This month, a quick rundown on some of the p-commands that let you find out about the processes on your system.
Unusually, they all have the same man page, so man ptree will tell you about pwdx, pfiles, pcred, and vice versa. Only pargs has its own man page. This has all been tested on Solaris 10. Most of it will work on Solaris 9 ; much of it will work on 7 and 8. The example application is a Java app. we use for building classroom machines, but this will all work on Oracle, Apache, and so on.
Starting with the simplest: pwdx PID will give you the
current working directory of a process.
$ pgrep -lf java
16728 java -classpath /e/j/lib/edujump.jar -DDEBUG=true com.sunedu.edujump.EduJumpSer
$ pwdx 16728
16728: /var/log
So it looks like the app. is writing logs at the moment.
With what command-line arguments was it started?
$ pargs 16728
16728: java -classpath /e/j/lib/edujump.jar -DDEBUG=true com.sunedu.edujump.EduJumpSer
argv[0]: java
argv[1]: -classpath
argv[2]: /e/j/lib/edujump.jar
argv[3]: -DDEBUG=true
argv[4]: com.sunedu.edujump.EduJumpServer
argv[5]: -env
argv[6]: /tmp/edujumprun.conf
argv[7]: -log
argv[8]: /var/log/edujump_status.log
SEven arguments and options. We couldn't have found all of these with a regular ps, as that truncates its output:
$ ps -ef | grep 16728
root 16728 1 0 Jan 15 ? 2:00 java -classpath /e/j/lib/edujump.jar -DDEBUG=true com.sunedu.edujump.EduJumpSer
So, the logfile it was directed to when it started was /var/log/edujump_status.log (argv[8] in the output above).
Is that where it's writing to _right now_?
pfiles 16728
16728: java -classpath /e/j/lib/edujump.jar -DDEBUG=true com.sunedu.edujump.E
Current rlimit: 65536 file descriptors
0: S_IFCHR mode:0666 dev:278,0 ino:6815752 uid:0 gid:3 rdev:13,2
O_RDONLY|O_LARGEFILE
/devices/pseudo/mm@0:null
1: S_IFREG mode:0644 dev:118,11 ino:3651 uid:0 gid:1 size:72
O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE
/var/log/edujump.log
2: S_IFREG mode:0644 dev:118,11 ino:3651 uid:0 gid:1 size:72
O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE
/var/log/edujump.log
3: S_IFCHR mode:0666 dev:278,0 ino:6815772 uid:0 gid:3 rdev:13,12
O_RDWR FD_CLOEXEC
/devices/pseudo/mm@0:zero
4: S_IFDOOR mode:0444 dev:287,0 ino:44 uid:0 gid:0 size:0
O_RDONLY|O_LARGEFILE FD_CLOEXEC door to nscd[11154]
/var/run/name_service_door
5: S_IFCHR mode:0644 dev:278,0 ino:99614724 uid:0 gid:3 rdev:190,0
O_RDONLY|O_LARGEFILE
/devices/pseudo/random@0:random
6: S_IFCHR mode:0644 dev:278,0 ino:99614726 uid:0 gid:3 rdev:190,1
O_RDONLY|O_LARGEFILE
/devices/pseudo/random@0:urandom
7: S_IFCHR mode:0644 dev:278,0 ino:99614724 uid:0 gid:3 rdev:190,0
O_WRONLY|O_APPEND|O_CREAT|O_LARGEFILE
/devices/pseudo/random@0:random
8: S_IFREG mode:0644 dev:118,11 ino:4091 uid:0 gid:1 size:0
O_WRONLY|O_APPEND|O_CREAT|O_LARGEFILE
/var/log/edujump_status.log
9: S_IFSOCK mode:0666 dev:284,0 ino:26112 uid:0 gid:0 size:0
O_RDWR
SOCK_STREAM
SO_REUSEADDR,SO_SNDBUF(49152),SO_RCVBUF(49152)
sockname: AF_INET 0.0.0.0 port: 5000
10: S_IFSOCK mode:0666 dev:284,0 ino:26113 uid:0 gid:0 size:0
O_RDWR
SOCK_STREAM
SO_SNDBUF(49152),SO_RCVBUF(49152)
sockname: AF_INET 0.0.0.0 port: 5000
Okay, that's kind of scarey looking. But the blocks marked 1, 2 and 8 show that it is writing to the correct files -- or at least the file it was asked to use, which may not be the same thing.
Finally, with whose privileges is running?
$ pcred 16728
16728: e/r/suid=0 e/r/sgid=1
groups: 1 2 3 4 5 6 7 8 9 12
It's not really a great idea to run network services as the super-user. You can use pcrd to _change_ the credentials of a live process, but this isn't recommended on a production system without both good cause and serious testing.
Just for fun, though:
$ pcred -l bob 16728
$ pcred 16728
16728: e/r/suid=116 e/r/sgid=1
groups: 1 100
$ ps -ef | grep 16728
bob 16728 1 0 Jan 15 ? 2:00 java -classpath /e/j/lib/edujump.jar -DDEBUG=true com.sunedu.edujump.EduJumpSer
Articles