'ps' behavoir in Linux - Was - Re: array limits

Fairlight fairlite at fairlite.com
Sat Apr 17 06:58:14 PDT 2004 

Only Bill Vermillion would say something like:
> 
> I just had a thought last night.  Jerry said he had to be root
> to see things in the proc directory, and part of that is for
> security reasons, and different OSes may handle that differently.
> Newer versions of many have tightened things up as the world has
> become more security conscious.

It is true that linux's /proc will not let you see some of the contents of
/proc if you're not root.  Moreover, you can cat cmdline as a regular user,
but not environ.  You cannot access the fd directory.  There are indeed
security implications.

> And as I recall, at least in some you are not going to see the
> arguments if you aren't the owner of the process. Or am I
> remembering that incorrectly.

Actually, you can get cmdline's contents as any user.  Getting environ
requires being root.  It does not settle for being even the owner of the
process, you must actually be root.  The only things accessible by a
regular user are:  cmdline, stat, statm, and status.  The rest is
root-only access.

> If that is the case what is the possibility that Jerry could only
> see these as root even though he initiated the program because they
> are run as SUID and therefore he isn't the owner.  He might try
> loggin is as the user filepro and running things, this way the UID
> and SUID would be the same.  I've always created a filepro login
> account to make sure that CLI things don't screw up ownerships and
> permissions.

He would be able to see cmdline's contents as any user--IF the process is
not swapped out.  If it's swapped out, you're out of luck.  I don't know a
way to force a program to be swapped back in besides having it in a
non-sleeping state and keeping it that way.

I've been through the /proc tree a few times over the course of this
thread, and Jay's pointing out the swap-out nomenclature of ps's output
definitely pointed the way towards this conclusion.  I've tested -every-
process notated as [program] in the 'ps' listing, and I can't get anything
from cmdline on any of them.  Then there's 'init', which is -not- swapped
out, and I can get the single word 'init' out of cmdline for PID 1.  I
can't get anything out of anything that's swapped.

It's definitely puzzling to me as to how and why dclerk is swapped out.
The only things that are really like that on my systems are things like
kflushd, kupdate, the multiple device drivers (software RAID, etc.), and
things like lockd and rpciod.  And this is on systems that have been using
swap. 

I don't honestly recall ever seeing dclerk swapped and sleeping like that
on -any- platform.  Very strange.

mark->
-- 
Bring the web-enabling power of OneGate to -your- filePro applications today!

Try the live filePro-based, OneGate-enabled demo at the following URL:
               http://www2.onnik.com/~fairlite/flfssindex.html

More information about the Filepro-list mailing list