Is there a way in linux, to determine how a process was invoked? I know, that ps
displays the startup parameters, but I'm interested how the process start was executed.
Was it a init.d
script, a cron job
or manual invocation via cli. Right now I am looking through all configs/commands manually, is there an easy way I am overlooking?
(I also know, that the presence of systemd
etc. is distro related which helps to priorize a little bit.)
In most cases, for a process of pid 1234, you can get valuable information about it thru /proc/1234/
(see proc(5) for details)
See also credentials(7) and Advanced Linux Programming and Linux From Scratch
For exemple, try ps $$
then cat /proc/$$/status
then cat /proc/$$/maps
then cat /proc/$$/comm
in your terminal (running probably the GNU bash shell, or zsh )
Consider writing your C program doing appropriate syscalls(2) (with perhaps opendir(3) and readdir(3) ...) to query that information from /proc/
....
Remember to read errno(3) . A lot of functions (like open(2) , read(2) , getpwnam(3) ....) can fail.
Download, then study for inspiration the source code of the GNU bash shell (or even of the Linux kernel ), it is free software .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.