Here is a quick note on how to find the arguments (command line parameters) passed to a script or a running process. A simple "ps -ef|grep process_name" gives the details of a given process along with the arguments passed to it. If the arguments are more than what the system's output could show up then it is really hard to find the arguments that have gone into the execution of a process/script.
ps command has various flags in itelf, when used appropriately will give you exactly what you are looking for.pargs is another command to see the arguments that have been passed to a process or a script. The working of the two commands have been shown below, visiting the man pages of both the binaries will give access to a lot of other options which when used will give out astounding results.
The below examples display all the command line arguments, but if there is a script/process executing with a very big list of command line arguments - these commands will be helpful.
The below slide shows that pargs has no effect on a zombie process, in this case it is the "grep rman" process.
In the below slide it shows the output of running the 'ps' command on the process id 1332, which is a parent process for a couple of processes(see in very first slide). This has the arguments as /usr/sbin/cron, which is a cron process and is only usable by "root" user.
But the pargs command on 1132 has not effect, infact there is a "permission denied" message output since it is owned by root.
In the above slide, there are two new arguments - ppid and user.
ppid - parent process id
user - user who owns the process
Now let us play a little with the ppid argument of ps command. Following slide shows the output for 29029 process id, this process id is a parent process for 29037 process and child process for 1132.
We already know that 1132 is "/usr/sbin/cron" process owned by root, when searching for more details on 1132 process it is found that 1132 has a ppid of 1 and a state of S (process is in sleep mode, waiting for an event to complete). Here the "s" flag of ps gives the state of a process.
Let us now search for the process with pid 1 and then a search with the ppid of 1. The slides below have a truncated output, since a number '1' or '0' could be found in - if not all the processes but most of the processes.
Here the pid 1 has a parent process of 0, which has a state of T that means Process is stopped, either by a job control signal or because it is being traced.
Tuesday, March 3, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment