# What are all these process?



## balanga (Feb 20, 2018)

I was surprised, when I looked, as to how many processes were running and have no idea what most of them are for, or even if they are necessary.

Can I remove any of them?

`ps -aux`

```
USER       PID  %CPU %MEM   VSZ  RSS TT  STAT STARTED     TIME COMMAND
root        11 399.4  0.0     0   32  -  RL   11:08   12:25.74 [idle]
root         0   0.0  0.0     0  168  -  DLs  11:08    0:00.02 [kernel]
root         1   0.0  0.0  5156  868  -  ILs  11:08    0:00.01 /sbin/init --
root         2   0.0  0.0     0    8  -  DL   11:08    0:00.00 [crypto]
root         3   0.0  0.0     0    8  -  DL   11:08    0:00.00 [crypto returns]
root         4   0.0  0.0     0   16  -  DL   11:08    0:00.02 [cam]
root         5   0.0  0.0     0    8  -  DL   11:08    0:00.00 [soaiod1]
root         6   0.0  0.0     0    8  -  DL   11:08    0:00.00 [soaiod2]
root         7   0.0  0.0     0    8  -  DL   11:08    0:00.00 [soaiod3]
root         8   0.0  0.0     0    8  -  DL   11:08    0:00.00 [soaiod4]
root         9   0.0  0.0     0    8  -  DL   11:08    0:00.00 [sctp_iterator]
root        10   0.0  0.0     0    8  -  DL   11:08    0:00.00 [audit]
root        12   0.0  0.0     0  184  -  WL   11:08    0:03.90 [intr]
root        13   0.0  0.0     0   24  -  DL   11:08    0:00.02 [geom]
root        14   0.0  0.0     0   80  -  DL   11:08    0:00.58 [usb]
root        15   0.0  0.0     0    8  -  DL   11:08    0:00.02 [rand_harvestq]
root        16   0.0  0.0     0    8  -  DL   11:08    0:00.01 [acpi_thermal]
root        17   0.0  0.0     0    8  -  DL   11:08    0:00.00 [enc_daemon0]
root        18   0.0  0.0     0   24  -  DL   11:08    0:00.00 [pagedaemon]
root        19   0.0  0.0     0    8  -  DL   11:08    0:00.00 [vmdaemon]
root        20   0.0  0.0     0    8  -  DL   11:08    0:00.00 [pagezero]
root        21   0.0  0.0     0    8  -  DL   11:08    0:00.00 [bufdaemon]
root        22   0.0  0.0     0    8  -  DL   11:08    0:00.00 [bufspacedaemon]
root        23   0.0  0.0     0    8  -  DL   11:08    0:00.01 [syncer]
root        24   0.0  0.0     0    8  -  DL   11:08    0:00.00 [vnlru]
root       324   0.0  0.0     0   32  -  DL   11:08    0:00.00 [ng_queue]
root       381   0.0  0.1  6080 1948  -  Is   11:08    0:00.00 dhclient: em0 [priv] (dhclient)
_dhcp      443   0.0  0.1  6080 2016  -  Is   11:08    0:00.00 dhclient: em0 (dhclient)
root       444   0.0  0.1  7300 3860  -  Ss   11:08    0:00.03 /sbin/devd
unbound    487   0.0  0.2 15196 7628  -  Is   11:08    0:00.25 /usr/sbin/unbound -c /var/unbound/unbound.conf
root       518   0.0  0.0     0    8  -  DL   11:08    0:00.00 [smbiod0]
root       520   0.0  0.0     0    8  -  DL   11:08    0:00.00 [smbiod1]
root       616   0.0  0.1  5976 1872  -  Ss   11:08    0:00.03 /usr/sbin/syslogd -s
messagebus 717   0.0  0.1  6720 2668  -  Is   11:08    0:00.00 /usr/local/bin/dbus-daemon --system
root       752   0.0  0.2 10816 5616  -  Is   11:08    0:00.00 /usr/sbin/sshd
root       755   0.0  0.1  8736 4816  -  Ss   11:08    0:00.01 sendmail: accepting connections (sendmail)
smmsp      758   0.0  0.1  8736 4656  -  Is   11:08    0:00.00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail)
root       762   0.0  0.1  6008 1944  -  Is   11:08    0:00.01 /usr/sbin/cron -s
root       779   0.0  0.1  6128 1852  -  Is   11:08    0:00.00 /usr/sbin/moused -p /dev/psm0 -t auto
root       854   0.0  0.1  8368 4316  -  Ss   11:09    0:00.01 ppp -ddial internet
root       831   0.0  0.0  5960 1744 v0  Is+  11:09    0:00.02 /usr/libexec/getty Pc ttyv0
root       832   0.0  0.1  6488 2340 v1  Is   11:09    0:00.03 login [pam] (login)
root       839   0.0  0.1  6796 3868 v1  I    11:09    0:00.06 -csh (csh)
root       843   0.0  0.2 14008 8744 v1  S+   11:09    0:00.38 mc
root       833   0.0  0.1  6488 2348 v2  Is   11:09    0:00.03 login [pam] (login)
root       841   0.0  0.1  6796 3868 v2  I+   11:09    0:00.06 -csh (csh)
root       834   0.0  0.0  5960 1744 v3  Is+  11:09    0:00.02 /usr/libexec/getty Pc ttyv3
root       835   0.0  0.0  5960 1744 v4  Is+  11:09    0:00.00 /usr/libexec/getty Pc ttyv4
root       836   0.0  0.0  5960 1744 v5  Is+  11:09    0:00.01 /usr/libexec/getty Pc ttyv5
root       837   0.0  0.0  5960 1744 v6  Is+  11:09    0:00.00 /usr/libexec/getty Pc ttyv6
root       838   0.0  0.0  5960 1744 v7  Is+  11:09    0:00.01 /usr/libexec/getty Pc ttyv7
root       844   0.0  0.1  6796 3880  0  Ss   11:09    0:00.06 /bin/csh
root       871   0.0  0.1  6380 2176  0  R+   11:11    0:00.00 ps -aux
```


----------



## drhowarddrfine (Feb 20, 2018)

As a mod on Stack Overflow, I can't help myself. 

Can you please change your title to something more helpful and descriptive.


----------



## ShelLuser (Feb 20, 2018)

balanga said:


> I was surprised, when I looked, as to how many processes were running and have no idea what most of them are for, or even if they are necessary.
> 
> Can I remove any of them?


Why would you want to do that? Is there a problem you're trying to solve, because, well... I don't think this is the right way.

Most of what you're seeing here are processes within the kernel. So to get rid of those would basically boil down to rebuilding your kernel and removing certain features. Which, depending on the feature in question, might not be the best of ideas.

If it isn't broke, don't try to fix it 

PS:  I think the original title was better. Maybe not very descriptive but it did cover exactly what you were asking about. Now you're asking for something which hardly anyone would want to answer. I'm not going to explain all those processes for example


----------



## giahung1997 (Feb 20, 2018)

I think you've never run this command on Linux. It's even more than that


----------



## MarcoB (Feb 20, 2018)

Looks fine to me.


----------



## Maxnix (Feb 20, 2018)

All processes name between  square brackets are system processes, so nothing you would (and should) remove. IMHO, the only undesidered process there, is dbus!


----------



## SirDice (Feb 20, 2018)

Well, 'idle' is not really a process. It's just not doing anything. But yes, everything in the square brackets are kernel processes. A few of the more obvious ones: cryptodev(4), geom(4), cam(4), usb(4) and syncer(4). Less obvious ones: aio(4), vnlru, virtual memory system.


----------



## vermaden (Feb 21, 2018)

> unbound


You can disable it if You want.



> dbus-daemon


You can disable and/or uninstall it.



> sendmail


You can disable it, after disabling it remember to manually (by `cron`) clean the `/var/spool/clientmqueue` directory.



> getty


You can limit number of consoles here:

```
% grep ttyv /etc/ttys
ttyv0   "/usr/libexec/getty Pc"         xterm   on  secure
ttyv1   "/usr/libexec/getty Pc"         xterm   on  secure
ttyv2   "/usr/libexec/getty Pc"         xterm   on  secure
ttyv3   "/usr/libexec/getty Pc"         xterm   on  secure
ttyv4   "/usr/libexec/getty Pc"         xterm   off secure
ttyv5   "/usr/libexec/getty Pc"         xterm   off secure
ttyv6   "/usr/libexec/getty Pc"         xterm   off secure
ttyv7   "/usr/libexec/getty Pc"         xterm   off secure
ttyv8   "/usr/local/bin/xdm -nodaemon"  xterm   off secure
```

You can also disable `syslog`, `cron`, `ppp` or `sshd` but You probably do not want that


----------



## ralphbsz (Feb 21, 2018)

Others have talked about kernel processes, which are in square brackets.

User processes: The easiest way to figure out what they are is to use man: Just try "man syslogd", and it will explain what that program does.  After reading that, you'll probably know why it exists, and what it is necessary.

In general, having a very large number of processes is really not a problem.  They may use a little memory, but surprisingly little, in particular since today the code pages and the shared libraries are shared (pun was unintended, but works out surprisingly well).  Modern OSes with their large amount of memory can handle a very large number of processes and threads efficiently.  The real limitation is the human sys admin doing "ps aux", and having a nervous breakdown when he sees the length of the list.



balanga said:


> Can I remove any of them?




NO.  SORRY FOR SHOUTING.

If you find that some are unnecessary, then don't start that service, or uninstall that software, or configure it to use fewer processes.  In general, processes exist because there is a need for them.  Do this after you have figured out what they do, so you can be sure that living without them is a good idea.

Do not kill them!  That is likely to have unintended consequence.

True story: In a previous life, I was a developer on some very high-end and expensive software.  One of our customers got upset about some processes running that he thought were not needed, and "kill -9"ed them.  Which promptly caused the system to go into a tailspin.  About an hour later, my phone at home rang, and I had several experts from our support team calling, wondering what the heck was going on.  So I called the customer sys administrator boss myself, and asked what was going on.  He said that he was annoyed by all these processes, and had asked on of his admins to kill them.  So I first chewed him out, and explained that killing these processes will bring our system down to its knees, since it is waiting for the result of the processes, and if they fail, it restarts them repeatedly.  Then I got off the phone, and called the CIO of the customer, and told him in very clear language that as long as his staff is deliberately sabotaging our software product, they will not receive support, and this was a piece of software that is very mission critical for them (meaning several large data centers would go down).  Trust me, that problem was solved pretty quickly, and that guy never did it again.

Moral of the story: (a) Stop worrying about it.  (b) Make yourself smart about what these processes are for.  (c) Leave them alone.  Old saying: To manage a computer you need to hire a man and a dog.  The man is there to feed the dog.  The dog is there to bite the man if the tries to touch the computer.


----------



## Eric A. Borisch (Feb 21, 2018)

Don’t kill/stop/disable unbound without first reconfiguring /etc/resolve.conf to point to a nameserver and not (what it is likely pointing to) your local unbound instance (127.0.0.1). (Or you’ll lose name resolution.)


----------



## Deleted member 30996 (Feb 21, 2018)

That's not what I show for `$ grep ttyv /etc/ttys`:


```
$ grep ttyv /etc/ttys
ttyv0   "/usr/libexec/getty Pc"         xterm   on  insecure
ttyv1   "/usr/libexec/getty Pc"         xterm   on  insecure
ttyv2   "/usr/libexec/getty Pc"         xterm   on  insecure
ttyv3   "/usr/libexec/getty Pc"         xterm   on  insecure
ttyv4   "/usr/libexec/getty Pc"         xterm   on  insecure
ttyv5   "/usr/libexec/getty Pc"         xterm   on  insecure
ttyv6   "/usr/libexec/getty Pc"         xterm   on  insecure
ttyv7   "/usr/libexec/getty Pc"         xterm   on  insecure
ttyv8   "/usr/local/bin/xdm -nodaemon"  xterm   off insecure
```
All the consoles in /etc/ttys are marked as "insecure" on my machines and the way I've always thought they were supposed to be for security purposes.


----------



## Eric A. Borisch (Feb 21, 2018)

Certainly `secure` is the default: https://svnweb.freebsd.org/base/head/etc/etc.amd64/ttys?revision=289634&view=markup


----------



## Deleted member 30996 (Feb 21, 2018)

Yes, I change them all by hand. This is what I'm referring to in /etc/ttys:


```
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
```


----------



## SirDice (Feb 21, 2018)

Yes, but it refers to this:

```
console none                            unknown off secure
```
Not the other ttys, those aren't even active in single user mode.


----------



## Deleted member 30996 (Feb 21, 2018)

Thanks. 

At least that one's marked that way, too.


----------

