對於Linux的系統管理者來說肯定要看懂ps aux指令，如果你想成為一個Linux系統管理者，
或是你是一個Linux的使用者，都應該都要看的懂這個指令
ps就是process status的簡稱，系統上跑了什麼樣的程式，狀態如何執行的身份是誰都可以透過這個指令查出來。
看到一些不該出現的程式，可能系統被入侵，被來挖礦了🥹

以下是我用Synology Nas上跑ps aux的示意畫面

root     32617  0.0  0.0 622580 15148 ?        Sl    2022   1:55 synoccc_had
devin    32650  0.0  0.0      0     0 ?        Z    00:32   0:00 [sshd] <defunct>
devin    32651  0.0  0.0      0     0 ?        Zs   00:32   0:00 [sftp-server] <defunct>
root     24567  0.0  0.0 208784  5360 ?        S    12:33   0:00 sshd: devin@pts/1
devin    24568  0.0  0.0  26592  4352 pts/1    Ss+  12:33   0:00 -sh
root     19003  0.0  0.0   5552  2560 ?        SLs  Jan05   0:00 /bin/vmtouch -l /usr/syno/bin/synoschedtask /usr/syno/bin/synoschedtool /usr/syno/bin/s
root     29468  0.2  0.1 786436 56680 ?        Ssl   2022  35:16 /var/packages/Virtualization/target/bin/synocccd
Synolog+ 24662  0.0  0.0  23712  5772 ?        Ss    2022   1:43 /var/packages/SynologyApplicationService/target/daemon/pgbouncer -q /var/packages/Synol
root     25856  0.0  0.0 402676 16932 ?        SNs   2022   0:00 /var/packages/VideoStation/target/sbin/synovideoindexd
root     25869  0.0  0.0 701852 13204 ?        Ssl   2022   2:25 /var/packages/VideoStation/target/sbin/synovpcd
root     25891  0.0  0.0 318144 14212 ?        SNs   2022   0:00 /var/packages/VideoStation/target/sbin/synovideoconversiond
vmcomm   29515  0.0  0.0  37156   392 ?        Ss    2022   3:40 /var/packages/Virtualization/target/bin/synohostsvcd
root     29611  0.0  0.2 436700 76716 ?        S<Ls  2022   6:43 /var/packages/Virtualization/target/bin/synohostcmdd

本文便是我研究關於ps狀態的相關資料提供給需要的人參考看看囉:

S    interruptible sleep (waiting for an event to complete)
      S 可中斷睡眠（等待事件完成）

D    uninterruptible sleep (usually IO)
       D 不間斷睡眠（通常是IO）

+    is in the foreground process group
      + 在前台進程組中

完整的process狀態碼，man page中找到
PROCESS STATE CODES
      Here are the different values that the s, stat and state output specifiers (header "STAT" or "S") will display to describe the state of a process:

              D    uninterruptible sleep (usually IO)
              I    Idle kernel thread
              R    running or runnable (on run queue)
              S    interruptible sleep (waiting for an event to complete)
              T    stopped by job control signal
              t    stopped by debugger during the tracing
              W    paging (not valid since the 2.6.xx kernel)
              X    dead (should never be seen)
              Z    defunct ("zombie") process, terminated but not reaped by its parent

      For BSD formats and when the stat keyword is used, additional characters may be displayed:

              <    high-priority (not nice to other users)
              N    low-priority (nice to other users)
              L    has pages locked into memory (for real-time and custom IO)
              s    is a session leader
              l    is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
              +    is in the foreground process group