0

my server free memoney is less and less, And many process COMMAND are"sudo" when use top and enter M.

I don't understand root user need to use "sudo". I want to know the way these processes are generated ? Can I kill ?

Tasks: 185 total,   1 running, 184 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:   3967848k total,  3484196k used,   483652k free,   218532k buffers
Swap:  4112376k total,        0k used,  4112376k free,  2932864k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND            
22219 mysql     20   0  582m  67m 5492 S  0.0  1.7   0:01.75 mysqld             
22337 daemon    20   0  327m  31m 3440 S  0.0  0.8   0:01.58 httpd              
22252 daemon    20   0  321m  26m 3416 S  0.0  0.7   0:01.25 httpd              
22263 daemon    20   0  319m  23m 3396 S  0.0  0.6   0:00.71 httpd              
22253 daemon    20   0  310m  18m 3444 S  0.0  0.5   0:00.69 httpd              
22251 root      20   0 28392  12m 3640 S  0.0  0.3   0:00.09 httpd              
 2422 root      20   0  9192 3608 2184 S  0.0  0.1   0:00.32 ssh                
13613 root      20   0 38220 3572 1044 S  0.0  0.1   0:22.31 rsyslogd           
 2423 root      20   0 11556 3420 2692 S  0.0  0.1   0:00.11 sshd               
22570 root      20   0 11716 3408 2676 S  0.0  0.1   0:00.08 sshd               
 3351 root      20   0 10384 2540 2000 S  0.0  0.1   0:00.06 sudo               
30870 root      20   0 10384 2528 2000 S  0.0  0.1   0:00.06 sudo               
14356 dkim-mil  20   0 49664 2444 1468 S  0.0  0.1   0:03.91 dkim-filter        
 2085 root      20   0 10376 2344 1824 S  0.0  0.1   0:00.00 sudo               
 7741 root      20   0 10376 2344 1824 S  0.0  0.1   0:00.00 sudo               
29838 root      20   0 10376 2344 1824 S  0.0  0.1   0:00.00 sudo               
 2006 root      20   0 10376 2340 1824 S  0.0  0.1   0:00.00 sudo               
29747 root      20   0 10376 2340 1824 S  0.0  0.1   0:00.00 sudo               
30602 root      20   0 10376 2340 1824 S  0.0  0.1   0:00.00 sudo               
30935 root      20   0 10376 2340 1824 S  0.0  0.1   0:00.00 sudo               
 2259 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo               
 2503 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo               
 2515 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo               
 7718 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo               
 7745 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo               
29845 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo               
30172 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo               
30352 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo               
30548 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo               
30598 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo               
30897 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo               
30899 root      20   0 10376 2336 1824 S  0.0  0.1   0:00.00 sudo
joaner
  • 103
  • 2
  • 1
    Can you press the `c` key while running `top` and check the output. Or run `ps -ef`. The data you show doesn't give enough information. – Sander Steffann Oct 20 '13 at 19:59

2 Answers2

1

You need to determine what is generating them, and what they are, and then you might be able to tell whether you can kill them, or preferably disable them from happening in the first place if it isn't required.

Use the ps command. ps -ef will show you the parent process ID of the processes, which might help identify what's causing the processes. It will also show you the STIME, which is when the process was started, which might help identify what is the cause. ps -ef f will show the process hierarchy, which may also help identify what is the source of the command.

Look at the cron logs. /var/log/cron on RHEL based systems may show you jobs that are being run at times coincident with the commands.

ps auxwwe may give you insight into the environment that the commands are coming from, which might point you towards the source.

strace -fp <PID> might also help, if you need to see what the command is doing at a system call level. Perhaps it's stalling on some breakage that needs fixing.

Joshua Miller
  • 1,378
  • 2
  • 11
  • 14
0

They run as root now because sudo has transitioned the original user to root.

Get the starting time of the process by (for example) doing ps -o lstart 29845 and cross check the start time with the sudo log for it in the security log.

Oh and your free memory is still pretty good. The cached and buffers value can be discounted when checking real memory usage by applications.

Matthew Ife
  • 23,357
  • 3
  • 55
  • 72