源作者:森客
保存进程运行所需要的程序和数据Linux 进程运行信息保存在系统目录/proc/${pid}/下,例如:
[local@localhost 71165]# ls
attr cmdline environ io mem ns pagemap sched smaps_rollup syscall wchan
autogroup comm exe limits mountinfo numa_maps patch_state schedstat stack task
auxv coredump_filter fd loginuid mounts oom_adj personality sessionid stat timers
cgroup cpuset fdinfo map_files mountstats oom_score projid_map setgroups statm timerslack_ns
clear_refs cwd gid_map maps net oom_score_adj root smaps status uid_map
其中有几个常用的文件,很多时候可以通过一些文件获取有用信息:
# cmdline 记录进程启动命令;
# environ 记录进程启动的环境变量,可以看到进程所处的PATH等环境变量,还包括进程启动时所处的Shell客户端
[local@localhost 71165]# cat /proc/71165/environ |tr '0' ' '
SSH_CONNECTION=9.211.55.2 50728 9.211.55.3 22
LANG=en_US.UTF-8
HISTCONTROL=ignoredups
HOSTNAME=localhost.localdomain
OLDPWD=/data/work/go/src
XDG_SESSION_ID=10
USER=root
GOPATH=/data/work/go/
SELINUX_ROLE_REQUESTED=
PWD=/data/work/go/src/demo
HOME=/root
SSH_CLIENT=10.211.55.2 50728 22
SELINUX_LEVEL_REQUESTED=
XDG_DATA_DIRS=/root/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share
SSH_TTY=/dev/pts/2
MAIL=/var/spool/mail/root
TERM=xterm-256color
SHELL=/bin/bash
SELINUX_USE_CURRENT_RANGE=
SHLVL=1
LOGNAME=root
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/0/bus
XDG_RUNTIME_DIR=/run/user/0
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/local/go/bin:/usr/local/go/bin:/root/bin
HISTSIZE=1000
LESSOPEN=||/usr/bin/lesspipe.sh %s
_=https://www.whysem.com/a/demo
可以通过lsof -p ${pid}获取进程打开的文件,也可以通过lsof ${file_path}来获取打开${file_path}文件的进程
[local@localhost 71165]# lsof -p 34123
demo 71165 root 0u CHR 136,2 0t0 5 /dev/pts/2
demo 71165 root 1u CHR 136,2 0t0 5 /dev/pts/2
demo 71165 root 2u CHR 136,2 0t0 5 /dev/pts/2
demo 71165 root 3u a_inode 0,14 0 10154 [eventpoll]
demo 71165 root 4r FIFO 0,13 0t0 311238 pipe
demo 71165 root 5w FIFO 0,13 0t0 311238 pipe
