Deep System Discovery on your Linux Server With /proc
Live Processes/proc is a virtual filesystem generated at boot and updated regularly by the kernel. With /proc you can investigate exactly what hardware your Linux kernel sees, what processes it is running, boot options, and also manipulate kernel events.
/proc (short for "process filesystem") isn't 'real'; it's a virtual filesystem, generated at boot and updated regularly by the kernel. Instead of storing information on disk, when you look at something in /proc, it fetches the information from the kernel to output as a file. This is great both for system communication (utilities can operate in userspace, rather than in kernel space), and for investigating your system's innards.
/proc and processes
juliet 25175 0.0 0.0 18044 1552 pts/31 Ss Jul14 0:00 /bin/bash
Look at the proc directory of this process with ls -l /proc/25175/, then use cat or less to look at the file contents. Some files are binary, but they usually have at least some human-readable text. Here are some of the files and directories you'll see; for more info, check the very comprehensive proc manpage. Note that often these files will be links, so ls -l is useful.
- cmdline: the command used to launch this process. Useful if you're debugging a launch problem, or to check which options were passed in.
- environ: the command environment.
- exe: the original executable file.
- fd/: filehandle links to files in use by the process.
- task: hard links to any other processes started by this process, including itself.
- cwd: the process' working directory.
- root: the root path, almost always /, unless the process is being run in a chroot jail.
- maps: memory maps to executables and library files. For each such file, it shows the memory address, permissions (r/w/x, s(hared), and p(rivate - copy on write)), offset into the file, and device and inode.
- stat, status: status information. status has better formatting.