Do not use kill -9

Original author: Jeremy Mates
  • Transfer
The -9 argument (or KILL) for a command killshould only be used on POSIX-compatible systems if absolutely necessary. Why? The signal KILLcannot be processed by the process. This means that after completing the process with kill -9, the child processes will remain in memory and become orphaned, the file system will become clogged with temporary files, the shared memory segments will be active, the sockets will hang, and the atexit (3) function will not will be executed. As a result, there is a risk of unexpected and difficult to debug problems.

Instead, use the default signal TERM, and KILL- only if less problematic signals are ineffective: If even the signal

$ kill 6738
$ kill -INT 6738
$ kill -HUP 6738
$ kill -KILL 6738

KILLunable to complete the process, this means that the process most likely hangs during an I / O operation or is in some other incomplete state. You may need to reboot or force unmount a buggy network drive.

Use kill -KILLby default is acceptable when working with a problematic application, for example, older versions of Netscape often ended only with a signal KILL. However, this is a rare exception to the rule: use KILLfor these well-known applications and only for them.

Process completion issues


Serial sending of different signals can cause the following problems: firstly, the process may take seconds, or even tens of seconds, to complete correctly. One product that I had to use took more than 30 seconds to complete correctly after receiving the signal TERM. Fortunately, this feature was discovered during testing, so a suitable script was written for this case. Secondly, sometimes there are situations when the old process is completed, while the new process takes its ID in the interval between signals TERMandKILL. Particularly at risk are systems with increased process flow and systems where the kernel assigns PIDs randomly, for example, OpenBSD. Checking the process name or its PPID does not always help, since a new process can be a fork of the same parent and have the same name, so especially paranoid scripts can also check the process creation time or other metadata before sending a signal. Perhaps these situations rarely occur, but they should be reckoned with if you have to deal with a critical process.

Process End Signals


Process completion signals can be indicated by name or serial number: kill -1and are kill -HUPequivalent. However, using a signal name is safer, since specifying -1 is easy to seal by sending a signal to another process or even a group of processes. Also, always try to use the name in scripts, as this will help you better understand what type of signal is sent to someone who will read your code.

The signal HUP“hangs up” the shell, so this is a good way to clear the shell that is hanging waiting for input, or close the SSH session.

More detailed information on process termination signals is provided in the kill (1) man pages , and the command kill -lwill list the signals supported by the operating system. kill (2)describes system calls in detail. For more information, see the books The Design and Implementation of the 4.4 BSD Operating System or UNIX Internals: The New Frontiers .

Also popular now: