You can control the order in which the data is returned by using the --sort parameter. This takes either a + or a - (although the + is default) followed by the field by which you want to sort: command, %cpu, pid, and user are all popular options. If you use the minus sign, the results are reversed. This next command lists all processes, in descending order by CPU use:
$ ps aux --sort=-%cpu
There are many other parameters for ps, including a huge number of options for compatibility with other UNIXes. If you have the time to read the man page, you should give it a try!
Deleting Files and Directories with rm
The rm command has only one parameter of interest: --preserve-root. By now, you should know that issuing rm -rf / as root will destroy your Linux installation because -r means recursive and -f means
$ rm -rf /home/paul
That command deletes the home directory of the user paul. This is not an uncommon command; after you have removed a user and backed up her data, you will probably want to issue something similar. However, if you add an accidental space between the / and the h in home, you get this:
$ rm -rf / home/paul
This time the command means 'delete everything recursively from / and then delete home/paul' — quite a different result! You can stop this from happening by using the -- preserve-root parameter, which stops you from catastrophe with this message:
rm: it is dangerous to operate recursively on `/'
rm: use --no-preserve-root to override this failsafe.
Of course, no one wants to keep typing --preserve-root each time he runs rm, so you should add this line to the .bashrc file in your home directory:
alias rm='rm --preserve-root'
That alias automatically adds --preserve-root to all calls to rm in future bash sessions.
Printing the Last Lines of a File with tail
If you want to watch a log file as it is written to, or want to monitor a user's actions as they are occurring, you need to be able to track log files as they change. In these situations, you need the tail command, which prints the last few lines of a file and updates as new lines are added. This command tells tail to print the last few lines of /var/log/httpd/access_log, the Apache hit log:
$ tail /var/log/httpd/access_log
To get tail to remain running and update as the file changes, add the -f parameter (which means 'follow'):
$ tail -f /var/log/httpd/access_log
You can tie the lifespan of a tail call to follow the existence of a process by specifying the --pid parameter. When you do this, tail continues to follow the file you asked for until it sees that the process (identified by PID) is no longer running, at which point tail stops tailing.
If you specify multiple files on the command line, tail follows both, printing file headers whenever the input source changes. Press Ctrl+C to terminate tail when in follow mode.
Printing Resource Usage with top
The top command is unusual in this list because the few parameters it takes are rarely, if ever, used. Instead, it has a number of commands you can use while it is running to customize the information it shows you. To get the most from these instructions, open two terminal windows. In the first, run the program yes and leave it running; in the second, switch to root, and run top.
The default sort order in top shows the most CPU-intensive tasks first. The first command there should be the yes process you just launched from the other terminal, but there should be many others, too. First, you want to filter out all the other users and focus on the user running yes. To do this, press u and enter the username you used when you ran yes. When you press Enter, top filters out processes not being run by that user.
The next step is to kill the process ID of the yes command, so you need to understand what each of the important fields means:
> PID — The process ID
> User — The owner of the process
> PR — Priority
> NI — Niceness
> Virt — Virtual image size in kilobytes
> Res — Resident size in kilobytes
> Shr — Shared memory size in kilobytes
> S — Status
> %CPU — CPU use
> %Mem — Memory use
> Time+ — CPU time
> Command — The command being run
Several of these fields are unimportant unless you have a specific problem. The ones we are interested in are PID, User, Niceness, %CPU, %MEM, Time+, and Command. The Niceness of a process is how much time the CPU allocates to it compared to everything else on the system: 19 is the lowest, and -19 is the highest.
With the columns explained, you should be able to find the process ID of the errant yes command launched earlier; it is usually the first number below PID. Now type k, enter that process ID, and press Enter. You are prompted for a signal number (the manner in which you want the process killed), with 15 provided as the default. Signal 15 (also known as SIGTERM, for 'terminate') is a polite way of asking a process to shut down, and all processes that are not wildly out of control should respond to it. Give top a few seconds to update itself, and the yes command should be gone. If not, you need to be more forceful: type k again, enter the PID, and press Enter. When prompted for a signal to send, enter 9 and press Enter to send SIGKILL, which means 'terminate whether you like it or not.'
You can choose the fields to display by pressing f. A new screen appears that lists all possible fields, along with the letter you need to press to toggle their visibility. Selected fields are marked with an
