Back to article
Deep System Discovery on your Linux Server With /proc
December 10, 2010
/proc is a virtual filesystem generated at boot and updated regularly by the kernel. With /proc you can investigate exactly what hardware your Linux kernel sees, what processes it is running, boot options, and also manipulate kernel events.
/proc (short for "process filesystem") isn't 'real'; it's a virtual filesystem, generated at boot and updated regularly by the kernel. Instead of storing information on disk, when you look at something in /proc, it fetches the information from the kernel to output as a file. This is great both for system communication (utilities can operate in userspace, rather than in kernel space), and for investigating your system's innards.
/proc and processes
If you type ls /proc, you'll see a set of numbered directories. These are your processes: one directory per process ID. Look at your process list with ps -A, and pick one to investigate. (Note that unless you have root/sudo access, you're best off choosing a process that you own.) Here's a sample process from my ps output:
juliet 25175 0.0 0.0 18044 1552 pts/31 Ss Jul14 0:00 /bin/bash
Look at the proc directory of this process with ls -l /proc/25175/, then use cat or less to look at the file contents. Some files are binary, but they usually have at least some human-readable text. Here are some of the files and directories you'll see; for more info, check the very comprehensive proc manpage. Note that often these files will be links, so ls -l is useful.