Now that we know that processes run, how can we go about finding processes?  There must be some way to find a particular process… like if I want to find every process that has the letter a in the name. Or if I want to find every process that has a name like ‘insight’ because I’m sure Hydra is running something on my system and I want to know what it is.  Or if I want to know every process that’s being run by a user with the name hydra.

You get the idea.  I want to find processes!

To do this, we’re going to combine two commands.  The first is ps, that useful command that lists the processes.  The second is that useful command grep that we used to find things in files.

ps auxw shows you every single process that’s currently running on a system.  On a system that’s very very busy, this can be a lot.  There’s 65536 processes allowed at any time, so combing through those looking for hydra (or Hydra or hYdRa) would take too long.  I’m lazy!  I want the system to do it for me!

From this post we know that grep has an option where it ignores case.  This means it can find hydra, Hydra, HYdra, HyDrA, or… I’m stopping that now.  It means you can find any combination of the 5 letters hydra no matter what capitals you use.

Now that we have those two commands, we’re going to combine them.  Remember this post on pipes?  We can take the output from one command, ps and pipe it through to the other command, grep.

Alpha:~ computerlamp$ ps auwx | grep -i hydra

Nothing was found from that command.  Hurray!  No Hydra user on the system!

…unless they’re hiding themselves.  Alexander Pierce didn’t have a username of Hydra.  He was hiding and probably had a user name of apierce or alexander or alexander.pierce or even supersecretary.  But not something we could actually look for in ps.

Remember ps a from this post? It showed what processes you were running in a single terminal.  If you want to see every single process you were running, no matter what terminal, then this combination of ps and grep  would work for you!

Alpha:~ computerlamp$ ps auwx | grep -i computerlamp

Finding processes is easy with that combination of ps and grep!

In honor of New Year’s Day, today we’re going to talk about more silly commands.

The first one is called yes

Alpha:~ computerlamp$ yes
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y

And it keeps going and going and going! It’s the Energizer Bunny of commands!

To stop it, hit control-C.  That’ll stop the Bunny, er, Y from streaming on your terminal.

So what’s this command for? Other than to fill your screen up with more y’s than should be legal. Well, remember from this post the xargs command? Some commands insist you sit there and type y over and over and over before they’ll finish. This command lets you do:

Alpha:~ computerlamp$ yes | xargs annoying_command

So you can be lazy and not type it over and over and… did I mention over? Then when that command finishes, your yes command will exit.

Linux® has lots of silly commands.  Another one has no redeeming feature at all. Aside from pure amusement. It’s called fortune.

Alpha:~ computerlamp$ fortune
Long life is in store for you.
Alpha:~ computerlamp$ fortune
Q:    What do you say to a New Yorker with a job?
A:    Big Mac, fries and a Coke, please!
Alpha:~ computerlamp$ fortune
So she went into the garden to cut a cabbage leaf to make an apple pie;
and at the same time a great she-bear, coming up the street pops its head
into the shop. "What! no soap?" So he died, and she very imprudently
married the barber; and there were present the Picninnies, and the Grand
Panjandrum himself, with the little round button at top, and they all
fell to playing the game of catch as catch can, till the gunpowder ran
out at the heels of their boots.
        -- Samuel Foote
Alpha:~ computerlamp$ fortune
You may worry about your hair-do today, but tomorrow much peanut butter will
be sold.

It even has a man page. You can type man fortune and see the flags it has too.

For example, if you only want short fortunes, then you could do:

Alpha:~ computerlamp$  fortune -s
How apt the poor are to be proud.
		-- William Shakespeare, "Twelfth-Night"

If you’re only interested in long fortunes, then you would do:

Alpha:~ computerlamp$  fortune -l
At once it struck me what quality went to form a man of achievement,
especially in literature, and which Shakespeare possessed so enormously
-- I mean negative capability, that is, when a man is capable of being
in uncertainties, mysteries, doubts, without any irritable reaching
after fact and reason.
		-- John Keats

The fortune command pulls it’s sayings from many different files. If you want to know what file the fortune came from, you would do:

Alpha:~ computerlamp$  fortune -c
(riddles)
%
Q:	How do you play religious roulette?
A:	You stand around in a circle and blaspheme and see who gets
	struck by lightning first.

As you can see, not all of the fortunes are polite.

So there you have it. Two silly commands found in Linux®.

Last post we introduced ps, this post we’ll talk about ps and flags. So, brief recap:

Alpha:~ computerlamp$ ps
  PID TTY          TIME CMD
17245 pts/2    00:00:00 bash
17248 pts/2    00:00:00 ps

Tada! ps with no flags.

Let’s start with a simple flag, x. In the first example, we saw every command that has a tty, or a direct connection to a terminal. That’s the default action of ps. What if we want to see every thing even if it doesn’t have a terminal?

Alpha:~ computerlamp$ ps x
12779 pts/2    R+     0:00 ps x
17245 pts/2    Ss     0:00 -bash

Well, that isn’t any different from the first time around, except now I see that I ran ps with a flag.

But wait, something is weird here. Since we started talking about flags, they’ve always started with a – aka a dash or a hyphen. That time, I didn’t use one. ps is an interesting command, it has three kinds of flags you can use. From the man page:

      This version of ps accepts several kinds of options:
       1   UNIX options, which may be grouped and must be preceded by a dash.
       2   BSD options, which may be grouped and must not be used with a dash.
       3   GNU long options, which are preceded by two dashes.

This means that there are flags that begin with a dash, flag that don’t begin with a dash and flags that have two dashes. If you use the kind without a dash then you can’t use the kind with a dash. It also means that ps -a and ps a are two different commands. See?

Alpha:~ computerlamp$ ps -a
  PID TTY          TIME CMD
12825 pts/2    00:00:00 ps
Alpha:~ computerlamp$ ps a
  PID TTY      STAT   TIME COMMAND
12832 pts/2    R+     0:00 ps a
13451 pts/2    Ss     0:00 -bash

And isn’t that confusing? It feels like Dr. Strange wandered in and the world went weird.

Next post, we’ll talk about processes again.  Understanding processes is key to understanding ps.

In one of my first posts I talked about this thing called a process. It happens when you run any program on a Linux® system, you create a process. If these things are running, how do I see them? Well, Linux&reg keeps them a table called a process table. We can see them with the command ps. You run it like:

Alpha:~ computerlamp$ ps

The output is kind of boring. It looks like:

  PID TTY          TIME CMD
17245 pts/2    00:00:00 bash
17248 pts/2    00:00:00 ps

It is just the processes that I’m currently running. bash is a shell and that is a program that gives me my command lines. We’ve been using it all along. There’s many kinds of shells, bash is one of the most common. It stands for Bourne Again Shell and was called that because it was a written as a replacement for a Bourne Shell. Wikipedia says it was first released in 1989. It’s been around a long time and it’s the standard command line interface on most Linux® systems.

The second command is the ps that we ran to get that command. If we had used any flags with ps, we would see those too.

The first column is the process id. Remember, Linux® understands numbers better than strings, so every process gets a number. It uses that id to refer to the process.

The second column is the tty. That stands for teletypewriter, a very very old device. According to Wikipedia it’s a typewriter that can be used to send messages to another typewriter. How’s that for very old school? Linux® took that history and made a tty mean terminal or output device. It’s the output device that that command is hooked up to.

ps is a command with many flags. Many MANY flags. We’ll talk about those in more posts.

In a break from common Linux command line tools, I’m going to show you a silly command that exists in Linux® called touch. It’s silly in that it looks ridiculous to begin with but someone created it for a reason.

touch means you’re going to touch a file or directory.   It is often used to create empty new files, like this:

Alpha:~ computerlamp$ touch Avengers

If you ls, you’ll see a file named Avengers in the current directory. Now try the command cat on Avengers.

Alpha:~ computerlamp$ cat Avengers

Hey, nothing there! You created a file with nothing in it. Not a single Avenger to be found in the Avengers file. Not even a Hawkeye or a Black Widow.  This means that if you need a new file, you cause this command to create it just like you can use echo.  Unlike touch, echo actually puts words into the file.

There’s nothing stopping you from touching a file that already exists.

Alpha:~ computerlamp$ touch Avengers

Run ls again and nothing has changed. You can also try find and you won’t see anything different.  it doesn’t look like my command did anything.

So why did I touch it? I touched it for some reason, something must have changed, I just need to find out what.  It turns out there’s another flag to ls that will let me see the changes I made

Try this, run ls with the -l flag. It looks like:

Alpha:~ computerlamp$  ls -l
total 0
-rw-r--r--  1 computerlamp  staff  0 Nov 12 11:33 Avengers

See that date in there? That’s the date the of the last time the file was modified. Every time you touch a file, that gets updated. Try it a few times and see. touch was made so it’s easy to change that time. The 0 before the Nov in the date is the size of the file in bytes. The other things we’ll discuss in the next post.

The pipe command in this post didn’t work with every command, so now we’re going to fix those pipes. Remember that the pipe takes the standard out from one command and turns it into standard in for another and how that doesn’t always work with every command. One command it doesn’t work with is rm. Let’s start by making a file.

Alpha:~ computerlamp$ echo "Mario Rocks!" > Nintendo

Now we’re going to use find to remove it. I know that’s kind of silly, but hey, we need to be able to try these things out. Here’s the command to use find and rmove it:

Alpha:~ computerlamp$ find . -name 'Nintendo' | rm

What we get back is an error telling us how rm works:

Alpha:~ computerlamp$ find Nintendo | rm
usage: rm [-f | -i] [-dPRrvW] file ...
       unlink file

This looks like I can’t use find with rm and a pipe.

Wait, this is Linux, there’s another way around this, I can fix those pipes! It’s the command xargs. It takes the output from one command and turns it into the command line string for another. This is for those commands that don’t read input from standard in, like ls does.

It works like:

Alpha:~ computerlamp$ find . -name 'Nintendo' | xargs rm

See where I stuck that xargs? Try it and the error we saw before has gone away! I fixed those pipes!

But wait, isn’t this a different way of doing what the -exec flag to find did that we saw in this post? Well, yes it is. It’s also a more efficient way of doing things.

The -exec flag works on each individual file. When it finds something, it carefully removes it then goes back to looking. Using xargs lets us group the files together and remove them all at once. This is actually must faster than using the -exec flag with find.

So when Mario jumped into a pipe he’d come out in a different area. Well, technically it’s a sewer pipe, but close enough. He’d go out one area and into the other.

Linux® has pipes too. They take the results out from one command and put them in to another. It’s not a sewer pipe, so you don’t have to worry about figuring how to make a pipe on the command line. It’s the | character. It kind of looks like a pipe… ish. It isn’t hollow, but it’ll do.

So what can we do with it? Well, let’s start with something simple. Suppose when I run ls in a directory I get waaaaaay too many files to look at.  It’s just pages and pages of results.  Rather than trying to read all those lines scrolling by, I can pipe the results from ls into more

Alpha:~ computerlamp$ ls | more

I could also pipe the results through less:

Alpha:~ computerlamp$ ls | less

For silliness, I can pipe the command echo through less:

Alpha:~ computerlamp$ echo "Mario Rocks" | less

Now if you don’t give a command after the pipe, things just hang around.

Alpha:~ computerlamp$ echo "Mario Rocks" |

The command line is waiting for me to give another command to pipe the results of that echo in to. I can either type another command or hit control-C to exit that. That’s holding down the control key and then hitting C. It’s a common way to interrupt things on Linux®.

If you remember way back from post on Linux® and Files, we talked about standard file types. What technically is happening with a | is that the first command writes to standard out and that is written to the standard in of the second command through the pipe. This means that in order for it to work, the second command has to take input from standard in. Not every command does this. We’ll talk about how to fix that next time.