Chapter 9. The /proc Filesystem

Table of Contents
9.1. Information About Processes
9.2. Information on The Hardware
9.3. The /proc/sys Sub-Directory

The /proc filesystem is specific to GNU/Linux. It is a virtual filesystem, and as such it takes no room on your disk. It is a very convenient way to obtain information on the system, all the more that most files in this directory are human readable (well, with a little help). Many programs actually gather information from files in /proc, format it in their own way and then display it. This is the case for all programs which display information about processes, and we have already seen a few of them (top, ps and friends). /proc is also a good source of information about your hardware, and similarly, quite a few programs are just interfaces to the information contained in /proc.

There is also a special subdirectory, /proc/sys. It allows for changing some kernel parameters in real time or displaying them.

9.1. Information About Processes

If you list the contents of the /proc directory, you will see many directories that the name of which is a number. These are the directories holding information on all processes currently running on the system:

$ ls -d /proc/[0-9]*
/proc/1/    /proc/302/  /proc/451/  /proc/496/  /proc/556/  /proc/633/
/proc/127/  /proc/317/  /proc/452/  /proc/497/  /proc/557/  /proc/718/
/proc/2/    /proc/339/  /proc/453/  /proc/5/    /proc/558/  /proc/755/
/proc/250/  /proc/385/  /proc/454/  /proc/501/  /proc/559/  /proc/760/
/proc/260/  /proc/4/    /proc/455/  /proc/504/  /proc/565/  /proc/761/
/proc/275/  /proc/402/  /proc/463/  /proc/505/  /proc/569/  /proc/769/
/proc/290/  /proc/433/  /proc/487/  /proc/509/  /proc/594/  /proc/774/
/proc/3/    /proc/450/  /proc/491/  /proc/554/  /proc/595/

Note that as a user, you can (logically) only display information related to your own processes, but not the ones of other users. So, let's be root and see what information is available from process 127:

$ su
Password:
$ cd /proc/127
$ ls -l
total 0
-r--r--r--    1 root     root            0 Dec 14 19:53 cmdline
lrwx------    1 root     root            0 Dec 14 19:53 cwd -> //
-r--------    1 root     root            0 Dec 14 19:53 environ
lrwx------    1 root     root            0 Dec 14 19:53 exe -> /usr/sbin/apmd*
dr-x------    2 root     root            0 Dec 14 19:53 fd/
pr--r--r--    1 root     root            0 Dec 14 19:53 maps|
-rw-------    1 root     root            0 Dec 14 19:53 mem
lrwx------    1 root     root            0 Dec 14 19:53 root -> //
-r--r--r--    1 root     root            0 Dec 14 19:53 stat
-r--r--r--    1 root     root            0 Dec 14 19:53 statm
-r--r--r--    1 root     root            0 Dec 14 19:53 status
$

Each directory contains the same entries. Here is a brief description of some of the entries:

  1. cmdline: this (pseudo-)file contains the whole command line used to invoke the process. It is not formatted: there is no space between the program and its arguments, and there is no newline at the end of the line either. In order to view it, you can use: perl -ple 's,\00, ,g' cmdline.

  2. cwd: this symbolic link points to the current working directory (hence the name) of the process.

  3. environ This file contains all the environment variables defined for this process, in the form VARIABLE=value. Similar to cmdline, the output is not formatted at all: no newlines to separate between different variables, and no newline at the end either. One solution to view it: perl -pl -e 's,\00,\n,g' environ.

  4. exe: this is a symlink pointing to the executable file corresponding to the process being run.

  5. fd: this subdirectory contains the list of file descriptors currently opened by the process. See below.

  6. maps: when you print the contents of this named pipe (with cat for example), you can see the parts of the process' address space which are currently mapped to a file. The fields from left to right are: the address space associated to this mapping, the permissions associated to this mapping, the offset from the beginning of the file where the mapping starts, the major and minor number (in hexadecimal) of the device on which the mapped file is located, the inode number of the file, and finally the name of the file itself. When the device is 0 and there's no inode number and filename either, these are anonymous mappings. See mmap(2).

  7. root: this is a symbolic link which points to the root directory used by the process. Usually, it will be /, but see chroot(2).

  8. status: this file contains various information about the process: the name of the executable, its current state, its PID and PPID, its real and effective UID and GID, its memory usage, and other information.

If we list the contents of directory fd, always for our process 127, we obtain this:

$ ls -l fd
total 0
lrwx------    1 root     root           64 Dec 16 22:04 0 -> /dev/console
l-wx------    1 root     root           64 Dec 16 22:04 1 -> pipe:[128]
l-wx------    1 root     root           64 Dec 16 22:04 2 -> pipe:[129]
l-wx------    1 root     root           64 Dec 16 22:04 21 -> pipe:[130]
lrwx------    1 root     root           64 Dec 16 22:04 3 -> /dev/apm_bios
lr-x------    1 root     root           64 Dec 16 22:04 7 -> pipe:[130]
lrwx------    1 root     root           64 Dec 16 22:04 9 ->
/dev/console
$

In fact, this is the list of file descriptors opened by the process. Each opened descriptor is shown by a symbolic link, the name of which is the descriptor number, and which points to the file opened by this descriptor[1]. You can also notice the permissions on the symlinks: this is the only place where they make sense, as they represent the permissions with which the file corresponding to the descriptor has been opened.

Notes

[1]

If you remember what has been told in section Redirections and Pipes, you know what descriptors 0, 1 and 2 stand for.


Tux on Star from MandrakeSoft Linux is a registered trademark of Linus Torvalds. All other trademarks and copyrights are the property of their respective owners.
Unless otherwise stated, all the content of these pages and all images are Copyright MandrakeSoft S.A. and MandrakeSoft Inc. 2002.
http://www.mandrakelinux.com/