Commands

Pstree Command on Linux with Examples

r00t

Pstree Command on Linux

In the world of Linux system administration and monitoring, understanding process relationships and their hierarchical structure is crucial for effective system management. The pstree command serves as a powerful visualization tool that displays running processes in a tree-like format, making it easier to understand parent-child relationships and process hierarchies. Unlike other process monitoring tools, pstree offers a unique perspective that can help troubleshoot issues, identify resource usage patterns, and better understand your system’s operation.

Understanding Linux Process Hierarchies

In Linux, processes form a hierarchical structure where each process (except the initial process) has a parent process that spawned it. This parent-child relationship creates a tree-like structure that begins with the root process.

The root process, typically identified as PID 1, is known as init in traditional Linux systems or systemd in modern distributions. This process is the first user-space process started by the kernel during the boot sequence. Every other process in the system is either directly or indirectly a child of this initial process.

Parent-Child Relationships

Understanding parent-child relationships is fundamental to Linux process management:

  • A parent process can spawn multiple child processes
  • Each child process has exactly one parent process
  • When a parent process terminates, its children are either adopted by the init/systemd process or terminated
  • Process IDs (PIDs) uniquely identify each process in the system
  • Child processes inherit certain attributes from their parent processes

This hierarchical organization allows the system to maintain control over all running processes. When visualizing these relationships, administrators can better understand how processes interact, identify dependency chains, and troubleshoot issues when processes misbehave.

Getting Started with Pstree

The pstree command is part of the psmisc package in most Linux distributions. Before using pstree, you might need to install it if it’s not already available on your system.

Installation

On Debian/Ubuntu systems:

sudo apt update && sudo apt install psmisc

On CentOS/RHEL systems:

sudo yum install psmisc

You can verify that pstree is installed correctly by checking its location:

which pstree

Which should return /usr/bin/pstree if the installation was successful.

Basic Syntax

The basic syntax for the pstree command is:

pstree [options] [pid or username]

Without any arguments, pstree displays the entire process tree starting from the init/systemd process. If you specify a PID, it shows the subtree starting from that process. If you specify a username, it shows all process trees owned by that user.

Basic Pstree Usage

When executed without any options, pstree provides a visual representation of all running processes in a hierarchical tree structure. This default output format is both intuitive and informative.

Default Output

Running the simple command:

pstree

Will produce output similar to:

systemd─┬─VGAuthService
        ├─accounts-daemon───2*[{accounts-daemon}]
        ├─atd
        ├─cron
        ├─dbus-daemon
        ├─login───bash
        ├─sshd───sshd───sshd───bash───pstree
        ├─systemd───(sd-pam)
        └─systemd-journal

The tree starts with the root process (systemd or init) and branches out to show all child processes. The lines and symbols indicate the parent-child relationships between processes.

Viewing Processes for a Specific User

To view processes owned by a specific user:

pstree username

This command displays only the process trees that belong to the specified user, making it easier to focus on relevant processes for that user.

Viewing a Subtree for a Specific Process

To view the process subtree starting from a specific PID:

pstree pid

This approach is particularly useful when investigating a specific application or service and its child processes.

Handling Large Outputs

Process trees can be extensive on busy systems. You can pipe the output to less for easier navigation:

pstree | less

This allows you to scroll through the output at your own pace, which is especially helpful on systems with numerous processes.

Pstree Output Formatting Options

Pstree offers various formatting options that enhance the readability and usefulness of its output. These options allow you to customize the display to suit your specific needs.

Displaying PIDs with Process Names

To show process IDs alongside process names:

pstree -p

This adds PIDs in parentheses next to each process name, which is extremely useful for identifying specific processes when you need to take action on them, such as terminating a process with the kill command.

Example output:

systemd(1)─┬─VGAuthService(567)
           ├─accounts-daemon(985)───{accounts-daemon}(988)
           ├─sshd(1175)───sshd(1943)───bash(1944)───pstree(2102)

Showing Command Line Arguments

To display command line arguments for each process:

pstree -a

This option expands the output to include the command line arguments used to start each process, providing additional context about how processes were initiated.

Expanding Identical Subtrees

By default, pstree compacts identical branches by putting them in square brackets with a repetition count. For example, four instances of getty might be displayed as 4*[getty]. To expand these identical subtrees:

pstree -c

This option forces pstree to display each process separately, which can be useful when you need to examine each instance individually.

Handling Long Lines

For processes with long names or many arguments, lines might be truncated. To prevent truncation:

pstree -l

This ensures that the full process information is displayed, wrapping as needed rather than truncating.

Using Different Character Sets for Tree Display

Pstree offers different drawing styles for the tree structure:

pstree -A  # ASCII characters
pstree -G  # VT100 line drawing characters
pstree -U  # UTF-8 (Unicode) line drawing characters

These options can improve readability depending on your terminal capabilities and preferences.

Process Identification and Filtering

Effective process management often requires filtering and identifying specific processes within the system. Pstree provides several options to help with these tasks.

Showing Process Group IDs (PGIDs)

To display Process Group IDs alongside process names:

pstree -g

This option adds PGIDs in parentheses after each process name. If both PIDs and PGIDs are displayed (using -p -g), PIDs are shown first.

Finding Specific Processes in Large Trees

For systems with numerous processes, you can combine pstree with grep to locate specific processes:

pstree | grep process_name

This filtering approach helps you quickly find the process of interest in a large output.

Showing UID Transitions

To display changes in user IDs across the process tree:

pstree -u

This option is particularly useful for security auditing, as it highlights where processes change their effective user ID, which might indicate privilege escalation or delegation.

Security Context Visualization

In systems with SELinux enabled, you can view security contexts of processes:

pstree -Z

This provides additional information about the security context of each process, which is valuable for security analysis and troubleshooting SELinux-related issues.

Advanced Visualization Features

Pstree includes several advanced visualization features that can enhance its utility for system administrators and power users.

Highlighting Current Process and Ancestors

To highlight the current process and its ancestors in the tree:

pstree -h

This visual emphasis helps trace the lineage of the current process, making it easier to understand its context in the overall system.

Highlighting Specific Processes

To highlight a specific process and its ancestors:

pstree -H PID

Replace PID with the actual process ID you want to highlight. This option is particularly useful when investigating a specific process’s relationship to the rest of the system.

Sorting Processes Numerically

By default, pstree sorts processes alphabetically. To sort them numerically by PID:

pstree -n

This ordering can be more intuitive when working with process IDs and helps track processes in the order they were created.

Color-coding Processes by Age

To visually distinguish processes based on their age:

pstree -C age

This option colors processes differently based on how long they’ve been running:

  • Green: processes newer than 60 seconds
  • Yellow: processes newer than an hour
  • Red: older processes

This visual differentiation can help identify newly spawned processes or long-running processes that might need attention.

Navigating Process Relationships

Understanding the relationships between processes is crucial for effective system administration. Pstree provides special options to help navigate these relationships.

Tracing Process Ancestry

To show the ancestors of a specific process:

pstree -s PID

This displays a direct path from the root process to the specified process, making it easier to understand the process’s lineage.

Example output:

systemd───sshd───sshd───bash───pstree

This ancestry trace is particularly valuable when troubleshooting issues related to process inheritance or when you need to understand how a specific process was spawned.

Finding Parent Processes

When dealing with potentially problematic processes, identifying their parent processes can help diagnose the root cause. Using the -s option with a specific PID allows you to trace back to the original parent.

Understanding Process Inheritance Patterns

By examining process trees, administrators can identify patterns in how processes are created and inherited. This knowledge can be valuable for optimizing application behavior and improving system performance.

Identifying Orphaned Processes

Orphaned processes (processes whose parent has terminated) can be identified in the process tree as they get adopted by the init/systemd process. Regular monitoring with pstree can help identify these situations.

Thread Management Visualization

Modern applications often utilize multiple threads to improve performance. Pstree provides options to visualize and manage thread relationships within processes.

Visualizing Threads

By default, pstree displays threads in curly braces. For example:

firefox─┬─{BgHangManager}
        ├─{Cache2 I/O}
        ├─{Compositor}
        └─{Gecko_IOThread}

This representation shows the main process (firefox) and its threads with descriptive names in curly braces.

Showing Thread Names

To display full thread names:

pstree -t

This option ensures that complete thread names are shown, which can be helpful for detailed analysis of thread activities.

Hiding Threads

If you’re more interested in the process structure than thread details:

pstree -T

This option hides threads entirely, showing only processes, which can simplify the output when thread information isn’t needed.

Understanding Thread Hierarchies

Threads operate within the same memory space as their parent process but can be scheduled independently. By examining thread structures with pstree, administrators can gain insights into how applications distribute work across multiple execution paths.

Troubleshooting with Pstree

Pstree is an invaluable tool for troubleshooting various system issues. Its visual representation of process relationships can help identify problems that might not be apparent with other monitoring tools.

Identifying Zombie Processes

Zombie processes (processes that have completed execution but still have an entry in the process table) can be identified in the pstree output. These processes are often indicated by the “defunct” label or Z state.

Finding Runaway Processes

When a system experiences high load, pstree can help identify which processes are spawning excessive children. Look for processes with unusually large numbers of child processes or threads, which might indicate a runaway process or memory leak.

Analyzing Daemon Processes

System daemons often have specific process structures. Using pstree to examine these structures can help verify that daemons are running correctly and with the expected child processes.

Application Startup Problems

When applications fail to start correctly, pstree can help determine if the issue is with the application itself or one of its child processes. By examining the process tree before and after attempted startup, you can identify differences that might point to the problem.

Resource Usage Analysis

While pstree doesn’t directly show resource usage, understanding process hierarchies can help correlate information from other tools like top or ps. For example, if a parent process has numerous resource-intensive children, addressing the parent might be more effective than targeting individual children.

Integration with Other Commands

Pstree works well with other Linux commands to create powerful process management workflows.

Combining Pstree with Grep

To filter pstree output for specific processes:

pstree | grep firefox

This combination allows you to focus on particular processes or process groups within a large tree.

Using Pstree with Kill

To terminate an entire process tree:

pstree -p | grep process_name

Identify the parent PID from the output, then use:

kill -9 parent_pid

This approach ensures that all child processes are terminated along with the parent.

Real-time Monitoring with Watch

For continuous monitoring of process trees:

watch -n 2 pstree

This command refreshes the pstree output every 2 seconds, allowing you to observe changes in the process hierarchy in near real-time.

Documentation and Reporting

To save process tree information for documentation or analysis:

pstree > process_tree.txt

This redirects the output to a file, which can be useful for system documentation, troubleshooting records, or comparing process states across different times.

Best Practices and Tips

To get the most out of pstree, consider these best practices and expert tips.

Optimizing for Different Scenarios

For general system overview:

pstree

For detailed process analysis:

pstree -p -a

For security auditing:

pstree -p -u -Z

For thread-heavy applications:

pstree -p -t

Reading Complex Process Trees

  • Start from the root and work your way down
  • Focus on processes with many children, as they often represent key system services
  • Look for patterns in how processes spawn children
  • Compare process trees across different system states (idle vs. under load)

Performance Considerations

Pstree is generally lightweight, but on systems with thousands of processes, consider:

  • Using grep to filter output for specific processes
  • Using -T to hide threads when not needed
  • Running pstree during lower system load periods for complex analysis
  • Redirecting output to a file for offline analysis

Common Pitfalls

  • Misinterpreting compacted notation (e.g., 4*[process])
  • Overlooking thread information in curly braces
  • Not considering process namespace differences on containerized systems
  • Assuming all processes with the same name are related

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button