What is a zombie?

A zombie process is simply a process that has exited but its parent has not yet read the processes exit code. Since the process has exited it does not have any open files or uses any memory in fact the only resources it is using is a entry in the task list. So in most Linux systems will mean that it is using around 4k-8k of memory.

Until the parent process reads the exit code the zombie will exist. Typically this points to a software bug in the parent process or an issue that caused the child (which is now the zombie) to exit unexpectedly. Which would also point to a bug or issue in the program. In either case the parent process should have actually dealt with the error an acted on it to read the exit status of the process which will clean up the zombie process and allow it to exit.

Why is there any issue?

Since the program isn't really using any resources it really doesn't cause any issues. However if you have a lot of zombie's being generated inside a system due to a bug in the software it will cause an issue because it is still running as a process and sooner or later you will hit the limit of the maximum number of processes permitted to run in the system. If this limit is reached you will not be able to start any more processes. This means you won't be able to run commands from the command line any more.

Why does kill now work on the zombie process?

Kill simply does not work on a zombie process since it is in fact already "dead"

How to kill it?

Since the issue really exists in the parent process the solution is to remove the parent process either by killing it or shutting it down. This will cause the child "zombie" processes to get a new parent process which will be the parent of the parent.

If you are working in a complex system you may need to kill several parent process in order to eliminate the zombies until the zombies get a parent process that will read the exit code from the processes which will cause the zombie process to be remove.

Hint: if you use the command "ps axfu" the "f" in the argument list will print the output as a tree which will make finding the parent somewhat simpler.

This is a short guide to get ssh to work on debian. So this should also work with some other linux varients like ubuntu. It can be a very useful tool to be able to access your home directory from a 2nd linux machine or from your raspberry pi. I have been using it so that you can run your normal powerful code editors which the raspberry pi does not have enough resources to run them fast enough.

To Install / Setup

sudo apt-get install sshfs 

sudo addgroup $USER fuse

Note: You don't need to add your self to the fuse ground. But it is required if you want to be able to mount / umount the filesystem without root permissions.

To Use

mkdir Raspberry

sshfs <username>@<ip address>:/home/<username>/Raspberry  -o uid=1001,gid=1002 Raspberry

Note: in the above you should change the uid and gid to your user id and group id. You can look thoose up in the /etc/passwd and /etc/group files on the machine that you are mounting the remote filesystem on.

To unmount

fusermount -u /home/james/Raspberry/

Another useful tip is that it will also work with ssh key authentication so that you do not even require a password or so that you can have it configured to automount on boot using the crontab.

A quick guide on how to copy group member ship in linux to another user. Which can be useful when setting up new users on a linux machine to make sure that users. It is also a way to find out what groups a user is a member of.

Part 1 - Get a list of groups

To get a list of groups as user is a member of can be done by reading the /etc/group file and doing a little bit of processing. This can be done using the following command.

grep -E "(:|,)<username>(:,|$)" /etc/group|cut -f1 -d:

The complex expression above is built to match specific username in each line of the file. Of which there is 3 different cases ":<username>"  ",<username>,"  ",<username>". So we search for the specific username beginning with a ":" or a "," and also ending in a "," or a "$" which is a newline. Then it cuts on the first field using ":" as a separator.

This will output  a list of group that "<username>" is a member of

Part 2 - Add another user to the same list of groups

Since we know that addgroup can be used to add a user to a group by doing "addgroup <username> <groupname>" then we can expand the above to add a username to each group in the list like this

for i in `grep -E "(:|,)<username>(:,|$)" /etc/group|cut -f1 -d:` ; do

  addgroup <newuser> $i

done

This will then make sure that the user <newuser> is a member of all the same groups that <username> is.

You should take care using the above as you may give somebody access well beyond what you thought you might have by giving them access to additional groups.

Getting ssh key authorization to work in linux

Client Side

On that machine that is acting as the ssh client you should run the following command to generate a public / private key pair. It will prompt you for the location of a file to be stored the default should be acceptable unless you already have another key generated.

ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/<username>/.ssh/id_rsa):

Created directory '/home/<username>/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/<username>/.ssh/id_rsa.

Your public key has been saved in /home/<username>/.ssh/id_rsa.pub.

The key fingerprint is:

5b:78:75:c2:58:0e:ff:89:c7:8c:0f:38:64:c0:e2:6b username@raspberrypi

The key's randomart image is:

You need to keep the private key private as this is what is going to effectively be your password. It doesn't matter if somebody see's the public key. It is setup this way so you can be granted access to a machine without ever having to exchange a password over the wire. As an example you could email the public key to another admin who already has access to the machine to install the key.

Server Side

On the machine that is acting as the ssh server you will need to copy the public key string that will have been generated on the client side in location "/home/<username>/.ssh/id_rsa.pub".

Once you add this to the file "/home/<username>/.ssh/authorized_keys" that the ssh authentication should work. If you are using multiple private keys and have a long list of authorization keys on the server it can be wise to comment which keys are from where. This is so that if there is an issue with a "privacy" of a key you know which one to remove at a later time.

Now that ssh works you can login to the machine by using ssh <username>@address. The username part can be omitted if the username on the destination host is the same as the current machine you are working at. As an added bonus it also will mean that scp will work if it is enabled on the server.

If you are tired of typing your password all the time and want to be able to sudo without using a password you can modify the sudo configuration so that you can always execute a command as root without a password.

Method 1 - For a single user

Edit the /etc/sudoers configuration file.

Add a line like this replacing the <username> with the correct user of course

<username> ALL=(ALL) NOPASSWORD: ALL

Method 2 - For multiple users

Create a new group on the system eg sudo or sudoers nu using the following command

groupadd <groupname>

Then add the usernames you want it to work for by using the following command

addgroup <usernames> <groupname>

Edit the /etc/sudoers configuration file and add the group to not use a password.

%<groupname> ALL=(ALL) NOPASSWORD: ALL

The above should work on debian and should only be used for trusted users as you have just given them root access without a password so some care should be taken!