?        00:00:00  \_ xfs-reclaim/sda
   285 ?        00:00:00  \_ xfs-log/sda2
   286 ?        00:00:00  \_ xfs-eofblocks/s
   287 ?        00:00:00  \_ xfsaild/sda2
   288 ?        00:00:00  \_ kworker/0:1H
   356 ?        00:00:00  \_ kworker/1:1H
   405 ?        00:00:00  \_ nfit
   432 ?        00:00:00  \_ xfs-buf/sda3
   433 ?        00:00:00  \_ xfs-data/sda3
   434 ?        00:00:00  \_ xfs-conv/sda3
   435 ?        00:00:00  \_ xfs-cil/sda3
   436 ?        00:00:00  \_ xfs-reclaim/sda
   437 ?        00:00:00  \_ xfs-log/sda3
   438 ?        00:00:00  \_ xfs-eofblocks/s
   439 ?        00:00:00  \_ xfsaild/sda3
   446 ?        00:00:00  \_ xfs-buf/sda1
   447 ?        00:00:00  \_ xfs-data/sda1
   448 ?        00:00:00  \_ xfs-conv/sda1
   449 ?        00:00:00  \_ xfs-cil/sda1
   450 ?        00:00:00  \_ xfs-reclaim/sda
   451 ?        00:00:00  \_ xfs-log/sda1
   452 ?        00:00:00  \_ xfs-eofblocks/s
   453 ?        00:00:00  \_ xfsaild/sda1
  2214 ?        00:00:00  \_ kworker/0:2
  2243 ?        00:00:00  \_ kworker/0:1
  2268 ?        00:00:00  \_ kworker/0:0
     1 ?        00:00:01 systemd
   357 ?        00:00:00 systemd-journal
   388 ?        00:00:01 systemd-udevd
   515 ?        00:00:00 auditd
   538 ?        00:00:00 irqbalance
   539 ?        00:00:00 polkitd
   540 ?        00:00:00 dbus-daemon
   544 ?        00:00:00 NetworkManager
   545 ?        00:00:00 VGAuthService
   546 ?        00:00:02 vmtoolsd
   548 ?        00:00:00 systemd-logind
   555 ?        00:00:00 crond
   558 tty1     00:00:00 agetty
   784 ?        00:00:00 tuned
   785 ?        00:00:00 sshd
  1421 ?        00:00:00  \_ sshd
  1425 pts/0    00:00:00  |   \_ bash
  1916 ?        00:00:00  \_ sshd
  1920 pts/1    00:00:00  |   \_ bash
  2053 ?        00:00:00  \_ sshd
  2057 pts/2    00:00:00  |   \_ bash
  2271 pts/2    00:00:00  |       \_ ps
  2110 ?        00:00:00  \_ sshd
  2114 pts/3    00:00:00      \_ bash
  2134 pts/3    00:00:00          \_ su
  2135 pts/3    00:00:00              \_ bash
  2195 pts/3    00:00:00                  \_ passwd
   787 ?        00:00:00 rsyslogd
   869 ?        00:00:00 master
   870 ?        00:00:00  \_ pickup
   871 ?        00:00:00  \_ qmgr

以进程树显示指定的进程

[root@centos72 ~]# ps -f --forest -C sshd
UID         PID   PPID  C STIME TTY          TIME CMD
root        785      1  0 00:28 ?        00:00:00 /usr/sbin/sshd -D
root       1421    785  0 00:29 ?        00:00:00  \_ sshd: root@pts/0
root       1916    785  0 00:34 ?        00:00:00  \_ sshd: root@pts/1
root       2053    785  0 00:39 ?        00:00:00  \_ sshd: root@pts/2
root       2110    785  0 00:49 ?        00:00:00  \_ sshd: root@pts/3

[root@centos72 ~]# ps -ef --forest | grep -v grep | grep sshd
root        785      1  0 00:28 ?        00:00:00 /usr/sbin/sshd -D
root       1421    785  0 00:29 ?        00:00:00  \_ sshd: root@pts/0
root       1916    785  0 00:34 ?        00:00:00  \_ sshd: root@pts/1
root       2053    785  0 00:39 ?        00:00:00  \_ sshd: root@pts/2
root       2110    785  0 00:49 ?        00:00:00  \_ sshd: root@pts/3

和上面的相比有明显区别

[root@centos72 ~]# pstree   -p
systemd(1)─┬─NetworkManager(544)─┬─{NetworkManager}(591)
           │                     └─{NetworkManager}(593)
           ├─VGAuthService(545)
           ├─agetty(558)
           ├─auditd(515)───{auditd}(516)
           ├─crond(555)
           ├─dbus-daemon(540)───{dbus-daemon}(542)
           ├─irqbalance(538)
           ├─master(869)─┬─pickup(870)
           │             └─qmgr(871)
           ├─polkitd(539)─┬─{polkitd}(541)
           │              ├─{polkitd}(543)
           │              ├─{polkitd}(569)
           │              ├─{polkitd}(570)
           │              └─{polkitd}(573)
           ├─rsyslogd(787)─┬─{rsyslogd}(790)
           │               └─{rsyslogd}(791)
           ├─sshd(785)─┬─sshd(1421)───bash(1425)
           │           ├─sshd(1916)───bash(1920)
           │           ├─sshd(2053)───bash(2057)───pstree(2278)
           │           └─sshd(2110)───bash(2114)───su(2134)───bash(2135)───passwd(2195)
           ├─systemd-journal(357)
           ├─systemd-logind(548)
           ├─systemd-udevd(388)
           ├─tuned(784)─┬─{tuned}(1026)
           │            ├─{tuned}(1027)
           │            ├─{tuned}(1028)
           │            └─{tuned}(1041)
           └─vmtoolsd(546)───{vmtoolsd}(580)

九显示一个进程的所有线程,将显示LWP（轻量级进程）以及NLWP（轻量级进程数）列

启动httpd进程

[root@centos72 ~]# ps -fL -C  httpd
UID         PID   PPID    LWP  C NLWP STIME TTY          TIME CMD
[root@centos72 ~]# ss  -tnl
State      Recv-Q Send-Q       Local Address:Port                      Peer Address:Port              
LISTEN     0      128                      *:22                                   *:*                  
LISTEN     0      100              127.0.0.1:25                                   *:*                  
LISTEN     0      128                     :::22                                  :::*                  
LISTEN     0      100                    ::1:25                                  :::*                  
[root@centos72 ~]# systemctl restart httpd
[root@centos72 ~]# ss -tnl
State      Recv-Q Send-Q       Local Address:Port                      Peer Address:Port              
LISTEN     0      128                      *:22                                   *:*                  
LISTEN     0      100              127.0.0.1:25                                   *:*                  
LISTEN     0      128                     :::80                                  :::*                  
LISTEN     0      128                     :::22                                  :::*                  
LISTEN     0      100                    ::1:25                                  :::*

[root@centos72 ~]# ps -fL -C  httpd
UID         PID   PPID    LWP  C NLWP STIME TTY          TIME CMD
root       2295      1   2295  0    1 01:29 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     2296   2295   2296  0    1 01:29 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     2297   2295   2297  0    1 01:29 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     2298   2295   2298  0    1 01:29 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     2299   2295   2299  0    1 01:29 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     2300   2295   2300  0    1 01:29 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND

[root@centos72 ~]# pstree  -p
systemd(1)─┬─NetworkManager(544)─┬─{NetworkManager}(591)
           │                     └─{NetworkManager}(593)
           ├─VGAuthService(545)
           ├─agetty(558)
           ├─auditd(515)───{auditd}(516)
           ├─crond(555)
           ├─dbus-daemon(540)───{dbus-daemon}(542)
           ├─httpd(2295)─┬─httpd(2296)
           │             ├─httpd(2297)
           │             ├─httpd(2298)
           │             ├─httpd(2299)
           │             └─httpd(2300)
           ├─irqbalance(538)
           ├─master(869)─┬─pickup(870)
           │             └─qmgr(871)
           ├─polkitd(539)─┬─{polkitd}(541)
           │              ├─{polkitd}(543)
           │              ├─{polkitd}(569)
           │              ├─{polkitd}(570)
           │              └─{polkitd}(573)
           ├─rsyslogd(787)─┬─{rsyslogd}(790)
           │               └─{rsyslogd}(791)
           ├─sshd(785)─┬─sshd(1421)───bash(1425)
           │           ├─sshd(1916)───bash(1920)
           │           ├─sshd(2053)───bash(2057)───pstree(2304)
           │           └─sshd(2110)───bash(2114)───su(2134)───bash(2135)───passwd(2195)
           ├─systemd-journal(357)
           ├─systemd-logind(548)
           ├─systemd-udevd(388)
           ├─tuned(784)─┬─{tuned}(1026)
           │            ├─{tuned}(1027)
           │            ├─{tuned}(1028)
           │            └─{tuned}(1041)
           └─vmtoolsd(546)───{vmtoolsd}(580)

在6上查看

注意要启动服务

[root@centos65 ~]# ss -tnl | grep  80
LISTEN     0      128                      :::80                      :::*     
[root@centos65 ~]#  pstree  -p
init(1)─┬─abrt-dump-oops(1811)
        ├─abrtd(1801)
        ├─acpid(1428)
        ├─atd(1858)
        ├─auditd(1251)───{auditd}(1252)
        ├─automount(1511)─┬─{automount}(1512)
        │                 ├─{automount}(1513)
        │                 ├─{automount}(1528)
        │                 └─{automount}(1531)
        ├─crond(1843)
        ├─dbus-daemon(1389)───{dbus-daemon}(1391)
        ├─dnsmasq(2023)
        ├─hald(1440)─┬─hald-runner(1441)─┬─hald-addon-acpi(1495)
        │            │                   └─hald-addon-inpu(1473)
        │            └─{hald}(1442)
        ├─httpd.worker(2729)─┬─httpd.worker(2731)─┬─{httpd.worker}(2766)
        │                    │                    ├─{httpd.worker}(2768)
        │                    │                    ├─{httpd.worker}(2769)
        │                    │                    ├─{httpd.worker}(2770)
        │                    │                    ├─{httpd.worker}(2771)
        │                    │                    ├─{httpd.worker}(2772)
        │                    │                    ├─{httpd.worker}(2773)
        │                    │                    ├─{httpd.worker}(2774)
        │                    │                    ├─{httpd.worker}(2775)
        │                    │                    ├─{httpd.worker}(2776)
        │                    │                    ├─{httpd.worker}(2777)
        │                    │                    ├─{httpd.worker}(2778)
        │                    │                    ├─{httpd.worker}(2779)
        │                    │                    ├─{httpd.worker}(2780)
        │                    │                    ├─{httpd.worker}(2781)
        │                    │                    ├─{httpd.worker}(2782)
        │                    │                    ├─{httpd.worker}(2783)
        │                    │                    ├─{httpd.worker}(2784)
        │                    │                    ├─{httpd.worker}(2785)
        │                    │                    ├─{httpd.worker}(2786)
        │                    │                    ├─{httpd.worker}(2787)
        │                    │                    ├─{httpd.worker}(2788)
        │                    │                    ├─{httpd.worker}(2789)
        │                    │                    ├─{httpd.worker}(2790)
        │                    │                    ├─{httpd.worker}(2791)
        │                    │                    └─{httpd.worker}(2792)
        │                    ├─httpd.worker(2732)─┬─{httpd.worker}(2767)
        │                    │                    ├─{httpd.worker}(2793)
        │                    │                    ├─{httpd.worker}(2794)
        │                    │                    ├─{httpd.worker}(2795)
        │                    │                    ├─{httpd.worker}(2796)
        │                    │                    ├─{httpd.worker}(2797)
        │                    │                    ├─{httpd.worker}(2798)
        │                    │                    ├─{httpd.worker}(2799)
        │                    │                    ├─{httpd.worker}(2800)
        │                    │                    ├─{httpd.worker}(2801)
        │                    │                    ├─{httpd.worker}(2802)
        │                    │                    ├─{httpd.worker}(2803)
        │                    │                    ├─{httpd.worker}(2804)
        │                    │                    ├─{httpd.worker}(2805)
        │                    │                    ├─{httpd.worker}(2806)
        │                    │                    ├─{httpd.worker}(2807)
        │                    │                    ├─{httpd.worker}(2808)
        │                    │                    ├─{httpd.worker}(2809)
        │                    │                    ├─{httpd.worker}(2810)
        │                    │                    ├─{httpd.worker}(2811)
        │                    │                    ├─{httpd.worker}(2812)
        │                    │                    ├─{httpd.worker}(2813)
        │                    │                    ├─{httpd.worker}(2814)
        │                    │                    ├─{httpd.worker}(2815)
        │                    │                    ├─{httpd.worker}(2816)
        │                    │                    └─{httpd.worker}(2817)
        │                    └─httpd.worker(2734)─┬─{httpd.worker}(2755)
        │                                         ├─{httpd.worker}(2818)
        │                                         ├─{httpd.worker}(2819)
        │                                         ├─{httpd.worker}(2820)
        │                                         ├─{httpd.worker}(2821)
        │                                         ├─{httpd.worker}(2822)
        │                                         ├─{httpd.worker}(2823)
        │                                         ├─{httpd.worker}(2824)
        │                                         ├─{httpd.worker}(2825)
        │                                         ├─{httpd.worker}(2826)
        │                                         ├─{httpd.worker}(2827)
        │                                         ├─{httpd.worker}(2828)
        │                                         ├─{httpd.worker}(2829)
        │                                         ├─{httpd.worker}(2830)
        │                                         ├─{httpd.worker}(2831)
        │                                         ├─{httpd.worker}(2832)
        │                                         ├─{httpd.worker}(2833)
        │                                         ├─{httpd.worker}(2834)
        │                                         ├─{httpd.worker}(2835)
        │                                         ├─{httpd.worker}(2836)
        │                                         ├─{httpd.worker}(2837)
        │                                         ├─{httpd.worker}(2838)
        │                                         ├─{httpd.worker}(2839)
        │                                         ├─{httpd.worker}(2840)
        │                                         ├─{httpd.worker}(2841)
        │                                         └─{httpd.worker}(2842)
        ├─irqbalance(1307)
        ├─ksmtuned(1830)───sleep(11883)
        ├─libvirtd(1875)─┬─{libvirtd}(1876)
        │                ├─{libvirtd}(1877)
        │                ├─{libvirtd}(1878)
        │                ├─{libvirtd}(1879)
        │                ├─{libvirtd}(1880)
        │                ├─{libvirtd}(1881)
        │                ├─{libvirtd}(1882)
        │                ├─{libvirtd}(1883)
        │                ├─{libvirtd}(1884)
        │                └─{libvirtd}(1885)
        ├─master(1772)─┬─pickup(11801)
        │              └─qmgr(1779)
        ├─mingetty(1916)
        ├─mingetty(1918)
        ├─mingetty(1920)
        ├─mingetty(1922)
        ├─mingetty(1924)
        ├─mingetty(1926)
        ├─rpc.idmapd(1633)
        ├─rpc.mountd(1588)
        ├─rpc.rquotad(1583)
        ├─rpc.statd(1354)
        ├─rpcbind(1332)
        ├─rsyslogd(1273)─┬─{rsyslogd}(1274)
        │                ├─{rsyslogd}(1276)
        │                └─{rsyslogd}(1277)
        ├─sshd(1682)───sshd(2134)───bash(2138)───pstree(11886)
        ├─udevd(536)─┬─udevd(1933)
        │            └─udevd(1934)
        └─xinetd(1693)

 注意要精确匹配才会出现

[root@centos65 ~]# ps -fL -C  httpd
UID         PID   PPID    LWP  C NLWP STIME TTY          TIME CMD
[root@centos65 ~]# ps -fL -C  httpd.worker
UID         PID   PPID    LWP  C NLWP STIME TTY          TIME CMD
root       2729      1   2729  0    1 01:31 ?        00:00:02 /usr/sbin/httpd.worker
apache     2731   2729   2731  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2766  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2768  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2769  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2770  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2771  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2772  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2773  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2774  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2775  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2776  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2777  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2778  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2779  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2780  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2781  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2782  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2783  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2784  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2785  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2786  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2787  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2788  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2789  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2790  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2791  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2731   2729   2792  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2732  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2767  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2793  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2794  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2795  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2796  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2797  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2798  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2799  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2800  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2801  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2802  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2803  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2804  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2805  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2806  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2807  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2808  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2809  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2810  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2811  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2812  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2813  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2814  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2815  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2816  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2732   2729   2817  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2734  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2755  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2818  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2819  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2820  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2821  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2822  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2823  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2824  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2825  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2826  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2827  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2828  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2829  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2830  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2831  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2832  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2833  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2834  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2835  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2836  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2837  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2838  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2839  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2840  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2841  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker
apache     2734   2729   2842  0   27 01:31 ?        00:00:00 /usr/sbin/httpd.worker

十列出所有格式说明符:ps L

[root@centos72 ~]# ps L
%cpu         %CPU    
%mem         %MEM    
_left        LLLLLLLL
_left2       L2L2L2L2
_right       RRRRRRRR
_right2      R2R2R2R2
_unlimited   U       
_unlimited2  U2      
alarm        ALARM   
args         COMMAND 
atime        TIME    
blocked      BLOCKED 
bsdstart     START   
bsdtime      TIME    
c            C       
caught       CAUGHT  
cgroup       CGROUP  
class        CLS     
cls          CLS     
cmd          CMD     
comm         COMMAND 
command      COMMAND 
context      CONTEXT 
cp           CP      
cpuid        CPUID   
cputime      TIME    
drs          DRS     
dsiz         DSIZ    
egid         EGID    
egroup       EGROUP  
eip          EIP     
esp          ESP     
etime        ELAPSED 
etimes       ELAPSED 
euid         EUID    
euser        EUSER   
f            F       
fgid         FGID    
fgroup       FGROUP  
flag         F       
flags        F       
fname        COMMAND 
fsgid        FSGID   
fsgroup      FSGROUP 
fsuid        FSUID   
fsuser       FSUSER  
fuid         FUID    
fuser        FUSER   
gid          GID     
group        GROUP   
ignored      IGNORED 
intpri       PRI     
ipcns        IPCNS   
label        LABEL   
lastcpu      C       
lim          LIM     
longtname    TTY     
lsession     SESSION 
lstart       STARTED 
lwp          LWP     
m_drs        DRS     
m_size       SIZE    
m_trs        TRS     
machine      MACHINE 
maj_flt      MAJFL   
majflt       MAJFLT  
min_flt      MINFL   
minflt       MINFLT  
mntns        MNTNS   
netns        NETNS   
ni           NI      
nice         NI      
nlwp         NLWP    
nwchan       WCHAN   
opri         PRI     
ouid         OWNER   
pagein       PAGEIN  
pcpu         %CPU    
pending      PENDING 
pgid         PGID    
pgrp         PGRP    
pid          PID     
pidns        PIDNS   
pmem         %MEM    
policy       POL     
ppid         PPID    
pri          PRI     
pri_api      API     
pri_bar      BAR     
pri_baz      BAZ     
pri_foo      FOO     
priority     PRI     
psr          PSR     
rgid         RGID    
rgroup       RGROUP  
rss          RSS     
rssize       RSS     
rsz          RSZ     
rtprio       RTPRIO  
ruid         RUID    
ruser        RUSER   
s            S       
sched        SCH     
seat         SEAT    
sess         SESS    
session      SESS    
sgi_p        P       
sgi_rss      RSS     
sgid         SGID    
sgroup       SGROUP  
sid          SID     
sig          PENDING 
sig_block    BLOCKED 
sig_catch    CATCHED 
sig_ignore   IGNORED 
sig_pend     SIGNAL  
sigcatch     CAUGHT  
sigignore    IGNORED 
sigmask      BLOCKED 
size         SIZE    
slice        SLICE   
spid         SPID    
stackp       STACKP  
start        STARTED 
start_stack  STACKP  
start_time   START   
stat         STAT    
state        S       
stime        STIME   
suid         SUID    
supgid       SUPGID  
supgrp       SUPGRP  
suser        SUSER   
svgid        SVGID   
svgroup      SVGROUP 
svuid        SVUID   
svuser       SVUSER  
sz           SZ      
tgid         TGID    
thcgr        THCGR   
thcount      THCNT   
tid          TID     
time         TIME    
tname        TTY     
tpgid        TPGID   
trs          TRS     
trss         TRSS    
tsig         PENDING 
tsiz         TSIZ    
tt           TT      
tty          TT      
tty4         TTY     
tty8         TTY     
ucmd         CMD     
ucomm        COMMAND 
uid          UID     
uid_hack     UID     
uname        USER    
unit         UNIT    
user         USER    
userns       USERNS  
util         C       
utsns        UTSNS   
uunit        UUNIT   
vsize        VSZ     
vsz          VSZ     
wchan        WCHAN   
wname        WCHAN   
zone         ZONE   

十一查看进程的PID，PPID，用户名和命令

ps -eo pid,ppid,user,cmd

[root@centos72 ~]# ps -eo pid,ppid,user,cmd
   PID   PPID USER     CMD
     1      0 root     /usr/lib/systemd/systemd --switched-root --system --deserialize 22
     2      0 root     [kthreadd]
     3      2 root     [ksoftirqd/0]
     5      2 root     [kworker/0:0H]
     6      2 root     [kworker/u256:0]
     7      2 root     [migration/0]
     8      2 root     [rcu_bh]
     9      2 root     [rcu_sched]
    10      2 root     [lru-add-drain]
    11      2 root     [watchdog/0]
    12      2 root     [watchdog/1]
    13      2 root     [migration/1]
    14      2 root     [ksoftirqd/1]
    16      2 root     [kworker/1:0H]
    18      2 root     [kdevtmpfs]
    19      2 root     [netns]
    20      2 root     [khungtaskd]
    21      2 root     [writeback]
    22      2 root     [kintegrityd]
    23      2 root     [bioset]
    24      2 root     [kblockd]
    25      2 root     [md]
    26      2 root     [edac-poller]
    32      2 root     [kswapd0]
    33      2 root     [ksmd]
    34      2 root     [khugepaged]
    35      2 root     [crypto]
    43      2 root     [kthrotld]
    45      2 root     [kmpath_rdacd]
    46      2 root     [kaluad]
    48      2 root     [kpsmoused]
    50      2 root     [ipv6_addrconf]
    63      2 root     [deferwq]
    94      2 root     [kauditd]
   236      2 root     [ata_sff]
   239      2 root     [mpt_poll_0]
   241      2 root     [mpt/0]
   245      2 root     [scsi_eh_0]
   246      2 root     [scsi_tmf_0]
   247      2 root     [kworker/u256:2]
   248      2 root     [scsi_eh_1]
   249      2 root     [scsi_tmf_1]
   250      2 root     [scsi_eh_2]
   251      2 root     [scsi_tmf_2]
   253      2 root     [ttm_swap]
   254      2 root     [irq/16-vmwgfx]
   277      2 root     [bioset]
   278      2 root     [xfsalloc]
   279      2 root     [xfs_mru_cache]
   280      2 root     [xfs-buf/sda2]
   281      2 root     [xfs-data/sda2]
   282      2 root     [xfs-conv/sda2]
   283      2 root     [xfs-cil/sda2]
   284      2 root     [xfs-reclaim/sda]
   285      2 root     [xfs-log/sda2]
   286      2 root     [xfs-eofblocks/s]
   287      2 root     [xfsaild/sda2]
   288      2 root     [kworker/0:1H]
   356      2 root     [kworker/1:1H]
   357      1 root     /usr/lib/systemd/systemd-journald
   388      1 root     /usr/lib/systemd/systemd-udevd
   405      2 root     [nfit]
   432      2 root     [xfs-buf/sda3]
   433      2 root     [xfs-data/sda3]
   434      2 root     [xfs-conv/sda3]
   435      2 root     [xfs-cil/sda3]
   436      2 root     [xfs-reclaim/sda]
   437      2 root     [xfs-log/sda3]
   438      2 root     [xfs-eofblocks/s]
   439      2 root     [xfsaild/sda3]
   446      2 root     [xfs-buf/sda1]
   447      2 root     [xfs-data/sda1]
   448      2 root     [xfs-conv/sda1]
   449      2 root     [xfs-cil/sda1]
   450      2 root     [xfs-reclaim/sda]
   451      2 root     [xfs-log/sda1]
   452      2 root     [xfs-eofblocks/s]
   453      2 root     [xfsaild/sda1]
   515      1 root     /sbin/auditd
   538      1 root     /usr/sbin/irqbalance --foreground
   539      1 polkitd  /usr/lib/polkit-1/polkitd --no-debug
   540      1 dbus     /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-a
   544      1 root     /usr/sbin/NetworkManager --no-daemon
   545      1 root     /usr/bin/VGAuthService -s
   546      1 root     /usr/bin/vmtoolsd
   548      1 root     /usr/lib/systemd/systemd-logind
   555      1 root     /usr/sbin/crond -n
   558      1 root     /sbin/agetty --noclear tty1 linux
   784      1 root     /usr/bin/python -Es /usr/sbin/tuned -l -P
   785      1 root     /usr/sbin/sshd -D
   787      1 root     /usr/sbin/rsyslogd -n
   869      1 root     /usr/libexec/postfix/master -w
   871    869 postfix  qmgr -l -t unix -u
  2053    785 root     sshd: root@pts/2
  2057   2053 root     -bash
  2110    785 root     sshd: root@pts/3
  2114   2110 root     -bash
  2134   2114 root     su - wang
  2135   2134 wang     -bash
  2195   2135 root     passwd
  2295      1 root     /usr/sbin/httpd -DFOREGROUND
  2296   2295 apache   /usr/sbin/httpd -DFOREGROUND
  2297   2295 apache   /usr/sbin/httpd -DFOREGROUND
  2298   2295 apache   /usr/sbin/httpd -DFOREGROUND
  2299   2295 apache   /usr/sbin/httpd -DFOREGROUND
  2300   2295 apache   /usr/sbin/httpd -DFOREGROUND
  2540      2 root     [kworker/1:1]
  2558      2 root     [kworker/0:2]
  2583      2 root     [kworker/0:0]
  2590    869 postfix  pickup -l -t unix -u
  2593      2 root     [kworker/1:2]
  2594      2 root     [kworker/1:0]
  2596      2 root     [kworker/0:1]
  2597   2057 root     ps -eo pid,ppid,user,cmd

十二使用其PID查找进程名称：ps   -p  编号  -o comm=

[root@centos72 ~]# ps -p 1  -o comm=
systemd

[root@centos72 ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
        ├─VGAuthService
        ├─agetty
        ├─auditd───{auditd}
        ├─crond
        ├─dbus-daemon───{dbus-daemon}
        ├─httpd───5*[httpd]
        ├─irqbalance
        ├─master─┬─pickup
        │        └─qmgr
        ├─polkitd───5*[{polkitd}]
        ├─rsyslogd───2*[{rsyslogd}]
        ├─sshd─┬─sshd───bash───pstree
        │      └─sshd───bash───su───bash───passwd
        ├─systemd-journal
        ├─systemd-logind
        ├─systemd-udevd
        ├─tuned───4*[{tuned}]
        └─vmtoolsd───{vmtoolsd}

[root@centos65 ~]#  ps -p 1  -o comm=
init

[root@centos65 ~]# pstree
init─┬─abrt-dump-oops
     ├─abrtd
     ├─acpid
     ├─atd
     ├─auditd───{auditd}
     ├─automount───4*[{automount}]
     ├─crond
     ├─dbus-daemon───{dbus-daemon}
     ├─dnsmasq
     ├─hald─┬─hald-runner─┬─hald-addon-acpi
     │      │             └─hald-addon-inpu
     │      └─{hald}
     ├─httpd.worker───3*[httpd.worker───26*[{httpd.worker}]]
     ├─irqbalance
     ├─ksmtuned───sleep
     ├─libvirtd───10*[{libvirtd}]
     ├─master─┬─pickup
     │        └─qmgr
     ├─6*[mingetty]
     ├─rpc.idmapd
     ├─rpc.mountd
     ├─rpc.rquotad
     ├─rpc.statd
     ├─rpcbind
     ├─rsyslogd───3*[{rsyslogd}]
     ├─sshd───sshd───bash───pstree
     ├─udevd───2*[udevd]
     └─xinetd

十三要以其名称选择特定进程，显示其所有子进程

ps -C sshd,bash

[root@centos72 ~]# ps -C sshd,bash
   PID TTY          TIME CMD
   785 ?        00:00:00 sshd
  2053 ?        00:00:00 sshd
  2057 pts/2    00:00:00 bash
  2110 ?        00:00:00 sshd
  2114 pts/3    00:00:00 bash
  2135 pts/3    00:00:00 bash

十四查找指定进程名所有的所属PID

在编写需要从std输出或文件读取PID的脚本时这个参数很有用：ps -C httpd,sshd -o pid=

[root@centos72 ~]# ps -C httpd,sshd -o pid=
   785
  2053
  2110
  2295
  2296
  2297
  2298
  2299
  2300
[root@centos72 ~]# pstree -p
systemd(1)─┬─NetworkManager(544)─┬─{NetworkManager}(591)
           │                     └─{NetworkManager}(593)
           ├─VGAuthService(545)
           ├─agetty(558)
           ├─auditd(515)───{auditd}(516)
           ├─crond(555)
           ├─dbus-daemon(540)───{dbus-daemon}(542)
           ├─httpd(2295)─┬─httpd(2296)
           │             ├─httpd(2297)
           │             ├─httpd(2298)
           │             ├─httpd(2299)
           │             └─httpd(2300)
           ├─irqbalance(538)
           ├─master(869)─┬─pickup(2590)
           │             └─qmgr(871)
           ├─polkitd(539)─┬─{polkitd}(541)
           │              ├─{polkitd}(543)
           │              ├─{polkitd}(569)
           │              ├─{polkitd}(570)
           │              └─{polkitd}(573)
           ├─rsyslogd(787)─┬─{rsyslogd}(790)
           │               └─{rsyslogd}(791)
           ├─sshd(785)─┬─sshd(2053)───bash(2057)───pstree(2602)
           │           └─sshd(2110)───bash(2114)───su(2134)───bash(2135)───passwd(2195)
           ├─systemd-journal(357)
           ├─systemd-logind(548)
           ├─systemd-udevd(388)
           ├─tuned(784)─┬─{tuned}(1026)
           │            ├─{tuned}(1027)
           │            ├─{tuned}(1028)
           │            └─{tuned}(1041)
           └─vmtoolsd(546)───{vmtoolsd}(580)

检查一个进程的执行时间

已经运行了14个小时了

[root@centos72 ~]# ps -eo comm,etime,user | grep apache
httpd              14:22:12 apache
httpd              14:22:12 apache
httpd              14:22:12 apache
httpd              14:22:12 apache
httpd              14:22:12 apache

[root@centos72 ~]# ps -eo comm,etime,user | grep  httpd
httpd              14:23:31 root
httpd              14:23:15 apache
httpd              14:23:15 apache
httpd              14:23:15 apache
httpd              14:23:15 apache
httpd              14:23:15 apache

[root@centos72 ~]# ss -tnl
State      Recv-Q Send-Q       Local Address:Port                      Peer Address:Port              
LISTEN     0      128                      *:22                                   *:*                  
LISTEN     0      100              127.0.0.1:25                                   *:*                  
LISTEN     0      128                     :::80                                  :::*                  
LISTEN     0      128                     :::22                                  :::*                  
LISTEN     0      100                    ::1:25                                  :::*      

使用另外一种方法

[root@centos72 ~]# ps -C  httpd  -o comm,etime,user 
COMMAND             ELAPSED USER
httpd              14:25:59 root
httpd              14:25:43 apache
httpd              14:25:43 apache
httpd              14:25:43 apache
httpd              14:25:43 apache
httpd              14:25:43 apache
[root@centos72 ~]# ps -C  apache   -o comm,etime,user 
COMMAND             ELAPSED USER

[root@centos72 ~]# ps -C  systemd   -o comm,etime,user 
COMMAND             ELAPSED USER
systemd            15:28:27 root
[root@centos72 ~]# 

[root@centos65 ~]#  ps -C  init   -o comm,etime,user 
COMMAND             ELAPSED USER
init               15:21:51 root

十五查找占用最多内存的进程

 
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem |head

注意是倒序排列，--sort=-%mem加上-表示倒序

按照内存排序

[root@centos72 ~]# ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem |head
   PID   PPID CMD                         %MEM %CPU
   784      1 /usr/bin/python -Es /usr/sb  1.9  0.0
   787      1 /usr/sbin/rsyslogd -n        1.4  0.0
   539      1 /usr/lib/polkit-1/polkitd -  1.2  0.0
   544      1 /usr/sbin/NetworkManager --  0.9  0.0
     1      0 /usr/lib/systemd/systemd --  0.6  0.0
   388      1 /usr/lib/systemd/systemd-ud  0.6  0.0
   545      1 /usr/bin/VGAuthService -s    0.6  0.0
   546      1 /usr/bin/vmtoolsd            0.6  0.0
  2053    785 sshd: root@pts/2             0.5  0.0

[root@centos65 ~]# ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head
   PID   PPID CMD                         %MEM %CPU
     1      0 /sbin/init                   0.1  0.0
     2      0 [kthreadd]                   0.0  0.0
     3      2 [migration/0]                0.0  0.0
     4      2 [ksoftirqd/0]                0.0  0.0
     5      2 [stopper/0]                  0.0  0.0
     6      2 [watchdog/0]                 0.0  0.0
     7      2 [migration/1]                0.0  0.0
     8      2 [stopper/1]                  0.0  0.0
     9      2 [ksoftirqd/1]                0.0  0.0

按照CPU排序

这个命令是很实用的，负载大的进程就不能杀死

[root@centos72 ~]# ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head
   PID   PPID CMD                         %MEM %CPU
     1      0 /usr/lib/systemd/systemd --  0.6  0.0
     2      0 [kthreadd]                   0.0  0.0
     3      2 [ksoftirqd/0]                0.0  0.0
     5      2 [kworker/0:0H]               0.0  0.0
     6      2 [kworker/u256:0]             0.0  0.0
     7      2 [migration/0]                0.0  0.0
     8      2 [rcu_bh]                     0.0  0.0
     9      2 [rcu_sched]                  0.0  0.0
    10      2 [lru-add-drain]              0.0  0.0

十六显示安全信息，和 selinux有关，不必看

[root@centos72 ~]# ps -eM
LABEL                              PID TTY          TIME CMD
system_u:system_r:init_t:s0          1 ?        00:00:03 systemd
system_u:system_r:kernel_t:s0        2 ?        00:00:00 kthreadd
system_u:system_r:kernel_t:s0        3 ?        00:00:00 ksoftirqd/0
system_u:system_r:kernel_t:s0        5 ?        00:00:00 kworker/0:0H
system_u:system_r:kernel_t:s0        6 ?        00:00:00 kworker/u256:0
system_u:system_r:kernel_t:s0        7 ?        00:00:00 migration/0
system_u:system_r:kernel_t:s0        8 ?        00:00:00 rcu_bh
system_u:system_r:kernel_t:s0        9 ?        00:00:00 rcu_sched
system_u:system_r:kernel_t:s0       10 ?        00:00:00 lru-add-drain
system_u:system_r:kernel_t:s0       11 ?        00:00:00 watchdog/0
system_u:system_r:kernel_t:s0       12 ?        00:00:00 watchdog/1
system_u:system_r:kernel_t:s0       13 ?        00:00:00 migration/1
system_u:system_r:kernel_t:s0       14 ?        00:00:00 ksoftirqd/1
system_u:system_r:kernel_t:s0       16 ?        00:00:00 kworker/1:0H
system_u:system_r:kernel_t:s0       18 ?        00:00:00 kdevtmpfs
system_u:system_r:kernel_t:s0       19 ?        00:00:00 netns
system_u:system_r:kernel_t:s0       20 ?        00:00:00 khungtaskd
system_u:system_r:kernel_t:s0       21 ?        00:00:00 writeback
system_u:system_r:kernel_t:s0       22 ?        00:00:00 kintegrityd
system_u:system_r:kernel_t:s0       23 ?        00:00:00 bioset
system_u:system_r:kernel_t:s0       24 ?        00:00:00 kblockd
system_u:system_r:kernel_t:s0       25 ?        00:00:00 md
system_u:system_r:kernel_t:s0       26 ?        00:00:00 edac-poller
system_u:system_r:kernel_t:s0       32 ?        00:00:00 kswapd0
system_u:system_r:kernel_t:s0       33 ?        00:00:00 ksmd
system_u:system_r:kernel_t:s0       34 ?        00:00:00 khugepaged
system_u:system_r:kernel_t:s0       35 ?        00:00:00 crypto
system_u:system_r:kernel_t:s0       43 ?        00:00:00 kthrotld
system_u:system_r:kernel_t:s0       45 ?        00:00:00 kmpath_rdacd
system_u:system_r:kernel_t:s0       46 ?        00:00:00 kaluad
system_u:system_r:kernel_t:s0       48 ?        00:00:00 kpsmoused
system_u:system_r:kernel_t:s0       50 ?        00:00:00 ipv6_addrconf
system_u:system_r:kernel_t:s0       63 ?        00:00:00 deferwq
system_u:system_r:kernel_t:s0       94 ?        00:00:00 kauditd
system_u:system_r:kernel_t:s0      236 ?        00:00:00 ata_sff
system_u:system_r:kernel_t:s0      239 ?        00:00:00 mpt_poll_0
system_u:system_r:kernel_t:s0      241 ?        00:00:00 mpt/0
system_u:system_r:kernel_t:s0      245 ?        00:00:00 scsi_eh_0
system_u:system_r:kernel_t:s0      246 ?        00:00:00 scsi_tmf_0
system_u:system_r:kernel_t:s0      247 ?        00:00:00 kworker/u256:2
system_u:system_r:kernel_t:s0      248 ?        00:00:00 scsi_eh_1
system_u:system_r:kernel_t:s0      249 ?        00:00:00 scsi_tmf_1
system_u:system_r:kernel_t:s0      250 ?        00:00:00 scsi_eh_2
system_u:system_r:kernel_t:s0      251 ?        00:00:00 scsi_tmf_2
system_u:system_r:kernel_t:s0      253 ?        00:00:00 ttm_swap
system_u:system_r:kernel_t:s0      254 ?        00:00:00 irq/16-vmwgfx
system_u:system_r:kernel_t:s0      277 ?        00:00:00 bioset
system_u:system_r:kernel_t:s0      278 ?        00:00:00 xfsalloc
system_u:system_r:kernel_t:s0      279 ?        00:00:00 xfs_mru_cache
system_u:system_r:kernel_t:s0      280 ?        00:00:00 xfs-buf/sda2
system_u:system_r:kernel_t:s0      281 ?        00:00:00 xfs-data/sda2
system_u:system_r:kernel_t:s0      282 ?        00:00:00 xfs-conv/sda2
system_u:system_r:kernel_t:s0      283 ?        00:00:00 xfs-cil/sda2
system_u:system_r:kernel_t:s0      284 ?        00:00:00 xfs-reclaim/sda
system_u:system_r:kernel_t:s0      285 ?        00:00:00 xfs-log/sda2
system_u:system_r:kernel_t:s0      286 ?        00:00:00 xfs-eofblocks/s
system_u:system_r:kernel_t:s0      287 ?        00:00:00 xfsaild/sda2
system_u:system_r:kernel_t:s0      288 ?        00:00:00 kworker/0:1H
system_u:system_r:kernel_t:s0      356 ?        00:00:00 kworker/1:1H
system_u:system_r:syslogd_t:s0     357 ?        00:00:00 systemd-journal
system_u:system_r:udev_t:s0-s0:c0.c1023 388 ?   00:00:01 systemd-udevd
system_u:system_r:kernel_t:s0      405 ?        00:00:00 nfit
system_u:system_r:kernel_t:s0      432 ?        00:00:00 xfs-buf/sda3
system_u:system_r:kernel_t:s0      433 ?        00:00:00 xfs-data/sda3
system_u:system_r:kernel_t:s0      434 ?        00:00:00 xfs-conv/sda3
system_u:system_r:kernel_t:s0      435 ?        00:00:00 xfs-cil/sda3
system_u:system_r:kernel_t:s0      436 ?        00:00:00 xfs-reclaim/sda
system_u:system_r:kernel_t:s0      437 ?        00:00:00 xfs-log/sda3
system_u:system_r:kernel_t:s0      438 ?        00:00:00 xfs-eofblocks/s
system_u:system_r:kernel_t:s0      439 ?        00:00:00 xfsaild/sda3
system_u:system_r:kernel_t:s0      446 ?        00:00:00 xfs-buf/sda1
system_u:system_r:kernel_t:s0      447 ?        00:00:00 xfs-data/sda1
system_u:system_r:kernel_t:s0      448 ?        00:00:00 xfs-conv/sda1
system_u:system_r:kernel_t:s0      449 ?        00:00:00 xfs-cil/sda1
system_u:system_r:kernel_t:s0      450 ?        00:00:00 xfs-reclaim/sda
system_u:system_r:kernel_t:s0      451 ?        00:00:00 xfs-log/sda1
system_u:system_r:kernel_t:s0      452 ?        00:00:00 xfs-eofblocks/s
system_u:system_r:kernel_t:s0      453 ?        00:00:00 xfsaild/sda1
system_u:system_r:auditd_t:s0      515 ?        00:00:00 auditd
system_u:system_r:irqbalance_t:s0  538 ?        00:00:02 irqbalance
system_u:system_r:policykit_t:s0   539 ?        00:00:00 polkitd
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 540 ? 00:00:01 dbus-daemon
system_u:system_r:NetworkManager_t:s0 544 ?     00:00:00 NetworkManager
system_u:system_r:vmtools_t:s0     545 ?        00:00:00 VGAuthService
system_u:system_r:vmtools_t:s0     546 ?        00:00:35 vmtoolsd
system_u:system_r:systemd_logind_t:s0 548 ?     00:00:00 systemd-logind
system_u:system_r:crond_t:s0-s0:c0.c1023 555 ?  00:00:00 crond
system_u:system_r:getty_t:s0-s0:c0.c1023 558 tty1 00:00:00 agetty
system_u:system_r:tuned_t:s0       784 ?        00:00:05 tuned
system_u:system_r:sshd_t:s0-s0:c0.c1023 785 ?   00:00:00 sshd
system_u:system_r:syslogd_t:s0     787 ?        00:00:02 rsyslogd
system_u:system_r:postfix_master_t:s0 869 ?     00:00:00 master
system_u:system_r:postfix_qmgr_t:s0 871 ?       00:00:00 qmgr
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2053 ? 00:00:00 sshd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2057 pts/2 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2110 ? 00:00:00 sshd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2114 pts/3 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2134 pts/3 00:00:00 su
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2135 pts/3 00:00:00 bash
unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 2195 pts/3 00:00:00 passwd
system_u:system_r:httpd_t:s0      2295 ?        00:00:02 httpd
system_u:system_r:httpd_t:s0      2296 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0      2297 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0      2298 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0      2299 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0      2300 ?        00:00:00 httpd
system_u:system_r:kernel_t:s0     2540 ?        00:00:00 kworker/1:1
system_u:system_r:kernel_t:s0     2583 ?        00:00:00 kworker/0:0
system_u:system_r:postfix_pickup_t:s0 2590 ?    00:00:00 pickup
system_u:system_r:kernel_t:s0     2596 ?        00:00:00 kworker/0:1
system_u:system_r:kernel_t:s0     2613 ?        00:00:00 kworker/1:0
system_u:system_r:kernel_t:s0     2618 ?        00:00:00 kworker/0:2
system_u:system_r:kernel_t:s0     2632 ?        00:00:00 kworker/1:2
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2635 pts/2 00:00:00 ps

[root@centos72 ~]# ps --context
   PID CONTEXT                         COMMAND
  2057 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 -bash
  2640 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 ps --context

十七使用watch实用程序执行重复的输出以实现对就程进行实时的监视

如下面的命令显示每秒钟的监视：

watch -n 1 'ps -eo pid,ppid,cmd,%mem,%cpu    --sort=-%mem | head

Every 1.0s: ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem                          Sat May 18 16:06:57 2019

   PID   PPID CMD                         %MEM %CPU
   784      1 /usr/bin/python -Es /usr/sb  1.9  0.0
   787      1 /usr/sbin/rsyslogd -n        1.4  0.0
   539      1 /usr/lib/polkit-1/polkitd -  1.2  0.0
   544      1 /usr/sbin/NetworkManager --  0.9  0.0
     1      0 /usr/lib/systemd/systemd --  0.6  0.0
   388      1 /usr/lib/systemd/systemd-ud  0.6  0.0
   545      1 /usr/bin/VGAuthService -s    0.6  0.0
   546      1 /usr/bin/vmtoolsd            0.6  0.0
  2053    785 sshd: root@pts/2             0.5  0.0
  2110    785 sshd: root@pts/3             0.5  0.0
  2295      1 /usr/sbin/httpd -DFOREGROUN  0.5  0.0
   785      1 /usr/sbin/sshd -D            0.4  0.0
   871    869 qmgr -l -t unix -u           0.4  0.0
  2590    869 pickup -l -t unix -u         0.4  0.0
   357      1 /usr/lib/systemd/systemd-jo  0.3  0.0
  2296   2295 /usr/sbin/httpd -DFOREGROUN  0.3  0.0
  2297   2295 /usr

现在开启新的终端，创建文件消耗大量内存

[root@centos72 ~]# dd  if=/dev/zero   of=/dev/null   bs=1G

Every 1.0s: ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem                          Sat May 18 16:10:43 2019

   PID   PPID CMD                         %MEM %CPU
  2998   2114 dd if=/dev/zero of=/dev/nul 80.7  4.4
  3034   3033 ps -eo pid,ppid,cmd,%mem,%c  0.1  1.0
   546      1 /usr/bin/vmtoolsd            0.0  0.0
  2986   2057 watch -n 1 ps -eo pid,ppid,  0.0  0.0
  2057   2053 -bash                        0.0  0.0
   784      1 /usr/bin/python -Es /usr/sb  0.0  0.0
     1      0 /usr/lib/systemd/systemd --  0.0  0.0
   538      1 /usr/sbin/irqbalance --fore  0.0  0.0
  2114   2110 -bash                        0.0  0.0
  3033   2986 watch -n 1 ps -eo pid,ppid,  0.0  0.0
   540      1 /usr/bin/dbus-daemon --syst  0.0  0.0
  2295      1 /usr/sbin/httpd -DFOREGROUN  0.0  0.0
  2053    785 sshd: root@pts/2             0.0  0.0
  2987   2057 head                         0.0  0.0
   555      1 /usr/sbin/crond -n           0.0  0.0
   544      1 /usr/sbin/NetworkManager --  0.0  0.0
   548      1 /usr/lib/systemd/systemd-lo  0.0  0.0
  2110    785 sshd: root@pts/3     ger --  0.0  0.0
   785      1 /usr/sbin/sshd -D            0.0  0.0