Unix is a multitasking operating system. Every task that the computer is performing at any moment—every user running a word processor program, for example—has a process. The process is the operating system’s fundamental tool for controlling the computer.

Nearly everything that Unix does is done with a process. One process displays the characters login: on the user’s terminal and reads the characters that the user types to log into the system. Another process spools PostScript to the laser printer. (If you don’t have a PostScript-based printer, yet another process translates PostScript into whatever language your printer happens to use—for example, PCL.) On a workstation, a special process called the window server displays text in windows on the screen. (Another process called the window manager lets the user move those windows around.)

At any given moment, the average Unix operating system might be running anywhere from a few dozen to several hundred different processes. Large multiuser systems typically run hundreds to thousands of processes, as Unix runs at least one process for every user who is logged in, another process for every program that every user is running, another process for every hardwired terminal that is waiting for a new user, and a few dozen processes to manage servers and background tasks.

But regardless of whether you are responsible for security on a small system or a large one, understanding how processes work and the process lifecycle is vital ...