Wednesday, 28 May 2014

How to kill defunct process


Defunct processes are corrupted processes that can no longer communicate between the parent and child one. Sometimes, they become “zombies” and remain in your system until you reboot your machine. You can try to apply “kill -9″ command, but most of the time you’ll be out of luck.
In order to kill theses defunct processes, you have two choices:

 1. Reboot your computer
  2. Continue reading…

First, let’s find out if the system contains defunct process:
$ ps -A | grep defunct
Assume your output is as the following:

8328 ? 00:00:00 mono <defunct>
8522 ? 00:00:01 mono <defunct>
13132 ? 00:00:00 mono <defunct>
25822 ? 00:00:00 ruby <defunct>
28383 ? 00:00:00 ruby <defunct>

18803 ? 00:00:00 ruby <defunct>


This means you have 6 defunct processes: 3 of mono, and 3 of ruby. These processes exists because of poorly written application or unusual action taken by the user, in my case there must be some serious problem with the program I wrote in mono C# :-)
Now, let’s find the ID of the process and its parent’s:

$ ps -ef | grep defunct | more

The output from the above command:
UID PID PPID ...
---------------------------------------------------------------


kenno 8328 6757 0 Mar22 ? 00:00:00 [mono] <defunct>
kenno 8522 6757 0 Mar22 ? 00:00:01 [mono] <defunct>
kenno 13132 6757 0 Mar23 ? 00:00:00 [mono] <defunct>
kenno 25822 25808 0 Mar27 ? 00:00:00 [ruby] <defunct>
kenno 28383 28366 0 Mar27 ? 00:00:00 [ruby] <defunct>
kenno 18803 18320 0 Apr02 ? 00:00:00 [ruby] <defunct>

UID: User ID
PID: Process ID
PPID: Parent Process ID

If you try to kill the process with ID 8328 with the command “kill -9 8328″, it may not work. To properly kill it, you need to execute the kill command on its parent whose ID is 6757 ($kill -9 6757). Continue applying the kill command on all the PPID, and verify your result ($ps -A | grep defunct).
If the previous command display no result, well done, otherwise you may need to reboot your system.

Sunday, 18 May 2014

List files modified in the last hour - find command


Use find to list files modified within the last hour:


$ find . -mtime -1

  • the . is the search path
  • -mtime time parameter
  • -1 list files modified in the last 24 hours


Other Settings

  • -amin when the file was accessed in minutes
  • -atime when the file was accessed in days
  • -cmin when the file was created in minutes
  • -ctime when the file was created in days
  • -mmin when the file was modified in minutes

Numerical parameters:

-mtime -0.5

  • -1 the last 24 hours
  • -0.5 the last 12 hours
  • -0.25 the last 6 hours
  • +3 more than three days