You’ll be amazed how much things you can learn about the process on the Linux system by exploring and poking around /proc/.

ProcFS in Linux is a special filesystem that contains various information about the system, processes running on the system and allows you to adjust some of the things by writing directly to those files. Among many other things it contains folder for each process running on the system, named by its PID. Each PID folder contains everything about process. Let’s see some of the things in there:

  • cmdline - is the file containing the command that originally started the process
  • cwd - this is a symlink to a current working directory of the process
  • environ - contains information about the process environment (same as env comand but without newlines)
  • exe - symlink to the executable that started the process
  • fd - is a directory containing references for file descriptors of the process. Every process has at least 3 file descriptors (0,1,2) pointing to stdin, stdout, stderr respectively but it can have many more, depending on the system limits
  • fdinfo - directory holding information about file descriptors like position in the file (current byte of the file), flags (octal number displaying access mode of the file), and mnt_id (mount, can be checked via mountinfo - see below - of the process)
  • maps - file holding virtual memory mapping information
  • mem - shows the contents of memory mapped the same way as in the process
  • mountinfo - file containing information about process mounts
  • root - shows the root of the process (can be used to determine if process is running in chroot, if so, process would have chroot directory as root)
  • status - basic information about process status (resident set-size, state, pid and many more)

So next time you want to find out some information about the process, just take a peek at the /proc/, it might be of the great help.