Information About Processes

If you list the contents of the /proc directory, you will see many directories where the name of the directory is a number. These are the directories holding information on all processes currently running on the system:

$ ls -d /proc/[0-9]*
/proc/1/    /proc/302/  /proc/451/  /proc/496/  /proc/556/  /proc/633/
/proc/127/  /proc/317/  /proc/452/  /proc/497/  /proc/557/  /proc/718/
/proc/2/    /proc/339/  /proc/453/  /proc/5/    /proc/558/  /proc/755/
/proc/250/  /proc/385/  /proc/454/  /proc/501/  /proc/559/  /proc/760/
/proc/260/  /proc/4/    /proc/455/  /proc/504/  /proc/565/  /proc/761/
/proc/275/  /proc/402/  /proc/463/  /proc/505/  /proc/569/  /proc/769/
/proc/290/  /proc/433/  /proc/487/  /proc/509/  /proc/594/  /proc/774/
/proc/3/    /proc/450/  /proc/491/  /proc/554/  /proc/595/

Note that as a user, you can (logically) only display information related to your own processes, but not the ones of other users. So, let's be root and see what information is available from process 127:

$ su
Password:
$ cd /proc/127
$ ls -l
total 0-9
-r--r--r--    1 root     root            0 Dec 14 19:53 cmdline
lrwx------    1 root     root            0 Dec 14 19:53 cwd -> //
-r--------    1 root     root            0 Dec 14 19:53 environ
lrwx------    1 root     root            0 Dec 14 19:53 exe -> /usr/sbin/apmd*
dr-x------    2 root     root            0 Dec 14 19:53 fd/
pr--r--r--    1 root     root            0 Dec 14 19:53 maps|
-rw-------    1 root     root            0 Dec 14 19:53 mem
lrwx------    1 root     root            0 Dec 14 19:53 root -> //
-r--r--r--    1 root     root            0 Dec 14 19:53 stat
-r--r--r--    1 root     root            0 Dec 14 19:53 statm
-r--r--r--    1 root     root            0 Dec 14 19:53 status
$

Each directory contains the same entries. Here is a brief description of some of the entries:

  1. cmdline: this (pseudo-)file contains the entire command line used to invoke the process. It is not formatted: there is no space between the program and its arguments, and there is no newline at the end of the line. In order to view it, you can use: perl -ple 's,\00, ,g' cmdline.

  2. cwd: this symbolic link points to the current working directory (hence the name) of the process.

  3. environ This file contains all the environment variables defined for this process, in the form VARIABLE=value. Similar to cmdline, the output is not formatted at all: no newlines separate the different variables, and there is no newline at the end. One solution to view it: perl -pl -e 's,\00,\n,g' environ.

  4. exe: this is a symlink pointing to the executable file corresponding to the process being run.

  5. fd: this subdirectory contains the list of file descriptors currently opened by the process. See below.

  6. maps: when you print the contents of this named pipe (with cat for example), you can see the parts of the process' address space which are currently mapped to a file. From left to right, the fields are: the address space associated to this mapping, the permissions associated to this mapping, the offset from the beginning of the file where the mapping starts, the major and minor number (in hexadecimal) of the device on which the mapped file is located, the inode number of the file, and finally the name of the file itself. When the device is 0 and there's no inode number or filename, this is an anonymous mapping. See mmap(2).

  7. root: this is a symbolic link which points to the root directory used by the process. Usually, it will be /, but see chroot(2).

  8. status: this file contains various information about the process: the name of the executable, its current state, its PID and PPID, its real and effective UID and GID, its memory usage, and other information. Note that files stat and statm are now obsolete. The information they contained is now stored in status.

If we list the contents of directory fd for process 127, we obtain this:

$ ls -l fd
total 0
lrwx------    1 root     root           64 Dec 16 22:04 0 -> /dev/console
l-wx------    1 root     root           64 Dec 16 22:04 1 -> pipe:[128]
l-wx------    1 root     root           64 Dec 16 22:04 2 -> pipe:[129]
l-wx------    1 root     root           64 Dec 16 22:04 21 -> pipe:[130]
lrwx------    1 root     root           64 Dec 16 22:04 3 -> /dev/apm_bios
lr-x------    1 root     root           64 Dec 16 22:04 7 -> pipe:[130]
lrwx------    1 root     root           64 Dec 16 22:04 9 ->
/dev/console
$

In fact, this is the list of file descriptors opened by the process. Each opened descriptor is shown by a symbolic link, where the name is the descriptor number, and which points to the file opened by this descriptor[24]. Notice the permissions on the symlinks: this is the only place where they make sense, as they represent the permissions with which the file corresponding to the descriptor has been opened.



[24] If you remember what was described in section the section called “Redirections and Pipes”, you know what descriptors 0, 1 and 2 stand for.