'ps' behavoir in Linux - Was - Re: array limits

Bill Vermillion fp at wjv.com
Sat Apr 17 06:37:46 PDT 2004 

On Sat, Apr 17, 2004 at 03:05:24AM -0400, Fairlight thus spoke:
> At Fri, Apr 16, 2004 at 09:35:59PM -0500 or thereabouts, 
> suspect Jerry Rains was observed uttering:

> > This tells the files open but not the program that opened them and, again no 
> > arguments.  Also, I have to be 'root' to list the directory.

> > Coastal:/proc/29589/fd # l
> > total 0
> > dr-x------    2 root     root            0 2004-04-16 20:58 ./
> > dr-xr-xr-x    3 filepro  users           0 2004-04-16 20:58 ../
> > lrwx------    1 root     root           64 2004-04-16 20:58 0 -> /dev/pts/2
> > lrwx------    1 root     root           64 2004-04-16 20:58 1 -> /dev/pts/2
> > lrwx------    1 root     root           64 2004-04-16 20:58 2 -> /dev/pts/2
> > lrwx------    1 root     root           64 2004-04-16 20:58 3 -> 
> > /appl/filepro/fpcust/key
> > lrwx------    1 root     root           64 2004-04-16 20:58 5 -> 
> > /appl/filepro/fpcust/index.A
> > lrwx------    1 root     root           64 2004-04-16 20:58 6 -> 
> > /appl/filepro/fpcust/index.B
> > Coastal:/proc/29589/fd #

> The arguments would be in cmdline if there were any, as Ken
> suggested. However, I'm not sure you'll have more luck with
> that than with environ on a swapped out process.

> As for which program opened them, the program running at PID
> 29589 opened those. If that was dclerk, then dclerk did it.

....

I just had a thought last night.  Jerry said he had to be root
to see things in the proc directory, and part of that is for
security reasons, and different OSes may handle that differently.
Newer versions of many have tightened things up as the world has
become more security conscious.

And as I recall, at least in some you are not going to see the
arguments if you aren't the owner of the process. Or am I
remembering that incorrectly.

If that is the case what is the possibility that Jerry could only
see these as root even though he initiated the program because they
are run as SUID and therefore he isn't the owner.  He might try
loggin is as the user filepro and running things, this way the UID
and SUID would be the same.  I've always created a filepro login
account to make sure that CLI things don't screw up ownerships and
permissions.

Bill

-- 
Bill Vermillion - bv @ wjv . com

More information about the Filepro-list mailing list