Doesn't cope with this task.
Sometimes you need to manually terminate a process that is not responding. In most cases, this can be done using the Windows Task Manager, but sometimes it cannot cope with an application that has gotten out of control. I often encountered this when trying to terminate an Acronis process. In this situation, I usually use a more powerful tool - the taskkill command.
To use taskkill, you need to open a command prompt window. To do this, open the “Run” window from the “Start” menu or use the keyboard shortcut + [R] and enter “cmd” (without quotes) in the “Open” field (Fig. A).
Figure A: Open a Command Prompt window.
Using the taskkill command
The general command syntax is as follows:
Taskkill [OPTIONS] [PROCESS ID]
Of course, taskkill has a wide range of options available. I will list only the most useful of them:
/s COMPUTER, where COMPUTER is the IP or address of the remote computer. By default, the operation is performed on the local system. If this is what you are interested in, you don’t have to use this option.
/u DOMAIN\USER, where DOMAIN is the domain name and USER is the name of the user for whom you want to run the command. This option allows you to run taskkill with the rights of a specific account or domain.
/p- must be used in combination with the /u option to specify the password for the user account.
/fi- allows you to execute the taskkill command with certain filters.
/f- forcefully terminates the execution of the command.
/IM- allows you to use the application name instead of the process ID.
And of course, one of the most useful options is the switch for calling up help (Fig. B):
Taskkill/?
Figure B. Displays help information for the taskkill command when using the help switch.
Terminate a process by application name
The easiest way to terminate an out-of-control process is to use the taskkill command using the /IM option. It will look like this:
Taskkill /IM APPLICATION_NAME
Here APPLICATION_NAME is the name of the process that needs to be terminated. For example, if Outlook can't close, you can use the following command:
Taskkill /IM outlook.exe
Terminating a process by ID
If you don't know the process name, but you know its PID - for example, 572 - you can use the following command:
Taskkill /PID 572
End all processes for a specific account
There is also an option to end all processes for a specific account. This is especially true if you know for sure that the problem is related to a specific account, or if the user has already logged out and the processes he started have stopped responding. In this case, you can use the following command:
Taskkill /F /FI “USERNAME eq username”
Here username is the name of the account under which the unwanted processes are running. You must include the USERNAME option in the command to specify the appropriate user name.
Terminating processes on a remote computer
Another convenient feature is terminating processes remotely. Let's say you know for sure that the system is not responding due to a certain process (let's take Outlook as an example). In this case, you can use another computer and run the following command:
Taskkill /s IP ADDRESS /u DOMAIN\USER /IM Outlook.exe
Here IP ADDRESS is the address of the remote computer (you can also use the host name if the computers are able to recognize each other in this way), DOMAIN is the domain name (if required), and USER is the user name under which you logged into the remote computer.
Finally
The taskkill command is a very powerful and functional tool that can eliminate the need to force a computer restart. Skillful use of this command in combination with the Task Manager extends system uptime and even allows you to fight viruses, rootkits or Trojans.
Despite the fact that Linux is more stable than Windows in terms of the operation of programs and various services, anything can happen and sometimes it becomes necessary to terminate the Linux process. This may be necessary if the program crashed when you launched a system service in the background through the terminal rather than the initialization system, as well as in many other cases when it is easier to kill the Linux process by rebooting the entire system.
In this article, we will look at some of the most common ways to terminate a Linux process. We will describe in detail how the process is stopped and how to do everything correctly.
Processes in the Linux operating system are controlled using signals. Including the completion of any process. Signals are transmitted by the system, but they can also be transmitted by the user using special commands or even keyboard shortcuts in the terminal. When a process receives a signal to terminate, it must perform some preparatory steps.
It is necessary to terminate child processes, delete temporary files, sockets, and so on. But depending on the complexity of the situation, the process may not respond to all signals. Let's look at the main signals that are used to complete the process:
- SIGINT- the most harmless termination signal, means Interrupt. It is sent to the process launched from the terminal using the Ctrl+C keyboard shortcut. The process correctly completes all its actions and returns control;
- SIGQUIT - this is another signal that is sent, using a keyboard shortcut, to a program running in the terminal. It tells it to exit, and the program can terminate gracefully or ignore the signal. Unlike the previous one, it generates a memory dump. Keyboard shortcut Ctrl+/;
- SIGHUP- informs the process that the connection with the control terminal is broken, sent mainly by the system when the connection to the Internet is broken;
- SIGTERM- immediately terminates the process, but is processed by the program, so it allows it to terminate child processes and free all resources;
- SIGKILL- also immediately terminates the process, but, unlike the previous option, it is not transferred to the process itself, but is processed by the kernel. Therefore, resources and child processes remain running.
It is important to understand that you need to give the process the opportunity to complete correctly. It is advisable that ports and sockets are freed, temporary files are closed and temporary files are deleted. Therefore, never send SIGKILL straight away. Send termination signals in the sequence as listed above.
At first Ctrl+C, if possible, then SIGTERM - although it terminates the process, it does this culturally, and only as a last resort SIGKILL. Now let’s look at how to kill a process using pid Linux in practice. If you always use SIGKILL, then this picture comes to mind:
How to kill a Linux process?
The kill utility is used to signal processes in Linux. Its syntax is very simple:
$ kill - process pid signal
The signal is one of the above signals to complete the process. By default, if this parameter is not specified, the SIGTERM signal is used, which is very correct. We also need to indicate which process needs to be terminated. To do this, a unique process identifier - PID - is used.
Let's say we are running the ping utility. We want to terminate it using kill. Then, first we find out its identifier using the ps command:
ps aux | grep ping
The first line will display the ping utility itself, and the second line will display the ps program itself. We take the desired PID and terminate the process using SIGTERM:
kill -TERM 20446
And only if after this command the process continues to hang, and you can check this by running ps. Only now you can perform SIGKILL:
kill -KILL 20446
Now let's check again:
If the process is running as superuser, then naturally you need to use sudo. It is not always convenient to kill a process by its PID, at least because you still need to find out this PID. We could make complex constructs using xargs to automatically calculate the pid from the process name and terminate it immediately, but this is not necessary. Special utilities already exist.
How to kill a process using pkill
The pkill utility is a wrapper around kill, it behaves exactly the same and has the same syntax, only it needs to pass the process name as the process identifier. The utility scans the proc directory and finds the PID of the first process with that name, then sends a SIGTERM to it. This way you can kill the process called Linux. For example, if we want to complete the same ping:
You can also manually set the signal type:
pkill -TERM ping
Instead of ps, you can use the pgrep utility to find the pid of the process, making sure our program is completed:
But if the program has created several processes for you, for example, the chromium or firefox browser creates a separate process for each of the tabs, then this utility will be of little help. Here we need the next option.
How to stop a process using killall
killall works similarly to the two previous utilities. It also takes the process name as a parameter and looks for its PID in the /proc directory. But this utility will detect all processes with that name and terminate them. For example:
As you can see, several processes are running, all that remains is to stop the Linux process using killall:
The command will terminate all running ping utilities, you can verify this by running pgrep again:
conclusions
In this article, we looked at how to kill a Linux process. This task can be very rewarding at times, but it is important to understand that it needs to be done correctly. This is not to say that passing SIGKILL instead of SIGTERM is very dangerous, but it is not worth doing. I hope this information was useful to you.
Not often, of course, but sometimes you can encounter situations where, after closing a program in the Task Manager, the process responsible for its functioning does not end, or some additional (related) application services continue to work. In addition, the system may report that the user does not have enough rights to complete a certain process (access is denied). Why this happens and how to stop unnecessary or hanging programs, read the material below.
The process does not terminate in the Task Manager (access denied). Why?
To understand which solution to eliminate the problem that has arisen to use in each specific case, you first need to find out the reasons why they arise. Why doesn’t the process end in the “Task Manager” indicating a lack of access rights?
Indeed, sometimes this may be due to the fact that the user is not logged in as an administrator and is trying to terminate a critical system service or process started by another user. However, the inability to stop the operation of an application is mainly associated not even with system processes, but with programs that could be installed on the user’s computer spontaneously (viruses, advertising applets, etc.). Usually they are the ones that can block the shutdown. But dealing with such manifestations of behavior in both system and user programs or services can be quite simple.
Reboot the system
If a process does not end in the Task Manager, what should you do first? As a rule, ordinary users act quite simply. If for some reason the Windows 10 Task Manager does not terminate the process, they simply reboot the system. It is clear that a complete restart leads to a stop of all services. But what if after a reboot the process is activated again? But some processes launched along with the system cannot be tracked even in the standard startup section.
However, if the user is logged in not under the administrator account, but under his own account, as is already clear, you just need to change the user.
If you don’t want to constantly jump from one account to another, you can completely disable the administrator account by entering the command “net user Administrator active:no” (without quotes) in the command line. After this, all programs will start only with administrator rights (for some applications, even UAC security warnings, which are incredibly annoying to many users, will not be issued).
Terminating active processes via the command line
But the above actions may not always have a positive effect. What should you do if Task Manager does not terminate a process that is, say, overloading the central processor or using RAM too hard? In such a situation, the best tool available on Windows systems is the command console (cmd).
It must be run as an administrator (if the superuser account is not disabled), and then use the taskkill command (all information about additional attributes can be viewed by entering the line “taskkill /?”).
Of the entire list, we are most interested in the attributes “/F” and “/IM”, which are added after the main command. What does it look like? Let's assume that the Google Chrome process does not end in the Task Manager. The command to force stop the application will look like this: “taskkill /F /IM Chrome.exe” (again, without quotes). As is already clear, this solution is acceptable for executable program files. If you use the additional key “/T”, when you enter the main command to shut down the selected application, all child processes will automatically be terminated.
Stopping processes by specifying identifiers
If the process that was selected by the user does not end in this way in the Task Manager, for example, if the name of the executable file of a problematic program or service is entered incorrectly, the process can be stopped by specifying the identifier.
It can be viewed in the Task Manager itself, additionally activating the display of the column with the process ID. The main command in this case will take the following form: “taskkill /F PID 0000”, where 0000 is the process identifier defined in the “Task Manager”.
In principle, the problem associated with the fact that the Task Manager does not terminate the process of some program can be solved by following the advice of Microsoft specialists, which are published on the support page. The idea is to download a special archive from the website containing the PSTools toolkit, then unpack it to your hard drive and move the PsExec.exe file or the PsExec64.exe object, depending on the system architecture, to the root of the system partition (drive “C” ), and then through the command console run the command “c:\psexec -i -d -s taskmgr.exe” (without quotes). After this, in the “Task Manager” you will need to perform all the necessary actions related to stopping certain processes, then close the “Manager” and delete the source PsExec file from the system partition.
Note: It is recommended to use this method, even on the corporation’s website, only at your own peril and risk.
Using Process Explorer
It’s much easier to use a small application that is an alternative to Task Manager, but with advanced capabilities. The advantage of this program is that there is no need to install it on your hard drive, since the application is natively portable and runs from a single executable file. After starting the program, it is enough to select the desired incomplete process or even an entire tree of processes with child applets by selecting the Kill Process or Kill Process Tree commands from the RMB menu.
In addition to “killing” unnecessary processes and tasks, this utility also provides additional information. So, for example, if this is required, you can quite simply find out which program is running a particular process.
Unblocking access to process files
Finally, if it is impossible to terminate certain processes only because access to the file responsible for it is blocked, it may very well be possible to correct the situation by using the Unlocker utility.
First, as is already clear, access to the original file is restored (you can find it directly in the “Task Manager” by selecting view file location from the RMB menu), and then the process is completed in the usual way.
Problems of viral exposure
Viruses, unfortunately, can also limit access to stopping processes and services. And this is not always directly related to the virus applets themselves. If such a situation occurs, it is first recommended to check the system with some portable antivirus, and if it is impossible to neutralize threats, turn to the Kaspersky Rescue Disk program, with which you can boot even before the system starts from removable media, and then perform a deep scan, which includes even RAM itself.
Brief summary
That, in fact, is all that concerns the forced termination of processes in the “Task Manager”. As for the best tool, the alternative manager Process Explorer seems to be the simplest. If you don’t have such a program at hand, the command line will do. The only condition for executing all the above commands is to start the console itself with administrator rights.
Besides directly telling a program to run in the background, there is another way to force a process into the background. To do this you need to do the following:
start the process to run in the foreground;
stop process execution;
continue the process in the background.
To execute the program, enter its name on the command line and run it. To stop the execution of the program, you must press the following key combination on the keyboard -
/home/student# yes > /dev/null
Stopped yes >/dev/null
A command prompt has been received. In order to put a process into the background, you need to run the following command:
Moreover, it is not necessary to do this immediately after stopping the process; the main thing is to correctly indicate the number of the stopped process.
In order to return a process from the background to the foreground, just run the following command:
In the event that it is necessary to transfer a program to the background or, conversely, to the foreground immediately after stopping the process, you can execute the corresponding program without specifying the number of the stopped process.
There is a big difference between a background process and a stopped process. A stopped process is not running and does not consume process resources, but it does occupy RAM or swap space. In the background, the process continues to run.
To pause a background process, you must move the process to the foreground and then stop it.
Terminating a process
There are several options for terminating a process.
Option one. If the process is interactive, as a rule, it is written in the documentation or directly on the screen how to correctly terminate the program.
Option two. In the event that it is not indicated how to terminate the current process (not background), then you can use the keyboard shortcut
Option three and the most effective. If it was not possible to terminate the process using the above methods - for example, the program froze or the terminal crashed - you can use the following commands to end the process: kill, killall.
The kill command can take both a process number and a process identification number (PID) as an argument. So the command is:
/home/student# kill 123 is equivalent to the command:
/home/student# kill %1
You can see that you don't need to use "%" when you refer to a job by its process identification number (PID).
Using the killall command, you can kill multiple processes at once that have the same name. For example, the killall mc command will kill all mc programs running as that user.
In order to terminate a process, the user must be its owner. The root user can kill any process on the operating system.
This passage discusses process control commands. You will learn how to freeze processes, unfreeze them, send them to the background, change priority, view running processes and brutally kill them. The concept of signals is introduced. Commands covered include bg, fg, jobs, kill, nohup, nice, renice, ps and top.
About the authors
Daniel Robbins
Daniel Robbins is the founder of the Gentoo community and creator of the Gentoo Linux operating system. Daniel resides in New Mexico with his wife Mary and two energetic daughters. He is also the founder and CEO of Funtoo, and has written numerous technical articles for IBM developerWorks, Intel Developer Services, and C/C++ Users Journal.
Chris Houser
Chris Houser has been a UNIX advocate since 1994, when he joined the administrative team at Taylor University (Indiana, USA), where he received a bachelor's degree in computer science and mathematics. He has since worked in a variety of areas, including web applications, video editing, UNIX drivers, and cryptographic security. Currently working at Sentry Data Systems. Chris has also contributed to many free projects, such as Gentoo Linux and Clojure, and co-authored the book The Joy of Clojure.
Aron Griffis
Aaron Griffis lives in the Boston area, where he has spent the last decade working at Hewlett-Packard on projects such as UNIX network drivers for Tru64, Linux security certification, Xen and KVM virtualization, and most recently the HP ePrint platform. When he's not programming, Aaron likes to think about programming problems while riding his bike, juggling bats, or cheering on the Boston Red Sox professional baseball team.
Loading...
