The /proc filesystem is specific to GNU/Linux. It is a virtual filesystem, and as such it takes no room on your disk. It is a very convenient way to obtain information on the system, all the more that most files in this directory are human readable (well, with a little help). Many programs actually gather information from files in /proc, format it in their own way and then display it. This is the case for all programs which display information about processes, and we have already seen a few of them (top, ps and friends). /proc is also a good source of information about your hardware, and similarly, quite a few programs are just interfaces to the information contained in /proc.
There is also a special subdirectory, /proc/sys. It allows for changing some kernel parameters in real time or displaying them.
If you list the contents of the /proc directory, you will see many directories that the name of which is a number. These are the directories holding information on all processes currently running on the system:
$ ls -d /proc/[0-9]* /proc/1/ /proc/302/ /proc/451/ /proc/496/ /proc/556/ /proc/633/ /proc/127/ /proc/317/ /proc/452/ /proc/497/ /proc/557/ /proc/718/ /proc/2/ /proc/339/ /proc/453/ /proc/5/ /proc/558/ /proc/755/ /proc/250/ /proc/385/ /proc/454/ /proc/501/ /proc/559/ /proc/760/ /proc/260/ /proc/4/ /proc/455/ /proc/504/ /proc/565/ /proc/761/ /proc/275/ /proc/402/ /proc/463/ /proc/505/ /proc/569/ /proc/769/ /proc/290/ /proc/433/ /proc/487/ /proc/509/ /proc/594/ /proc/774/ /proc/3/ /proc/450/ /proc/491/ /proc/554/ /proc/595/ |
Note that as a user, you can (logically) only display information related to your own processes, but not the ones of other users. So, let's be root and see what information is available from process 127:
$ su Password: $ cd /proc/127 $ ls -l total 0 -r--r--r-- 1 root root 0 Dec 14 19:53 cmdline lrwx------ 1 root root 0 Dec 14 19:53 cwd -> // -r-------- 1 root root 0 Dec 14 19:53 environ lrwx------ 1 root root 0 Dec 14 19:53 exe -> /usr/sbin/apmd* dr-x------ 2 root root 0 Dec 14 19:53 fd/ pr--r--r-- 1 root root 0 Dec 14 19:53 maps| -rw------- 1 root root 0 Dec 14 19:53 mem lrwx------ 1 root root 0 Dec 14 19:53 root -> // -r--r--r-- 1 root root 0 Dec 14 19:53 stat -r--r--r-- 1 root root 0 Dec 14 19:53 statm -r--r--r-- 1 root root 0 Dec 14 19:53 status $ |
Each directory contains the same entries. Here is a brief description of some of the entries:
cmdline This (pseudo-)file contains the whole command line used to invoke the process. It is not formatted: there is no space between the program and its arguments, and there is no newline at the end of the line either.
cwd This symbolic link points to the current working directory (hence the name) of the process.
environ This file contains all the environment variables defined for this process, in the form VARIABLE=value. Similar to cmdline, the output is not formatted at all: no newlines to separate between different variables, and no newline at the end either.
exe This is a symlink pointing to the executable file corresponding to the process being run.
fd This subdirectory contains the list of file descriptors currently opened by the process. See below.
maps When you print the contents of this named pipe (with cat for example), you can see the parts of the process' address space which are currently mapped to a file. The fields from left to right are: the address space associated to this mapping, the permissions associated to this mapping, the offset from the beginning of the file where the mapping starts, the device on which the mapped file is located, the inode number of the file, and finally the name of the file itself. See man 2 mmap.
root This is a symbolic link which points to the root directory used by the process. Usually, it will be /, but see man 2 chroot.
status This file contains various information about the process: the name of the executable, its current state, its PID and PPID, its real and effective UID and GID, its memory usage, and other information.
If we list the contents of the directory fd, we obtain this:
$ ls -l fd total 0 lrwx------ 1 root root 64 Dec 16 22:04 0 -> /dev/console l-wx------ 1 root root 64 Dec 16 22:04 1 -> pipe:[128] l-wx------ 1 root root 64 Dec 16 22:04 2 -> pipe:[129] l-wx------ 1 root root 64 Dec 16 22:04 21 -> pipe:[130] lrwx------ 1 root root 64 Dec 16 22:04 3 -> /dev/apm_bios lr-x------ 1 root root 64 Dec 16 22:04 7 -> pipe:[130] lrwx------ 1 root root 64 Dec 16 22:04 9 -> /dev/console $ |
In fact, this is the list of file descriptors opened by the process. Each opened descriptor is shown by a symbolic link, the name of which is the descriptor number, and which points to the file opened by this descriptor[1]. You can also notice the permissions on the symlinks: this is the only place where they make sense, as they represent the permissions with which the file corresponding to the descriptor has been opened.
[1] | If you remember what has been told in section Redirections and pipes, you know what descriptors 0, 1 and 2 stand for. |