]>
Commit | Line | Data |
---|---|---|
9e3fdcb6 AC |
1 | .\" Copyright (C) 1994, 1995, Daniel Quinlan <quinlan@yggdrasil.com> |
2 | .\" Copyright (C) 2002-2008, 2017, Michael Kerrisk <mtk.manpages@gmail.com> | |
92cdcec7 | 3 | .\" Copyright (C) 2023, Alejandro Colomar <alx@kernel.org> |
fea681da | 4 | .\" |
92cdcec7 | 5 | .\" SPDX-License-Identifier: GPL-3.0-or-later |
363f747c | 6 | .\" |
a5ebdc8d | 7 | .TH proc 5 (date) "Linux man-pages (unreleased)" |
fea681da | 8 | .SH NAME |
2e1c1a57 | 9 | proc \- process information, system information, and sysctl pseudo-filesystem |
fea681da MK |
10 | .SH DESCRIPTION |
11 | The | |
31fa1fd2 | 12 | .B proc |
ac8727b6 | 13 | filesystem is a pseudo-filesystem which provides an interface to |
c13182ef MK |
14 | kernel data structures. |
15 | It is commonly mounted at | |
fea681da | 16 | .IR /proc . |
b574c52d MK |
17 | Typically, it is mounted automatically by the system, |
18 | but it can also be mounted manually using a command such as: | |
c6d039a3 | 19 | .P |
b574c52d MK |
20 | .in +4n |
21 | .EX | |
22 | mount \-t proc proc /proc | |
23 | .EE | |
24 | .in | |
c6d039a3 | 25 | .P |
7e174651 | 26 | Most of the files in the |
31fa1fd2 | 27 | .B proc |
7e174651 | 28 | filesystem are read-only, |
64165e01 | 29 | but some files are writable, allowing kernel variables to be changed. |
7e174651 | 30 | .\" |
fee59977 MK |
31 | .SS Mount options |
32 | The | |
31fa1fd2 | 33 | .B proc |
fee59977 MK |
34 | filesystem supports the following mount options: |
35 | .TP | |
36 | .BR hidepid "=\fIn\fP (since Linux 3.3)" | |
37 | .\" commit 0499680a42141d86417a8fbaa8c8db806bea1201 | |
38 | This option controls who can access the information in | |
1ae6b2c7 | 39 | .IR /proc/ pid |
fee59977 MK |
40 | directories. |
41 | The argument, | |
42 | .IR n , | |
43 | is one of the following values: | |
44 | .RS | |
45 | .TP 4 | |
46 | 0 | |
47 | Everybody may access all | |
1ae6b2c7 | 48 | .IR /proc/ pid |
fee59977 MK |
49 | directories. |
50 | This is the traditional behavior, | |
51 | and the default if this mount option is not specified. | |
52 | .TP | |
53 | 1 | |
54 | Users may not access files and subdirectories inside any | |
1ae6b2c7 | 55 | .IR /proc/ pid |
fee59977 | 56 | directories but their own (the |
1ae6b2c7 | 57 | .IR /proc/ pid |
fee59977 MK |
58 | directories themselves remain visible). |
59 | Sensitive files such as | |
1ae6b2c7 | 60 | .IR /proc/ pid /cmdline |
fee59977 | 61 | and |
1ae6b2c7 | 62 | .IR /proc/ pid /status |
fee59977 MK |
63 | are now protected against other users. |
64 | This makes it impossible to learn whether any user is running a | |
65 | specific program | |
66 | (so long as the program doesn't otherwise reveal itself by its behavior). | |
67 | .\" As an additional bonus, since | |
97949440 | 68 | .\" .IR /proc/[pid]/cmdline |
9d4976ce | 69 | .\" is inaccessible for other users, |
fee59977 MK |
70 | .\" poorly written programs passing sensitive information via |
71 | .\" program arguments are now protected against local eavesdroppers. | |
72 | .TP | |
73 | 2 | |
74 | As for mode 1, but in addition the | |
1ae6b2c7 | 75 | .IR /proc/ pid |
fee59977 MK |
76 | directories belonging to other users become invisible. |
77 | This means that | |
1ae6b2c7 | 78 | .IR /proc/ pid |
fee59977 MK |
79 | entries can no longer be used to discover the PIDs on the system. |
80 | This doesn't hide the fact that a process with a specific PID value exists | |
9bc87ed0 | 81 | (it can be learned by other means, for example, by "kill \-0 $PID"), |
fee59977 MK |
82 | but it hides a process's UID and GID, |
83 | which could otherwise be learned by employing | |
84 | .BR stat (2) | |
85 | on a | |
1ae6b2c7 | 86 | .IR /proc/ pid |
fee59977 MK |
87 | directory. |
88 | This greatly complicates an attacker's task of gathering | |
89 | information about running processes (e.g., discovering whether | |
90 | some daemon is running with elevated privileges, | |
91 | whether another user is running some sensitive program, | |
92 | whether other users are running any program at all, and so on). | |
93 | .RE | |
94 | .TP | |
95 | .BR gid "=\fIgid\fP (since Linux 3.3)" | |
96 | .\" commit 0499680a42141d86417a8fbaa8c8db806bea1201 | |
97 | Specifies the ID of a group whose members are authorized to | |
98 | learn process information otherwise prohibited by | |
1ae6b2c7 | 99 | .B hidepid |
95b1c1d1 | 100 | (i.e., users in this group behave as though |
fee59977 MK |
101 | .I /proc |
102 | was mounted with | |
95b1c1d1 | 103 | .IR hidepid=0 ). |
fee59977 MK |
104 | This group should be used instead of approaches such as putting |
105 | nonroot users into the | |
106 | .BR sudoers (5) | |
107 | file. | |
3c7cfa32 MK |
108 | .\" |
109 | .SS Overview | |
110 | Underneath | |
111 | .IR /proc , | |
112 | there are the following general groups of files and subdirectories: | |
113 | .TP | |
1ae6b2c7 | 114 | .IR /proc/ "pid subdirectories" |
3c7cfa32 MK |
115 | Each one of these subdirectories contains files and subdirectories |
116 | exposing information about the process with the corresponding process ID. | |
117 | .IP | |
118 | Underneath each of the | |
1ae6b2c7 | 119 | .IR /proc/ pid |
3c7cfa32 | 120 | directories, a |
7fe3b32b | 121 | .I task |
3c7cfa32 | 122 | subdirectory contains subdirectories of the form |
1ae6b2c7 | 123 | .IR task/ tid, |
3c7cfa32 MK |
124 | which contain corresponding information about each of the threads |
125 | in the process, where | |
126 | .I tid | |
127 | is the kernel thread ID of the thread. | |
01df7b70 MK |
128 | .IP |
129 | The | |
1ae6b2c7 | 130 | .IR /proc/ pid |
01df7b70 MK |
131 | subdirectories are visible when iterating through |
132 | .I /proc | |
133 | with | |
134 | .BR getdents (2) | |
135 | (and thus are visible when one uses | |
136 | .BR ls (1) | |
137 | to view the contents of | |
138 | .IR /proc ). | |
139 | .TP | |
1ae6b2c7 | 140 | .IR /proc/ "tid subdirectories" |
01df7b70 MK |
141 | Each one of these subdirectories contains files and subdirectories |
142 | exposing information about the thread with the corresponding thread ID. | |
37cd58d2 | 143 | The contents of these directories are the same as the corresponding |
1ae6b2c7 | 144 | .IR /proc/ pid /task/ tid |
37cd58d2 | 145 | directories. |
01df7b70 MK |
146 | .IP |
147 | The | |
1ae6b2c7 | 148 | .IR /proc/ tid |
01df7b70 MK |
149 | subdirectories are |
150 | .I not | |
151 | visible when iterating through | |
152 | .I /proc | |
153 | with | |
154 | .BR getdents (2) | |
155 | (and thus are | |
156 | .I not | |
157 | visible when one uses | |
158 | .BR ls (1) | |
3c7cfa32 MK |
159 | to view the contents of |
160 | .IR /proc ). | |
161 | .TP | |
162 | .I /proc/self | |
163 | When a process accesses this magic symbolic link, | |
164 | it resolves to the process's own | |
1ae6b2c7 | 165 | .IR /proc/ pid |
3c7cfa32 MK |
166 | directory. |
167 | .TP | |
184d797d | 168 | .I /proc/thread\-self |
3c7cfa32 MK |
169 | When a thread accesses this magic symbolic link, |
170 | it resolves to the process's own | |
1ae6b2c7 | 171 | .IR /proc/self/task/ tid |
3c7cfa32 MK |
172 | directory. |
173 | .TP | |
184d797d | 174 | .I /proc/[a\-z]* |
3c7cfa32 MK |
175 | Various other files and subdirectories under |
176 | .I /proc | |
177 | expose system-wide information. | |
c6d039a3 | 178 | .P |
5125d867 SB |
179 | All of the above are described in more detail in separate manpages |
180 | whose names start with | |
181 | .BR proc_ . | |
3c7cfa32 | 182 | .\" |
92cdcec7 | 183 | .\" .SH FILES |
69119dc7 | 184 | .\" FIXME Describe /proc/[pid]/sessionid |
b3fb99e8 | 185 | .\" commit 1e0bd7550ea9cf474b1ad4c6ff5729a507f75fdc |
b4e9ee8f | 186 | .\" CONFIG_AUDITSYSCALL |
b324e17d | 187 | .\" Added in Linux 2.6.25; read-only; only readable by real UID |
bea08fec | 188 | .\" |
69119dc7 | 189 | .\" FIXME Describe /proc/[pid]/sched |
b324e17d | 190 | .\" Added in Linux 2.6.23 |
b4e9ee8f MK |
191 | .\" CONFIG_SCHED_DEBUG, and additional fields if CONFIG_SCHEDSTATS |
192 | .\" Displays various scheduling parameters | |
193 | .\" This file can be written, to reset stats | |
ef4f4031 | 194 | .\" The set of fields exposed by this file have changed |
b3fb99e8 MK |
195 | .\" significantly over time. |
196 | .\" commit 43ae34cb4cd650d1eb4460a8253a8e747ba052ac | |
197 | .\" | |
69119dc7 MK |
198 | .\" FIXME Describe /proc/[pid]/schedstats and |
199 | .\" /proc/[pid]/task/[tid]/schedstats | |
b324e17d | 200 | .\" Added in Linux 2.6.9 |
b4e9ee8f | 201 | .\" CONFIG_SCHEDSTATS |
43d42cc0 | 202 | .\" FIXME Document /proc/sched_debug (since Linux 2.6.23) |
69119dc7 | 203 | .\" See also /proc/[pid]/sched |
bea08fec | 204 | .\" FIXME 2.6.13 seems to have /proc/vmcore implemented; document this |
64dbd023 MK |
205 | .\" See Documentation/kdump/kdump.txt |
206 | .\" commit 666bfddbe8b8fd4fd44617d6c55193d5ac7edb29 | |
207 | .\" Needs CONFIG_VMCORE | |
208 | .\" | |
e37e3282 | 209 | .SH NOTES |
f0d6cc5f MK |
210 | Many files contain strings (e.g., the environment and command line) |
211 | that are in the internal format, | |
b957f81f | 212 | with subfields terminated by null bytes (\[aq]\e0\[aq]). |
f0d6cc5f MK |
213 | When inspecting such files, you may find that the results are more readable |
214 | if you use a command of the following form to display them: | |
c6d039a3 | 215 | .P |
295fe9e0 MK |
216 | .in +4n |
217 | .EX | |
b957f81f | 218 | .RB "$" " cat \fIfile\fP | tr \[aq]\e000\[aq] \[aq]\en\[aq]" |
295fe9e0 MK |
219 | .EE |
220 | .in | |
e37e3282 MK |
221 | .\" .SH ACKNOWLEDGEMENTS |
222 | .\" The material on /proc/sys/fs and /proc/sys/kernel is closely based on | |
223 | .\" kernel source documentation files written by Rik van Riel. | |
47297adb | 224 | .SH SEE ALSO |
fea681da | 225 | .BR cat (1), |
c4517613 | 226 | .BR dmesg (1), |
fea681da MK |
227 | .BR find (1), |
228 | .BR free (1), | |
397d130a | 229 | .BR htop (1), |
5bb0a75e | 230 | .BR init (1), |
fea681da | 231 | .BR ps (1), |
397d130a | 232 | .BR pstree (1), |
fea681da MK |
233 | .BR tr (1), |
234 | .BR uptime (1), | |
235 | .BR chroot (2), | |
236 | .BR mmap (2), | |
237 | .BR readlink (2), | |
238 | .BR syslog (2), | |
239 | .BR slabinfo (5), | |
561fb695 | 240 | .BR sysfs (5), |
fea681da | 241 | .BR hier (7), |
4effb5be | 242 | .BR namespaces (7), |
268f000b | 243 | .BR time (7), |
fea681da | 244 | .BR arp (8), |
fea681da MK |
245 | .BR hdparm (8), |
246 | .BR ifconfig (8), | |
fea681da MK |
247 | .BR lsmod (8), |
248 | .BR lspci (8), | |
809d0164 | 249 | .BR mount (8), |
fea681da MK |
250 | .BR netstat (8), |
251 | .BR procinfo (8), | |
128f43c7 MK |
252 | .BR route (8), |
253 | .BR sysctl (8) | |
c6d039a3 | 254 | .P |
66a9882e | 255 | The Linux kernel source files: |
8a5fc410 MK |
256 | .IR Documentation/filesystems/proc.rst , |
257 | .IR Documentation/admin\-guide/sysctl/fs.rst , | |
258 | .IR Documentation/admin\-guide/sysctl/kernel.rst , | |
259 | .IR Documentation/admin\-guide/sysctl/net.rst , | |
66a9882e | 260 | and |
8a5fc410 | 261 | .IR Documentation/admin\-guide/sysctl/vm.rst . |