[LINUX] Read all the contents of proc / [pid] ~ From cwd to loginuid ~

Overview

I would appreciate it if you could take a look at the details here. Read all the contents of proc / [pid]

Wrong, you can find more information here, that directory is no longer in use, I would appreciate it if you could comment if you have any information.

# sleep 365d > /dev/null &
[1] 3792

# ls /proc/3792
attr             cwd       map_files   oom_adj        schedstat  task
autogroup        environ   maps        oom_score      sessionid  timers
auxv             exe       mem         oom_score_adj  setgroups  uid_map
cgroup           fd        mountinfo   pagemap        smaps      wchan
clear_refs       fdinfo    mounts      patch_state    stack
cmdline          gid_map   mountstats  personality    stat
comm             io        net         projid_map     statm
coredump_filter  limits    ns          root           status
cpuset           loginuid  numa_maps   sched          syscall

# cd /proc/3792

cwd

# ll cwd
lrwxrwxrwx. 1 root root 0 Jan 11 13:12 cwd -> /root

A symbolic link to the process's current directory. Since I ran it as the root user, it is / root. The 3792 process seems to work as / root. Sounds dangerous.

environ

# cat environ
XDG_SESSION_ID=89SHELL=/bin/bashTERM=xtermHISTSIZE=1000USER=rootLS_COLORS=rs=0:di=01;34:ln=01;(abridgement)

# tr \\0 \\n < environ
XDG_SESSION_ID=89
SHELL=/bin/bash
TERM=xterm
HISTSIZE=1000
USER=root
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;(abridgement)
MAIL=/var/spool/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
PWD=/root
LANG=en_US.UTF-8
HISTCONTROL=ignoredups
SHLVL=1
HOME=/root
LOGNAME=root
LESSOPEN=||/usr/bin/lesspipe.sh %s
_=/bin/sleep

The value of the environment variable. It seems to be separated by a null character. I don't know if it's cat. The same content was confirmed with ps ex | grep 3792.

Postscript

Converting \ 0 (NULL) to \ n (line feed) as tr \\ 0 \\ n <environ makes it easier to read.

exe

# ll exe
lrwxrwxrwx. 1 root root 0 Jan 11 13:12 exe -> /usr/bin/sleep

Executable file symbolic

fd

# ll fd
total 0
lrwx------. 1 root root 64 Jan 11 12:49 0 -> /dev/pts/0 (deleted)
l-wx------. 1 root root 64 Jan 11 12:49 1 -> /dev/null
lrwx------. 1 root root 64 Jan 11 14:26 2 -> /dev/pts/0 (deleted)

A subdirectory containing entries for each file opened by the process. The file descriptor is the file name, which is a symbolic link to the actual file. Therefore, 0 is the standard input, 1 is the standard output, 2 is the standard error output, and so on. Quote [https://linuxjm.osdn.jp/html/LDP_man-pages/man5/proc.5.html]

fd: = Abbreviation for File Descriptor. This is convenient. Can be used when you want to check input / output

fdinfo

# ll fdinfo/
total 0
-r--------. 1 root root 0 Jan 11 12:49 0
-r--------. 1 root root 0 Jan 11 12:49 1
-r--------. 1 root root 0 Jan 11 12:49 2

# cat fdinfo/0 fdinfo/1 fdinfo/2
pos:    0
flags:  0100002
mnt_id: 23
pos:    0
flags:  0100001
mnt_id: 20
pos:    0
flags:  0100002
mnt_id: 23

With the above information, it seems that the process can identify the file descriptor.

gid_map,uid_map

# cat gid_map
         0          0 4294967295
# cat uid_map
         0          0 4294967295

It seems to describe the mapping information required to use different UIDs and GIDs inside and outside the user namespace. This will be helpful, so I'll read it later. https://gihyo.jp/admin/serial/01/linux_containers/0016

io

# cat io
rchar: 2012
wchar: 0
syscr: 7
syscw: 0
read_bytes: 0
write_bytes: 0
cancelled_write_bytes: 0

This file displays process I / O statistics. ... rchar: number of characters to read wchar: number of characters to write syscr: number of read system calls syscw: number of write system calls read_bytes: number of bytes to read write_bytes: number of bytes to write cancelled_write_bytes: ... (partially omitted) https://linuxjm.osdn.jp/html/LDP_man-pages/man5/proc.5.html

The last one should be "the number of bytes that failed to write".

limits

# cat limits
Limit                     Soft Limit           Hard Limit           Units
Max cpu time              unlimited            unlimited            seconds
Max file size             unlimited            unlimited            bytes
Max data size             unlimited            unlimited            bytes
Max stack size            8388608              unlimited            bytes
Max core file size        0                    unlimited            bytes
Max resident set          unlimited            unlimited            bytes
Max processes             2288                 2288                 processes
Max open files            1024                 4096                 files
Max locked memory         65536                65536                bytes
Max address space         unlimited            unlimited            bytes
Max file locks            unlimited            unlimited            locks
Max pending signals       2288                 2288                 signals
Max msgqueue size         819200               819200               bytes
Max nice priority         0                    0
Max realtime priority     0                    0
Max realtime timeout      unlimited            unlimited            us

It summarizes the resource limits of the process.

loginuid

# cat loginuid
1000

Who is the uid 1000

# cat /etc/passwd | grep 1000
inahy:x:1000:1001::/home/inahy:/bin/bash

It was my uid when I logged in to ssh. Currently, it is su to [inahy]-> [root]. What are you going to use it for?

Impressions

I wasn't feeling well and had to copy and paste. I would like to make corrections later.

reference

http://man7.org/linux/man-pages/man5/proc.5.html https://gihyo.jp/admin/serial/01/linux_containers/0016 http://manpages.ubuntu.com/manpages/bionic/ja/man5/proc.5.html