]>
Commit | Line | Data |
---|---|---|
9e3fdcb6 AC |
1 | .\" Copyright (C) 1994, 1995, Daniel Quinlan <quinlan@yggdrasil.com> |
2 | .\" Copyright (C) 2002-2008, 2017, Michael Kerrisk <mtk.manpages@gmail.com> | |
92cdcec7 | 3 | .\" Copyright (C) 2023, Alejandro Colomar <alx@kernel.org> |
fea681da | 4 | .\" |
92cdcec7 | 5 | .\" SPDX-License-Identifier: GPL-3.0-or-later |
363f747c | 6 | .\" |
a5ebdc8d | 7 | .TH proc 5 (date) "Linux man-pages (unreleased)" |
fea681da | 8 | .SH NAME |
2e1c1a57 | 9 | proc \- process information, system information, and sysctl pseudo-filesystem |
fea681da MK |
10 | .SH DESCRIPTION |
11 | The | |
31fa1fd2 | 12 | .B proc |
ac8727b6 | 13 | filesystem is a pseudo-filesystem which provides an interface to |
c13182ef MK |
14 | kernel data structures. |
15 | It is commonly mounted at | |
fea681da | 16 | .IR /proc . |
b574c52d MK |
17 | Typically, it is mounted automatically by the system, |
18 | but it can also be mounted manually using a command such as: | |
c6d039a3 | 19 | .P |
b574c52d MK |
20 | .in +4n |
21 | .EX | |
22 | mount \-t proc proc /proc | |
23 | .EE | |
24 | .in | |
c6d039a3 | 25 | .P |
7e174651 | 26 | Most of the files in the |
31fa1fd2 | 27 | .B proc |
7e174651 | 28 | filesystem are read-only, |
64165e01 | 29 | but some files are writable, allowing kernel variables to be changed. |
7e174651 | 30 | .\" |
fee59977 MK |
31 | .SS Mount options |
32 | The | |
31fa1fd2 | 33 | .B proc |
fee59977 MK |
34 | filesystem supports the following mount options: |
35 | .TP | |
36 | .BR hidepid "=\fIn\fP (since Linux 3.3)" | |
37 | .\" commit 0499680a42141d86417a8fbaa8c8db806bea1201 | |
38 | This option controls who can access the information in | |
1ae6b2c7 | 39 | .IR /proc/ pid |
fee59977 MK |
40 | directories. |
41 | The argument, | |
42 | .IR n , | |
43 | is one of the following values: | |
44 | .RS | |
45 | .TP 4 | |
46 | 0 | |
47 | Everybody may access all | |
1ae6b2c7 | 48 | .IR /proc/ pid |
fee59977 MK |
49 | directories. |
50 | This is the traditional behavior, | |
51 | and the default if this mount option is not specified. | |
52 | .TP | |
53 | 1 | |
54 | Users may not access files and subdirectories inside any | |
1ae6b2c7 | 55 | .IR /proc/ pid |
fee59977 | 56 | directories but their own (the |
1ae6b2c7 | 57 | .IR /proc/ pid |
fee59977 MK |
58 | directories themselves remain visible). |
59 | Sensitive files such as | |
1ae6b2c7 | 60 | .IR /proc/ pid /cmdline |
fee59977 | 61 | and |
1ae6b2c7 | 62 | .IR /proc/ pid /status |
fee59977 MK |
63 | are now protected against other users. |
64 | This makes it impossible to learn whether any user is running a | |
65 | specific program | |
66 | (so long as the program doesn't otherwise reveal itself by its behavior). | |
67 | .\" As an additional bonus, since | |
97949440 | 68 | .\" .IR /proc/[pid]/cmdline |
9d4976ce | 69 | .\" is inaccessible for other users, |
fee59977 MK |
70 | .\" poorly written programs passing sensitive information via |
71 | .\" program arguments are now protected against local eavesdroppers. | |
72 | .TP | |
73 | 2 | |
74 | As for mode 1, but in addition the | |
1ae6b2c7 | 75 | .IR /proc/ pid |
fee59977 MK |
76 | directories belonging to other users become invisible. |
77 | This means that | |
1ae6b2c7 | 78 | .IR /proc/ pid |
fee59977 MK |
79 | entries can no longer be used to discover the PIDs on the system. |
80 | This doesn't hide the fact that a process with a specific PID value exists | |
9bc87ed0 | 81 | (it can be learned by other means, for example, by "kill \-0 $PID"), |
fee59977 MK |
82 | but it hides a process's UID and GID, |
83 | which could otherwise be learned by employing | |
84 | .BR stat (2) | |
85 | on a | |
1ae6b2c7 | 86 | .IR /proc/ pid |
fee59977 MK |
87 | directory. |
88 | This greatly complicates an attacker's task of gathering | |
89 | information about running processes (e.g., discovering whether | |
90 | some daemon is running with elevated privileges, | |
91 | whether another user is running some sensitive program, | |
92 | whether other users are running any program at all, and so on). | |
fee59977 MK |
93 | .TP |
94 | .BR gid "=\fIgid\fP (since Linux 3.3)" | |
95 | .\" commit 0499680a42141d86417a8fbaa8c8db806bea1201 | |
96 | Specifies the ID of a group whose members are authorized to | |
97 | learn process information otherwise prohibited by | |
1ae6b2c7 | 98 | .B hidepid |
95b1c1d1 | 99 | (i.e., users in this group behave as though |
fee59977 MK |
100 | .I /proc |
101 | was mounted with | |
95b1c1d1 | 102 | .IR hidepid=0 ). |
fee59977 MK |
103 | This group should be used instead of approaches such as putting |
104 | nonroot users into the | |
105 | .BR sudoers (5) | |
106 | file. | |
dd465607 MC |
107 | .RE |
108 | .TP | |
109 | .BR subset = pid " (since Linux 5.8)" | |
110 | .\" commit 6814ef2d992af09451bbeda4770daa204461329e | |
111 | Show only the specified subset of procfs, | |
112 | hiding all top level files and directories in the procfs | |
113 | that are not related to tasks. | |
3c7cfa32 MK |
114 | .SS Overview |
115 | Underneath | |
116 | .IR /proc , | |
117 | there are the following general groups of files and subdirectories: | |
118 | .TP | |
1ae6b2c7 | 119 | .IR /proc/ "pid subdirectories" |
3c7cfa32 MK |
120 | Each one of these subdirectories contains files and subdirectories |
121 | exposing information about the process with the corresponding process ID. | |
122 | .IP | |
123 | Underneath each of the | |
1ae6b2c7 | 124 | .IR /proc/ pid |
3c7cfa32 | 125 | directories, a |
7fe3b32b | 126 | .I task |
3c7cfa32 | 127 | subdirectory contains subdirectories of the form |
1ae6b2c7 | 128 | .IR task/ tid, |
3c7cfa32 MK |
129 | which contain corresponding information about each of the threads |
130 | in the process, where | |
131 | .I tid | |
132 | is the kernel thread ID of the thread. | |
01df7b70 MK |
133 | .IP |
134 | The | |
1ae6b2c7 | 135 | .IR /proc/ pid |
01df7b70 MK |
136 | subdirectories are visible when iterating through |
137 | .I /proc | |
138 | with | |
139 | .BR getdents (2) | |
140 | (and thus are visible when one uses | |
141 | .BR ls (1) | |
142 | to view the contents of | |
143 | .IR /proc ). | |
144 | .TP | |
1ae6b2c7 | 145 | .IR /proc/ "tid subdirectories" |
01df7b70 MK |
146 | Each one of these subdirectories contains files and subdirectories |
147 | exposing information about the thread with the corresponding thread ID. | |
37cd58d2 | 148 | The contents of these directories are the same as the corresponding |
1ae6b2c7 | 149 | .IR /proc/ pid /task/ tid |
37cd58d2 | 150 | directories. |
01df7b70 MK |
151 | .IP |
152 | The | |
1ae6b2c7 | 153 | .IR /proc/ tid |
01df7b70 MK |
154 | subdirectories are |
155 | .I not | |
156 | visible when iterating through | |
157 | .I /proc | |
158 | with | |
159 | .BR getdents (2) | |
160 | (and thus are | |
161 | .I not | |
162 | visible when one uses | |
163 | .BR ls (1) | |
3c7cfa32 MK |
164 | to view the contents of |
165 | .IR /proc ). | |
166 | .TP | |
167 | .I /proc/self | |
168 | When a process accesses this magic symbolic link, | |
169 | it resolves to the process's own | |
1ae6b2c7 | 170 | .IR /proc/ pid |
3c7cfa32 MK |
171 | directory. |
172 | .TP | |
184d797d | 173 | .I /proc/thread\-self |
3c7cfa32 MK |
174 | When a thread accesses this magic symbolic link, |
175 | it resolves to the process's own | |
1ae6b2c7 | 176 | .IR /proc/self/task/ tid |
3c7cfa32 MK |
177 | directory. |
178 | .TP | |
184d797d | 179 | .I /proc/[a\-z]* |
3c7cfa32 MK |
180 | Various other files and subdirectories under |
181 | .I /proc | |
182 | expose system-wide information. | |
c6d039a3 | 183 | .P |
5125d867 SB |
184 | All of the above are described in more detail in separate manpages |
185 | whose names start with | |
186 | .BR proc_ . | |
3c7cfa32 | 187 | .\" |
92cdcec7 | 188 | .\" .SH FILES |
69119dc7 | 189 | .\" FIXME Describe /proc/[pid]/sessionid |
b3fb99e8 | 190 | .\" commit 1e0bd7550ea9cf474b1ad4c6ff5729a507f75fdc |
b4e9ee8f | 191 | .\" CONFIG_AUDITSYSCALL |
b324e17d | 192 | .\" Added in Linux 2.6.25; read-only; only readable by real UID |
bea08fec | 193 | .\" |
69119dc7 | 194 | .\" FIXME Describe /proc/[pid]/sched |
b324e17d | 195 | .\" Added in Linux 2.6.23 |
b4e9ee8f MK |
196 | .\" CONFIG_SCHED_DEBUG, and additional fields if CONFIG_SCHEDSTATS |
197 | .\" Displays various scheduling parameters | |
198 | .\" This file can be written, to reset stats | |
ef4f4031 | 199 | .\" The set of fields exposed by this file have changed |
b3fb99e8 MK |
200 | .\" significantly over time. |
201 | .\" commit 43ae34cb4cd650d1eb4460a8253a8e747ba052ac | |
202 | .\" | |
69119dc7 MK |
203 | .\" FIXME Describe /proc/[pid]/schedstats and |
204 | .\" /proc/[pid]/task/[tid]/schedstats | |
b324e17d | 205 | .\" Added in Linux 2.6.9 |
b4e9ee8f | 206 | .\" CONFIG_SCHEDSTATS |
43d42cc0 | 207 | .\" FIXME Document /proc/sched_debug (since Linux 2.6.23) |
69119dc7 | 208 | .\" See also /proc/[pid]/sched |
bea08fec | 209 | .\" FIXME 2.6.13 seems to have /proc/vmcore implemented; document this |
64dbd023 MK |
210 | .\" See Documentation/kdump/kdump.txt |
211 | .\" commit 666bfddbe8b8fd4fd44617d6c55193d5ac7edb29 | |
212 | .\" Needs CONFIG_VMCORE | |
213 | .\" | |
e37e3282 | 214 | .SH NOTES |
f0d6cc5f MK |
215 | Many files contain strings (e.g., the environment and command line) |
216 | that are in the internal format, | |
b957f81f | 217 | with subfields terminated by null bytes (\[aq]\e0\[aq]). |
f0d6cc5f MK |
218 | When inspecting such files, you may find that the results are more readable |
219 | if you use a command of the following form to display them: | |
c6d039a3 | 220 | .P |
295fe9e0 MK |
221 | .in +4n |
222 | .EX | |
b957f81f | 223 | .RB "$" " cat \fIfile\fP | tr \[aq]\e000\[aq] \[aq]\en\[aq]" |
295fe9e0 MK |
224 | .EE |
225 | .in | |
e37e3282 MK |
226 | .\" .SH ACKNOWLEDGEMENTS |
227 | .\" The material on /proc/sys/fs and /proc/sys/kernel is closely based on | |
228 | .\" kernel source documentation files written by Rik van Riel. | |
47297adb | 229 | .SH SEE ALSO |
fea681da | 230 | .BR cat (1), |
c4517613 | 231 | .BR dmesg (1), |
fea681da MK |
232 | .BR find (1), |
233 | .BR free (1), | |
397d130a | 234 | .BR htop (1), |
5bb0a75e | 235 | .BR init (1), |
fea681da | 236 | .BR ps (1), |
397d130a | 237 | .BR pstree (1), |
fea681da MK |
238 | .BR tr (1), |
239 | .BR uptime (1), | |
240 | .BR chroot (2), | |
241 | .BR mmap (2), | |
242 | .BR readlink (2), | |
243 | .BR syslog (2), | |
244 | .BR slabinfo (5), | |
561fb695 | 245 | .BR sysfs (5), |
fea681da | 246 | .BR hier (7), |
4effb5be | 247 | .BR namespaces (7), |
268f000b | 248 | .BR time (7), |
fea681da | 249 | .BR arp (8), |
fea681da MK |
250 | .BR hdparm (8), |
251 | .BR ifconfig (8), | |
fea681da MK |
252 | .BR lsmod (8), |
253 | .BR lspci (8), | |
809d0164 | 254 | .BR mount (8), |
fea681da MK |
255 | .BR netstat (8), |
256 | .BR procinfo (8), | |
128f43c7 MK |
257 | .BR route (8), |
258 | .BR sysctl (8) | |
c6d039a3 | 259 | .P |
66a9882e | 260 | The Linux kernel source files: |
8a5fc410 MK |
261 | .IR Documentation/filesystems/proc.rst , |
262 | .IR Documentation/admin\-guide/sysctl/fs.rst , | |
263 | .IR Documentation/admin\-guide/sysctl/kernel.rst , | |
264 | .IR Documentation/admin\-guide/sysctl/net.rst , | |
66a9882e | 265 | and |
8a5fc410 | 266 | .IR Documentation/admin\-guide/sysctl/vm.rst . |