Linux

Dig for more data in the /proc directory

Vincent Danen introduces you to the /proc filesystem, which you can mine for a lot of helpful information about your system and running processes on your system.

One of the most interesting directories on any Linux system is /proc, a virtual filesystem that provides a plethora of information on the hardware of the running system, and of the various processes running. In fact, many programs such as ps and top obtain their information by mining /proc.

Some well-known virtual files in /proc include /proc/cpuinfo, which prints out information on the running CPU(s); /proc/meminfo, which prints out information on installed memory; and /proc/cmdline, which provides the arguments to the Linux kernel at boot.

Other lesser-known files in /proc include:

  • /proc/apm, which provides information related to Advanced Power Management, if installed
  • /proc/loadavg shows the system load average
  • /proc/filesystems shows the available filesystem support in the kernel and whether or not they are in use on a block device
  • /proc/mounts will show what mounts are currently active, what block device they belong to, where they are mounted, and what options were used to mount them
  • /proc/net directory contains more files, all related to network information

Most of these files look like text files so can be looked at using the cat utility, such as:

# cat /proc/cpuinfo
processor       : 0
vendor_id       : AuthenticAMD
cpu family      : 15
model           : 47
model name      : AMD Athlon(tm) 64 Processor 3500+
stepping        : 2
cpu MHz         : 2202.909
...

Further, if you look inside /proc, you will notice quite a few numbered directories. These numbers correspond to running processes. Inside each directory are a number of files that give information regarding the process. For instance, /proc/1/ would contain information on process #1, which is typically init.

Some files in this directory are symlinks; the /proc/1/cwd symlink points to /, which indicates that init's current working directory is /, the root directory. The /proc/1/exe symlink points to /sbin/init, the program that is running. The /proc/1/cmdline is a file containing the command-line used to execute the program. The /proc/1/status file indicates the status of the program, which can be used to determine if a program is sleeping or a zombie process, the amount of memory it's using, the number of threads, the user/group privileges it is running as, and more.

To determine what files are in use by a process, look in the /proc/[pid]/fd/ directory. Each link in the directory will point to a file that is in use by the process in question.

There is a lot of information in /proc that can be found by those willing to look. A number of front-ends exist to help parse the information -- tools like ps, top, and free, among many others provide more human-readable information, but to really find out what a program is doing, the authoritative resource is the /proc directory.

Get the PDF version of this tip here.

Delivered each Tuesday, TechRepublic's free Linux and Open Source newsletter provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

7 comments
aklujkar
aklujkar

It shows the installed memory onboard and the current utilisation status

deanloper
deanloper

Tried this on Ubuntu 7.04 and get "permission denied" even when signed in with sudo. Any ideas?

garnerl
garnerl

Speaking for 8.04, root's password isn't random, it's just locked. "sudo passwd root" should take care of that, if you're so inclined. Of course, there's always booting to recovery mode, which is runevel 1, where you can set root's password. However, "sudo cat /proc/cpuinfo" works fine for me on 8.04, as does "sudo -s" and then running around the system as root.

pgit
pgit

Sudo doesn't necessarily give all the same permissions as root. Check the /etc/sudoers file. You'll see root permissions and your user's listed in there. If the user isn't the same as root, you can elevate it by making your entry read the same as root's. Easier to just log in as root (in the terminal) and play with it there, less typing...

Larry the Security Guy
Larry the Security Guy

The good people at Ubuntu have disabled the root account, preventing it from being used to log in. They've also set the password to something random and do not provide it to the user. The sudo command expects the user's password, not root, but then allows the user to perform (apparently not all) root functions. I haven't used Ubuntu for some time, but I believe there is a way to enable the root account, set the password and then do a proper su.

psbhullar
psbhullar

Another way is - 1. Open a terminal, 2. type "sudo passwd root" (do not use quotes) 3. Enter normal user password 4. Enter new password for root. 5. login as su.....

gacain
gacain

1 - Log in with "normal" user and password. 2 - At the CLI enter: sudo -s -H 3 - At the password prompt enter the "normal" user password again. 4 - You are now logged in as root. You can set a root password with the: passwd command as usual.