Procfs and the Proc Directory

D

DevynCJohnson

Guest
Many or most Linux users have at least heard of proc. Some of you may wonder why this folder is so important. Well, this article will explain proc thoroughly like what it is and how it is arranged.

On the root, there is a folder titled "proc". This folder is not really on /dev/sda1 or where ever you think the folder resides. This folder is a mount point for the procfs (Process Filesystem) which is a filesystem in memory. Many processes store information about themselves on this virtual filesystem. ProcFS also stores other system information. For example, on most laptop systems, there is a file that may exist (/proc/acpi/button/lid/LID/state) that contains "open" when the laptop lid is open and "closed" when the lid is closed. So, users could use this file to make shell scripts that execute when the lid is open and/or shut. To read such a file through the shell, use the "cat" command.

ProcFS is an interface that provides direct access to the kernelspace. By using proc, many applications in userspace can access the kernelspace.

NOTE: Many of you probably think you can use proc to store your personal files. Well, you cannot. Plus, even if you could, that would be very dangerous for the system.

ProcFS contains a highly organized file-hierarchy. The proc hierarchy changes slightly in some kernel versions, but overall it is the same across different distros and kernel versions. However, some differences may exist in different hardware. For example, if a system lacks SCSI devices, then no SCSI files or folders will be found in that particular proc system. As for another example, not all proc systems will contain /proc/apm/ which holds Advanced power management version and battery information.

proc.png


/proc/{pid}/ - Each process owns a directory titled according to the pid. For instance, if a process with a Process ID (PID) of 375 starts, then the folder "375" is created in proc (/proc/375/). This folder contains various files with attribute information, sessionid, control groups, status, timers, etc. The file /proc/{pid}/cmdline contains the commandline parameter, arguments, and commands used to start this process. For example, executing "grep -i -e FIND -f file" would make a cmdline file containing "grep -i -e FIND -f file". The current working directory of the process is stored as a shortcut file - /proc/{pid}/cwd. The /proc/{pid}/ directory contains many files and folders containing information on various aspects of the process. Not all of the files and directories will be discussed in this article.

Proc also uses other symbolic links (shortcut files). The link /proc/{pid}/exe is a shortcut to the command/process executed. For example, when playing the video game "0A.D.", the shortcut will link to /usr/games/0ad, unless the user installs the game somewhere else.

/proc/{pid}/fd/ is a directory shortcuts to the files that the process currently has open. /proc/{pid}/fdinfo/ is a directory that stores information of the files that the process currently has open.

/proc/{pid}/limits stores the soft and hard limits of the process.

/proc/{pid}/maps is a file that stores a memory map, permissions, and other data. Below is an example of what this may look like:

Code:
address  perms offset  dev  inode  pathname
05347000-06139100 r-xp 00000000 03:0c 73599  /usr/bin/MY-APP

/proc/{pid}/mem stores information about the memory pages used by the process.

/proc/{pid}/mountinfo contains mountpoint information. /proc/{pid}/mount lists the filesystems in the process's mount namespace. If a process is manipulating a file on a filesystem, then that filesystem will be listed here.

/proc/{pid}/smaps stores a list of the process's memory usage. This file may look something like this:

Code:
Size:  573 kB
Rss:  537 kB
Shared_Clean:  537 kB
Shared_Dirty:  0 kB
Private_Clean:  0 kB
Private_Dirty:  0 kB

NOTE: Yes, memory can belong to more than one of the categories listed in the file.

/proc/{pid}/stat stores information about the process like the PID, parent process ID (PPID), session ID, controlling terminal, etc.

/proc/{pid}/statm is a lot like /proc/{pid}/smaps, but instead stores information by page rather than in kilobytes.

/proc/{pid}/status contains various information on a process. This is how the file can be viewed. Open a shell so we can view this information about your default shell. In shell scripting, "$$" is a variable that refers to the PID of the current shell's PID. So, we can type the code below in a shell to get information about our shell.

Code:
cat /proc/$$/status

The command gives us this table which displays information like the number of threads the process is using, different IDs, etc.:

Code:
collier@Nacho-Laptop:~$ cat /proc/$$/status
Name:   bash
State:   S (sleeping)
Tgid:   6048
Pid:   6048
PPid:   6040
TracerPid:   0
Uid:   1000   1000   1000   1000
Gid:   1000   1000   1000   1000
FDSize:   256
Groups:   4 24 27 30 46 112 124 1000
VmPeak:    26808 kB
VmSize:    26808 kB
VmLck:    0 kB
VmPin:    0 kB
VmHWM:    3672 kB
VmRSS:    3672 kB
VmData:    1952 kB
VmStk:    136 kB
VmExe:    900 kB
VmLib:    2296 kB
VmPTE:    72 kB
VmSwap:    0 kB
Threads:   1
SigQ:   0/21869
SigPnd:   0000000000000000
ShdPnd:   0000000000000000
SigBlk:   0000000000010000
SigIgn:   0000000000384004
SigCgt:   000000004b813efb
CapInh:   0000000000000000
CapPrm:   0000000000000000
CapEff:   0000000000000000
CapBnd:   0000001fffffffff
Seccomp:   0
Cpus_allowed:   f
Cpus_allowed_list:   0-3
Mems_allowed:   00000000,00000001
Mems_allowed_list:   0
voluntary_ctxt_switches:   39
nonvoluntary_ctxt_switches:   24

Each thread a process owns will have a folder in /proc/{pid}/tasks/{tid}/. TID stands for Thread ID.

/proc/bus/ contains files and folders for the different buses on the system. For instance, drivers for PC-cards will be found here - /proc/bus/pccard/drivers/.

Any commandline parameters given to the kernel from the bootloader will be stored in this file - /proc/cmdline. So, if the Grub command-line is used to bootup a Linux kernel, then the command that was used will be seen in this file.

Some kernels contain a file with the list of configured options used to configure the kernel in this file - /proc/config.gz. This can be very helpful when tweaking a kernel. For illustration, if a Linux user has a system that runs nearly very well, but the user wishes to make some minor adjustments to the kernel, then the user can get the file and give it to the kernel configuration tool. This provide all of the information used to configure the kernel. Then, the user can make the fine adjustments and have a new kernel that is nearly the same as the one before.

The file /proc/cpuinfo provides information on the CPU used by the system. Users can view this file to get information about their CPU.

The device numbers and groups are stored in this file /proc/devices.

Input/Output (I/O) statistics are kept in this file - /proc/diskstats. Two lines from this file are listed below -

Code:
7  7 loop7 0 0 0 0 0 0 0 0 0 0 0
8  0 sda 42627 16436 2722170 1297584 18920 24950 725864 210112 0 199584 1507636

The Direct Memory Access (DMA) channels are list here - /proc/dma. A line form this file looks like this "4: cascade". Frame buffers are stored in /proc/fb.

/proc/filesystems lists the filesystem support compiled into the kernel and filesystem modules currently loaded.

The /proc/ide file contains information on the IDE devices like cache size, storage size, model, etc. This file can be used to ensure your system sees your device correctly. For example, assume you have an IDE device that is not working correctly. You could then view this file. If the file contains false information, then that mostly likely means the wrong driver has been loaded. Otherwise, correct information may mean the device itself is broken (the error could be something else. This is just a general example).

NOTE: To view proc files, use a commandline. Usually, using the GUI to find and click a file may not work. Example: "cat /proc/ide | less"

/proc/interrupts keeps track of the number of interrupts that were executed/sent.

/proc/iomem is the Input/Output memory map. All registered I/O port regions in use are listed in this file - /proc/ioports.

This ELF file (/proc/kcore) represents the whole physical memory. ELG refers to the way the binary file is structured.

Kernel messages can be read from this file - /proc/kmsg.

Active file locks are listed in this file - /proc/locks. When a file is locked, a process is reading/writing a file and the lock prevents other processes and/or computers from trying to manipulate the file.

Information about the memory and swap space are stored in this file - /proc/meminfo.

Loaded modules are listed in this file - /proc/modules. This is helpful to know when diagnosing issues.

Any data relating to networking will be found in this directory - /proc/net/. The TCP socket table is contained in /proc/net/tcp, and the UDP socket table is in /proc/net/udp. The file /proc/net/unix lists the current Unix domain sockets and some information pertaining to the sockets.

/proc/partitions contains information about the partitions.

/proc/self/ is a soft link to the PID folder of the process accessing the proc system.

Various kernel information is stored in /proc/stat/. Some pieces of information include the number of processes and boot-time.

/proc/swaps lists the swap spaces in use and various other information. This file may look something like this:

Code:
Filename         Type     Size   Used   Priority
/dev/sda7  partition   5119996   228   -1
/dev/sda8  partition   5119996   0   -2

/proc/sys/ is a folder containing the kernel variables. /proc/sys/dev/ holds device-specific information. Filesystem variables are stored in /proc/sys/fs. An example includes a file named "pipe-max-size" which sets the limit on the size of a pipe. /proc/sys/fs/dir-notify-enable is a file used to enable/disable dnotify. A zero disables this process and a one enables the process. dnotify watches the filesystem and reports events. /proc/sys/fs/file-max is another variable file; this one controls the maximum number of open files. There is even a variable file that allows users to set the max number of partitions that can be mounted (/proc/sys/fs/super-max). The hostname file is located here (/proc/sys/kernel/hostname). /proc/sys/kernel/pid_max sets the maximum number of PIDs. Each process must have an unique PID, so it is possible to reach a limit of the number of processes that can be run. However, it is very unlikely (or nearly impossible) to use up all of the PIDs. The computer will likely use up CPU and/or memory resources before then. The likelihood that the kernel will send data to the swap space can be changed using this file /proc/sys/vm/swappiness.

/proc/uptime contains the amount of time the system has been on. /proc/version contains the kernel's version number and information.

Virtual memory statistics are kept in here - /proc/vmstat. The /proc/zoneinfo file holds information on the various memory zones.

Only the Root user can read all of the files and write to them. Regular users can read some, but cannot write to any. This security is needed to protect the system. If malware ever got Root privileges, then the malware could destroy the system. Obviously, the proc filesystem should only be changed and handled with Root privileges when it is necessary. Remember, if it is not broken, do not fix it. Otherwise, the chances of an accident are increased and the system could be ruined. However, it is perfectly safe to read proc files using user privileges because the kernel will not allow dangerous behaviors.

As stated near the beginning of this article, ProcFS is a filesystem, so you may be wondering about formatting. All users (including Root) cannot make a storage unit use the procfs. Secondly, to reformat proc, restart the computer. Since procfs is stored on volatile memory, the data is deleted during every reboot and the filesystem is recreated during startup. Linux can manage this filesystem itself.
 

Attachments

  • slide.jpg
    slide.jpg
    31 KB · Views: 72,930



Members online


Latest posts

Top