Open Source

Dig for more data in the /proc directory

Vincent Danen introduces you to the /proc filesystem, which you can mine for a lot of helpful information about your system and running processes on your system.

One of the most interesting directories on any Linux system is /proc, a virtual filesystem that provides a plethora of information on the hardware of the running system, and of the various processes running. In fact, many programs such as ps and top obtain their information by mining /proc.

Some well-known virtual files in /proc include /proc/cpuinfo, which prints out information on the running CPU(s); /proc/meminfo, which prints out information on installed memory; and /proc/cmdline, which provides the arguments to the Linux kernel at boot.

Other lesser-known files in /proc include:

  • /proc/apm, which provides information related to Advanced Power Management, if installed
  • /proc/loadavg shows the system load average
  • /proc/filesystems shows the available filesystem support in the kernel and whether or not they are in use on a block device
  • /proc/mounts will show what mounts are currently active, what block device they belong to, where they are mounted, and what options were used to mount them
  • /proc/net directory contains more files, all related to network information

Most of these files look like text files so can be looked at using the cat utility, such as:

# cat /proc/cpuinfo
processor       : 0
vendor_id       : AuthenticAMD
cpu family      : 15
model           : 47
model name      : AMD Athlon(tm) 64 Processor 3500+
stepping        : 2
cpu MHz         : 2202.909

Further, if you look inside /proc, you will notice quite a few numbered directories. These numbers correspond to running processes. Inside each directory are a number of files that give information regarding the process. For instance, /proc/1/ would contain information on process #1, which is typically init.

Some files in this directory are symlinks; the /proc/1/cwd symlink points to /, which indicates that init's current working directory is /, the root directory. The /proc/1/exe symlink points to /sbin/init, the program that is running. The /proc/1/cmdline is a file containing the command-line used to execute the program. The /proc/1/status file indicates the status of the program, which can be used to determine if a program is sleeping or a zombie process, the amount of memory it's using, the number of threads, the user/group privileges it is running as, and more.

To determine what files are in use by a process, look in the /proc/[pid]/fd/ directory. Each link in the directory will point to a file that is in use by the process in question.

There is a lot of information in /proc that can be found by those willing to look. A number of front-ends exist to help parse the information — tools like ps, top, and free, among many others provide more human-readable information, but to really find out what a program is doing, the authoritative resource is the /proc directory.

Get the PDF version of this tip here.

Delivered each Tuesday, TechRepublic's free Linux and Open Source newsletter provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!


Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks