101 - Practice - Linux & Networking

101 - Practice - Linux & Networking

By At June 22, 2025 0

1. Key Concepts

👶 Child Process

A child process is created by a parent process using fork() or similar system calls.

Example:

 

pid_t pid = fork();
if (pid == 0) {
    // child
} else {
    // parent
}


🧟 Zombie Process

A zombie process is a child that has terminated, but its parent hasn’t read its exit status via wait() or waitpid().

  • It still has a PID and entry in the process table.

  • Shows up as <defunct> in ps.

👻 Orphan Process

An orphan process is a child whose parent has exited before the child. It is adopted by init (PID 1) or systemd.

🔧 2. Essential Linux Commands

Command

Purpose

ps -ef

Show all processes

ps -eo pid,ppid,stat,cmd

Show child/parent relationships

pstree

Tree of processes

top / htop

Monitor live process usage

strace -p <pid>

Trace system calls of a process

lsof -p <pid>

List open files by a process

kill -9 <pid>

Force kill a process

wait <pid>

Wait for child to finish

cat /proc/<pid>/status

Inspect process status

🧠 3. 20 FAANG-Level Debugging Scenarios

🔸 Process Relationships & Lifecycle

  1. How can you confirm if a process has become a zombie?

Use:

 ps -eo pid,ppid,stat,cmd | grep Z


  1. How can you identify if a process is an orphan?

Check if the parent PID is 1:


ps -eo pid,ppid,cmd | awk '$2==1'


  1. Simulate a zombie process in C and verify via shell.

C code:


#include <stdlib.h>
#include <unistd.h>

int main() {
    if (fork() == 0) {
        exit(0); // Child exits
    } else {
        sleep(100); // Parent doesn't wait
    }
}


Shell:


ps aux | grep defunct


  1. How can you reparent an orphaned process?

Let the parent exit before the child:

 setsid ./long_running_child.sh


  1. What does the STAT column in ps output mean for zombies?

    • Z = zombie

🔸 Monitoring & Debugging Tools

Trace a running process to monitor its system calls.

 strace -p <pid>


How do you detect file descriptors leakage in child processes?


lsof -p <pid>

  1. How can you monitor orphan/zombie processes over time?

            watch "ps -eo pid,ppid,stat,cmd | egrep 'Z|^[0-9]+ +1 '"

  1. Check if a parent process is cleaning up zombies.

Use:

 ps -eo pid,ppid,stat,cmd


  1. Forcefully kill a zombie process.

  • You can't. You must kill its parent or let it wait().

🔸 Advanced Debugging Scenarios

  1. You observe many <defunct> processes in production. What could be the cause?

    • Parent not handling SIGCHLD or not calling wait().

  2. Why do orphan processes not create resource issues like zombies?

    • Because init or systemd reaps them properly.

Write a shell script that checks for zombie processes and alerts.


#!/bin/bash
ZOMBIES=$(ps -eo stat,ppid | grep -w Z | wc -l)
if [ "$ZOMBIES" -gt 0 ]; then
    echo "Zombie processes detected: $ZOMBIES"
fi


  2. A child exits immediately but ps still shows it—why?

    • It’s a zombie; parent hasn’t reaped it.

  3. How do you make sure zombies are cleaned in C?

Use:


signal(SIGCHLD, SIG_IGN); // Auto-reaps children


🔸 System Design + Debugging

  1. How do large-scale daemons prevent zombie processes?

    • Use SIGCHLD handler + waitpid(-1, ...)

  2. During a fork bomb attack, what behavior do you expect in the process tree?

    • Many zombie/defunct or orphaned processes. System will slow.

  3. How does systemd handle orphaned processes differently than init?

    • It tracks child services and can impose cgroups-level resource limits.

  4. What issue occurs if you fork but never exec or wait?

    • Memory usage spikes; system can hit PID limits (e.g. 32768).

  5. Design a resilient background service that doesn't leave zombie children.

    • Use fork() with waitpid() + double-fork + SIGCHLD handling.

🧪 Bonus: Create Zombie and Orphan Processes for Practice

# Create Zombie
bash -c 'sleep 100 & echo $! > child.pid; exit'

# Create Orphan
bash -c 'setsid bash -c "sleep 100"'




Distributed by Gooyaabi Templates | Designed by OddThemes