HPE Community
Operating System - HP-UX
1822322 Members
5816 Online
109642 Solutions
New Discussion юеВ

What is zombie

 
Jason Tan
Advisor

тАО01-01-2003 05:19 PM

тАО01-01-2003 05:19 PM

What is zombie

when execute TOP utilities, what is the meaning of zombie? and why i already kill all the process of user i still can see the user login name inside w list, of course with no process attach.

What is the best recommendation for removing user entry when we know that the user is not use the login anymore?
smtan
0 Kudos
Reply
9 REPLIES 9
Michael Tully
Honored Contributor

тАО01-01-2003 05:39 PM

тАО01-01-2003 05:39 PM

Re: What is zombie

When a child process dies, its memory is returned to the OS, but its entry in the process table is not freed up. This lets the parent check the exit status of its child processes. Processes that have died but haven't been removed from the process table are zombies. Hope this explains what a zombie is.


From the TKB

PROBLEM
who shows logins but no PID after a PC that was connected crashed and existed
incorrectly.
RESOLUTION
The utmp file can be manipulated with the fwtmp command.

1.check the last modification time of the /etc/utmp file
ls -l /etc/utmp
-rw-r--r-- 1 root root 1620 Jun 28 09:22 /etc/utmp

2.convert the binary /etc/utmp file to ascii :
/usr/sbin/acct/fwtmp /tmp/utmp.ascii

3.edit the /tmp/utmp.ascii file to remove the old entries
Note : the entries are sorted by date, simply use the login time reported
by
who(1) to find the lines to remove.

4.convert the file back to binary format :
/usr/sbin/acct/fwtmp -ic /tmp/utmp.binary

5.verify that all unwanted entries have been removed from the new file :
who /tmp/utmp.binary

6.verify that the /etc/utmp file has not been modified since the beginning of
this procedure :
ls -l /etc/utmp
-rw-r--r-- 1 root root 1620 Jun 28 09:22 /etc/utmp
If the file has been updated do all the steps again.

7.replace the existing /etc/utmp file with the new one :
mv /tmp/utmp.binary /etc/utmp
Anyone for a Mutiny ?
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

тАО01-01-2003 05:41 PM

тАО01-01-2003 05:41 PM

Re: What is zombie

Zombie are all the dead or defunct process in the memory. Though the process is killed but they are waiting for some IO because the acknowledgement hasn't received they dont release they dont occupy any memory but the refrence(location) in memory is not removed and therefore they go into "zombie" state. The best and safe way to remove them is to reboot the system. That is the reason why i guess the systems should be rebooted on a scheduled basic.

For more details on zombie do a man on "ps" command.

Cheers
Rajeev
0 Kudos
Reply
Philip Chan_1
Respected Contributor

тАО01-01-2003 06:43 PM

тАО01-01-2003 06:43 PM

Re: What is zombie


I think you can kill off the zombie processes by stopping their parents too.
0 Kudos
Reply
Jason Tan
Advisor

тАО01-01-2003 06:50 PM

тАО01-01-2003 06:50 PM

Re: What is zombie

But what about the resource the user login hold, how can it be free up?
smtan
0 Kudos
Reply
Michael Tully
Honored Contributor

тАО01-01-2003 07:00 PM

тАО01-01-2003 07:00 PM

Re: What is zombie

Could you supply an example of what the user resource is?
Anyone for a Mutiny ?
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО01-01-2003 07:09 PM

тАО01-01-2003 07:09 PM

Re: What is zombie

As mentioned, a zombie is a process that is dead, occupies no memory or CPU time but because it not properly terminated (usually a parent process mistake), it shows up in the process table. You can safely ignore zombies unless there are significant numbers (dozens, hundreds) in which case you'll need to figure out why they exist and fix the parent's problems.

HP-UX doesn't really understand anything about a login. The login program puts an entry into utmp and wtmp and then starts a shell. This is what the user sees but otherwise, HP-UX is just running a program (the shell). If the user starts another program or replaces the shell with another program and that program is improperly aborted, a zombie might be created. Whether the user still has a shell process is about the only resource that might exist. Just use:

ps -u user_login

to see all the processes that the user has running. The lists of 'logged-in' users found with tools like last will show 'orphaned' logins but really, it is nothing more than a missing logout record caused by improper termination of the user's shell. As mentioned, you can edit wtmp and utmp but is basically a cosmetic issue.


Bill Hassell, sysadmin
0 Kudos
Reply
Sorrel G. Jakins
Valued Contributor

тАО01-02-2003 07:42 AM

тАО01-02-2003 07:42 AM

Re: What is zombie

Come to HPWorld and ask BigDog why zombie processes cannot be killed. He will very nicely explain that it is because they are already dead.
Then ask GlanceMan why they don't show up in GlancePlus. Ditto.
0 Kudos
Reply
harry d brown jr
Honored Contributor

тАО01-02-2003 07:44 AM

тАО01-02-2003 07:44 AM

Re: What is zombie

Sorrel,

And "I thought the Sargeant Major was a Lady" :-)

live free or die
harry
Live Free or Die
0 Kudos
Reply
Byron Myers
Trusted Contributor

тАО01-02-2003 09:55 AM

тАО01-02-2003 09:55 AM

Re: What is zombie

Phillip has the answer to the zombie question. A zombie is a child of some process that forked it. If you do a ps you can find the parent of the zombie. The parent process needs to call the "wait" function for its terminated children - often programmers misuse or do not use "wait", so zombies occur. You can clean up the zombies by killing their parent process(es). BTW, if a parent has children vi fork, and a root parent process dies, the init daemon adopts the children - so init becomes the children's parent. init routinly runs "wait" to clean up it's dead children - thereby preventing those children from becoming zombies.
If you can focus your eyes far and straight enough ahead of yourself, you can see the back of your head.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.