I don’t understand the zombie process in Linux. Can someone explain this please? Thanks

Server Administration ForumI don’t understand the zombie process in Linux. Can someone explain this please? Thanks
DiamakaCake asked 2 weeks ago PPU : 5

1 Answers
MaCrush answered 2 weeks ago

Understanding the zombie process in Linux.

Like a zombie, this type of process is a process that is dead but still actively occupying space (or still oppressing the living in the case of movie or game zombies).

Technically explained, a zombie process on Linux is a process that has finished running but still has an open entry. This open entry usually happens to child processes whose parent processes haven’t read and approved their exit.

Moreover, only faulty programs or poorly programmed parent processes create zombie processes.

Since you asked about zombie processes, I will answer this question and also give you more related information. I’ll explain how to view zombie processes in your system, the effect that zombie processes have on your Linux, and how to prevent zombie processes from occurring.

But before that, I’ll explain what processes mean and how they work in Linux.


A Linux process is a program that is currently running. A process is very different from a program because a program includes lines of codes and instruction sitting in the memory without performing any task. Therefore a program becomes a process only when it begins executing.

Processes are created when an existing process (a parent process) creates a duplicate of itself. Mind you, a parent process and its child only share the same environment, and sometimes some similar tasks, but they have different process IDs.

In Linux, a process can be created using the system() function or the fork() and exec() functions.

Meanwhile, processes are created in the Linux kernel and they need resources to function. Some of the resources that are allotted to them include CPU time, memory space, among others.

Furthermore, processes can be majorly divided into two; the foreground processes and the background processes. Foreground processes are those processes that were started by a Linux user; in order words, they are non-automatic processes. On the other hand, background processes are automatic processes that don’t need user input to start.

Going back to zombie processes; after a process has been executed, it leaves behind its descriptor (this usually occupies very small memory space).


A well-programmed Linux system will send an alert to the parent of this zombie process on the status of its child process. This, it does, using the SIGCHLD signal.

When this is done, the parent uses the wait() call to read its child status (exit status). After which the descriptor (the zombie process) exits the system’s memory. This whole process happens in seconds so you mightn’t notice it.

However, in a case where either the system doesn’t alert the parent on the status of its child process or if the parent doesn’t react to this alert, then the zombie process remains in the system’s memory.


No matter the amount of humanity that is left in a zombie (in movies and games), it doesn’t change the fact that it remains a zombie. This means that it will get hungry, and try to eat anything that has blood flowing in its veins.

Relatably, the zombie process causes some damages to your Linux system no matter the amount of memory space that they occupy (which is usually very small).

Linux issues a limited number of process IDs to processes, and since the zombie processes tend to retain their process IDs until they are fully removed, this could cause a problem. Therefore, if your system doesn’t get rid of its zombie processes, these processes could horde process IDs. Which will, in turn, prevent other important processes from launching.


I will like to remind you that zombie processes won’t cause much damage to your system if they are small-scaled. But if you feel that they are much and would like to clean them up, then this is what you need to do.

Since the accumulation of zombie processes can be caused either by a faulty system program or a faulty parent program, then its cleaning process is divided into two.

ALERT THE PARENT PROCESS: you can use the “kill” command to help your system to alert the parent process on the status of their child process. This is to say that on behalf of your system’s program, you are sending the SIGCHLD signal to the parent process.

But before you do this, you have to know the particular parent process that owns the child process (now zombie process,) that you want to remove. You can use this code to do that:

"$ ps –o ppid = "

When you know which parent process to alert, you can go ahead to use the code below to alert the parent.

"kill –s SIGCHLD (where pid is the parent’s process ID)"

KILL THE PARENT PROCESS: if the zombie process accumulation is the fault of a poorly programmed parent process, then you have to kill the parent process.

You can do this with this code:

"$ kill -9 "

Next, you have to assign a parent process to that zombie process, this is the only way you can kill the zombie process. You can make init the parent of the zombie process.

NB: init is the number one program in a Linux system, manufacturers’ installed, and it is assigned the process ID number one, that is PID 1. If you don’t find the init in your system, then that might be because it has been replaced by the system initialization process (as is seen in newer Linux distributions).

Init will read and approve the exit status of those zombie processes.


You can do this by asking your system not to store or keep a record of zombie processes. The following line of code will help you:


There, that’s all you need to know about zombie processes on Linux.