'ps' behavoir in Linux - Was - Re: array limits

Jerry Rains jmrains at peoplepc.com
Sat Apr 17 06:38:49 PDT 2004 

On Saturday 17 April 2004 08:58, Fairlight wrote:
> Only Bill Vermillion would say something like:
> > I just had a thought last night.  Jerry said he had to be root
> > to see things in the proc directory, and part of that is for
> > security reasons, and different OSes may handle that differently.
> > Newer versions of many have tightened things up as the world has
> > become more security conscious.
>
> It is true that linux's /proc will not let you see some of the contents of
> /proc if you're not root.  Moreover, you can cat cmdline as a regular user,
> but not environ.  You cannot access the fd directory.  There are indeed
> security implications.
>
> > And as I recall, at least in some you are not going to see the
> > arguments if you aren't the owner of the process. Or am I
> > remembering that incorrectly.
>
> Actually, you can get cmdline's contents as any user.  Getting environ
> requires being root.  It does not settle for being even the owner of the
> process, you must actually be root.  The only things accessible by a
> regular user are:  cmdline, stat, statm, and status.  The rest is
> root-only access.
>
> > If that is the case what is the possibility that Jerry could only
> > see these as root even though he initiated the program because they
> > are run as SUID and therefore he isn't the owner.  He might try
> > loggin is as the user filepro and running things, this way the UID
> > and SUID would be the same.  I've always created a filepro login
> > account to make sure that CLI things don't screw up ownerships and
> > permissions.
>
> He would be able to see cmdline's contents as any user--IF the process is
> not swapped out.  If it's swapped out, you're out of luck.  I don't know a
> way to force a program to be swapped back in besides having it in a
> non-sleeping state and keeping it that way.
>
> I've been through the /proc tree a few times over the course of this
> thread, and Jay's pointing out the swap-out nomenclature of ps's output
> definitely pointed the way towards this conclusion.  I've tested -every-
> process notated as [program] in the 'ps' listing, and I can't get anything
> from cmdline on any of them.  Then there's 'init', which is -not- swapped
> out, and I can get the single word 'init' out of cmdline for PID 1.  I
> can't get anything out of anything that's swapped.
>
> It's definitely puzzling to me as to how and why dclerk is swapped out.
> The only things that are really like that on my systems are things like
> kflushd, kupdate, the multiple device drivers (software RAID, etc.), and
> things like lockd and rpciod.  And this is on systems that have been using
> swap.
>
> I don't honestly recall ever seeing dclerk swapped and sleeping like that
> on -any- platform.  Very strange.

Ok, the main problem I seem to have is with the desktop Linux I am using.  
This morning I rebooted the system to shut down any extra processes and 
logged into tty1 and tty2 to start a dclerk process then see what was going 
on.  I did a 'free' command and there was no swap memory being used, however 
with only the two text logins dclerk was still swapped out on my system.  The 
logon header confirmed that my system is indeed SuSE 8.2.  Since I only use 
this system for my Desktop needs, I'm not going to worry about why.

My problem is at work so I dialed back in this morning.  The system was idle 
and ps aux worked fine.

SuSE Linux on iSeries -- the spicy solution!
Have a lot of fun...
filepro at as400linux1:/var/appl/filepro> w
  9:13am  up  3:22,  3 users,  load average: 0.07, 0.03, 0.05
  USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
  root     pts/2    -                 8:50am 23:33   0.00s   ?     -
  filepro  pts/3    -                 9:13am  0.00s  0.64s  0.02s  w
  filepro at as400linux1:/var/appl/filepro> free
                          total       used       free     shared    buffers   
cached
Mem:       1001668     261940     739728          0      51004     127036
               -/+ buffers/cache:      83900     917768
               Swap:       996020          0     996020
               filepro at as400linux1:/var/appl/filepro> ps aux | grep dclerk
               filepro  14020  7.0  0.1  2480 1204 pts/0    S    09:14   0:01 
/appl/fp/dclerk vregstr -s1 -h Vregister -d
               filepro  14038  0.0  0.0  1740  656 pts/3    S    09:14   0:00 
grep dclerk
               filepro at as400linux1:/var/appl/filepro>

So the answer is, even though we have 1Gb of memory, we don't have enough 
memory to prevent swapping during operations.  I'll look into seeing if I can 
move some of the memory from the OS400 side to the Linux partition.

Thanks to all who helped.

Jerry

>
> mark->

More information about the Filepro-list mailing list