Published on: July 22, 2014 by George K.
Scenario:
/proc is not a real file system, it is a virtual file system. The /proc directory contains a stranger type files: virtual files.
These files are listed, but don’t actually exist on disk; the operating system creates them on the fly. Its zero-sized files are neither binary nor text, yet you can examine and display them. Most virtual files always have a current timestamp, which indicates that they are constantly being kept up to date. The /proc directory itself is created every time you boot your box. You need to work as root to be able to examine the whole directory. Some of the files (such as the process-related ones) are owned by the user who launched it. Although almost all the files are read-only, a few writeable ones (notably in /proc/sys) allow you to change kernel parameters.
[/proc]# ls -al | moretotal 8
dr-xr-xr-x 5 root root 0 May 16 07:13 1/
dr-xr-xr-x 5 root root 0 May 19 00:34 1020087/
dr-xr-xr-x 5 root root 0 Jun 4 22:52 1020394/
dr-xr-xr-x 5 root root 0 Jun 3 00:15 1026312/
dr-xr-xr-x 5 root root 0 Jun 3 00:15 1026318/
dr-xr-xr-x 5 root root 0 May 5 14:33 1040877/
dr-xr-xr-x 5 root root 0 Apr 1 17:34 11/
dr-xr-xr-x 5 root root 0 May 13 05:15 117400/
As you can see from the above example, the folder /proc contains directories with numbers as name. These numbers represents the process ids, the files inside this numbered directory corresponds to the process with that particular PID say 1020087.
root@server[/proc/1020087]# ls
./ auxv coredump_filter cwd@ exe@ fdinfo/ limits maps mounts numa_maps oom_score schedstat stack statm task/ cmdline
Following are the important files located under each numbered directory (for each process):
cmdline – command line of the binary being executed
[/proc/1020087]# cat cmdline
/bin/sh/usr/bin/mysqld_safe—datadir=/var/lib/mysql–pid-file=/var/lib/mysql/server.com.pid
root@xxx [/proc/1020087]# cat environPATH=/sbin:/usr/sbin:/bin:/usr/bin://binPWD=/usrSHLVL=1RESTARTSRV=1RESTARTSRV_CHECKMODE_HEADER=1OLDPWD=/_=/usr/bin/mysqld_safe
fd – Contains the file descriptors which is linked to the appropriate files.
[/proc/1020087]# ls -l fddr-x—— 2 root root 0 Jun 5 00:54 ./
dr-xr-xr-x 5 root root 0 May 19 00:34 ../
lr-x—— 1 root root 64 Jun 5 01:00 0 -> /dev/null
l-wx—— 1 root root 64 Jun 5 01:00 1 -> /dev/null
l-wx—— 1 root root 64 Jun 5 01:00 2 -> /dev/null
lr-x—— 1 root root 64 Jun 5 01:00 255 -> /usr/bin/mysqld_safe*
cwd – Link to current working directory of the process.
[/proc/1020087]# ls -l cwd
lrwxrwxrwx 1 root root 0 Jun 5 00:49 cwd -> /usr/
exe – Link to executable of the process.
ls -l exe
lrwxrwxrwx 1 root root 0 Jun 5 00:33 exe -> /bin/bash*
ls -l root
lrwxrwxrwx 1 root root 0 Jun 5 00:49 root -> //
# cat /proc/meminfo
MemTotal: 24625332 kB
MemFree: 1135328 kB
Buffers: 531228 kB
Cached: 15162364 kB
SwapCached: 52 kB
Category : Linux
George started his career in web hosting and Linux technical support in the year 2004 and is with SupportSages since 2009. He has keen interest in server optimizations, custom security solutions, hacked server recovery, cyber forensic and high availability fail over system design and implementation. George loves long drives and is passionate about art and literature.
Add new commentSIGN IN