What is PID? | DevOps Dictionary

What Is a PID in Simple Terms

Every process needs an address — a way to refer to it. When you want to stop nginx, you need to tell the kernel "stop that specific nginx process, not all nginx processes." PID is that address: a number that uniquely identifies a running process.

PID 1 is special. It is the first process the kernel starts after booting. On all modern Linux systems, PID 1 is systemd. Every other process on the system is a direct or indirect child of PID 1.

PID assignment and the process tree:

◈ DIAGRAM

Kernel boots
     |
     v
PID 1 (systemd) -- always the root
     |
     +-- PID 892 (sshd)
     |       |
     |       +-- PID 1203 (bash) -- your SSH session
     |
     +-- PID 1100 (nginx master)
     |       +-- PID 1101 (nginx worker)
     |       +-- PID 1102 (nginx worker)
     |
     +-- PID 1350 (node payment-service)
 
PIDs are sequential but recycled after processes end.
PID 1 is always systemd. Everything else is its descendant.

How It Works

When a new process is created with fork(), the kernel assigns the next available PID from a counter. PIDs wrap around when they reach the maximum (typically 32768 on 32-bit systems, 4194304 on modern 64-bit systems). This means PID numbers do reuse — a PID you saw yesterday may belong to a completely different process today.

◈ DIAGRAM

Kernel boots
     |
     v
PID 1 created (systemd)
     |
     v
systemd starts services
     |
     v
PID 2, 3, 4... assigned as processes are created
     |
     v
Old PIDs recycled when processes end
     |
     v
Kernel maintains: PID -> process_descriptor mapping

Why PID 1 is special:

TEXT

PID 1 (systemd) responsibilities:
 
1. Starts all other services at boot
2. Is the parent of orphaned processes
   When a parent dies, orphaned children are reparented to PID 1
   systemd then reaps (waits for) them to prevent zombies
3. Cannot be killed with SIGKILL
   Kill PID 1 = kernel panic or reboot
4. Manages all system services via unit files

PIDs in containers:

This is where PIDs get interesting for DevOps engineers. Inside a Docker container, the main process is PID 1 of the container's PID namespace — even though from the host it might be PID 8234.

Bash

## Inside a container
docker exec -it mycontainer ps aux
## PID  USER  COMMAND
##   1  app   node server.js   <- PID 1 inside container
##  12  app   node worker.js
 
## From the host
ps aux | grep 'node server.js'
## app  8234  node server.js   <- actual host PID is 8234

This is PID namespace isolation — one of the core mechanisms that makes containers feel like isolated systems.

Practical Commands

Bash

## Find PID of a running process
pidof nginx
## 1100 1101 1102  (master + workers)
 
pgrep nginx
## 1100
 
pgrep -a nginx
## 1100 nginx: master process
## 1101 nginx: worker process
 
## Show PID tree
pstree -p
 
## Get PID of current shell
echo $$
 
## Get PID of last background command
command &
echo $!
 
## Find PID and kill in one step
pkill nginx           ## kill all nginx processes by name
killall nginx         ## same effect
 
## Read PID from a pid file (common for daemons)
cat /var/run/nginx.pid
## 1100
kill -HUP $(cat /var/run/nginx.pid)  ## reload nginx config
 
## Check max PID on this system
cat /proc/sys/kernel/pid_max
## 4194304
 
## Check process info for a specific PID
ls /proc/1100/        ## all process info files
cat /proc/1100/status ## detailed status including PID and PPID

Troubleshooting

Symptom	Command	What to Look For
Need to find PID quickly	`pgrep -a processname`	PID with command confirmation
PID file stale after crash	`cat /var/run/app.pid`	PID in file no longer running
Child process outliving parent	`pstree -p`	Orphaned process reparented to PID 1
PID namespace confusion	`ps aux` inside container vs host	Same process has different PID in each namespace

PLACEMENT PRO TIP
**Tip:** PID files (`/var/run/service.pid`) are how init systems and monitoring tools track daemon processes across restarts. When a service crashes and leaves a stale PID file, the next start may fail because the init system thinks the service is still running. If a service will not start with "already running" errors, check if the PID file points to a real process: `kill -0 $(cat /var/run/service.pid) 2>&1`.

REMEMBER THIS
**Remember:** PID 1 inside a Docker container has a special responsibility: it must handle SIGTERM and properly shut down child processes. Many Docker containers use `CMD ["node", "server.js"]` which makes Node.js PID 1. If Node.js does not handle SIGTERM, `docker stop` waits 10 seconds then sends SIGKILL, which can corrupt data. Use a proper init like `tini` as PID 1 in containers.