What are process and threads every sysadmin should know

Process :

A process represents a running program. It’s the abstraction through which memory, processor time, and I/O resources can be managed and monitored. A process at-least have one thread in it or it may be multiple threads.

Threads:

A thread is simply a set instructions which shares same memory space unlike differnt process which have different memory spaces.

Life cycle of a process :

When a new process is to be created, A process copies it self with a fork system call and creates copy of original process. A new process has different PID and its own accounting information.

fork has a unique property of returning two values. form child's point of view it gives 0. so now parent has child pid. Since two process are identical now they both examine return value to figure out which role they are supposed to play.

After fork, A child uses one of the exec family routine to start execution of new program. these calls change the program process is currently executing and resets memory segments to predefined initial sate

In Linux world init/systemd plays a very important role in process managements. when process exits it uses routine (name _exit) which tells kernel that it is about to die. It provides a exit code with description that why it is dying. zero(0) means successful termination of process.

Before process dies completely kernels needs that the child should inform this to its parent process. The parent gives wait call to kernel and it collects all information about its child's exit code.

But in case if parent dies before child, Kernel notices that no wait call is forthcoming. In this scenario kernel itself handles all child and orphan process by making init as parent which in turn gives wait call.

Process relation with threads :

A process can be suspended with stop signal and resumes till it gets CONT signal. This activity of being stoppable applies to process as well as every threads used by it.

Not all threads stopped a time. for example a thread has requested a set of data to kernel. So till time kernel figures out block in the disk, fetches data and gives to thread the thread remains in sleep mode whereas other threads continue to work as they are.

Sometimes a whole process seems to be sleeping. Thus it means that all of the threads belonging to that process are sleeping.

Interactive shells and system daemons spend most of the time sleeping as they are waiting for some interrupt to be happened from keyboard or some tasks needs to be initiated for them.

In sleep state they don't use any of the CPU time as well as i/o request.