Show Process Limits Using /proc Filesystem

Show process limits with /proc filesystem

I think I mentioned the special /proc filesystem before, it’s available in Linux distros and helps you obtain system and process information via normal files created in a special structure. Today I’d like to show you another cool trick /proc has.

Show Process Info Using /proc

Just to remind you, here’s what I mean: on my Red Hat PC I have this sshd daemon process running:

root@redhat:/ # ps -aef | grep [o]penssh
root 5130 1 0 Oct03 ? 00:00:00 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com

So the sshd process ID (PID) is 5130. That means I can use /proc filesystem to learn quite a bit about the process:

root@redhat:/ # cd /proc/5130
root@redhat:/proc/5130 # ls
 attr        cmdline          environ  io         mem         ns             pagemap      sched      smaps_rollup  syscall        wchan
 autogroup   comm             exe      limits     mountinfo   numa_maps      patch_state  schedstat  stack         task
 auxv        coredump_filter  fd       loginuid   mounts      oom_adj        personality  sessionid  stat          timers
 cgroup      cpuset           fdinfo   map_files  mountstats  oom_score      projid_map   setgroups  statm         timerslack_ns
 clear_refs  cwd              gid_map  maps       net         oom_score_adj  root         smaps      status        uid_map

Each file or directory in this /proc/5130 location shows some information specific to this PID 5130.

For instance, if we list files in the fd directory there, we’ll see all the files and sockets open by sshd at the moment:

root@redhat:/proc/5130 # ls -al fd/*
lr-x------. 1 root root 64 Oct 3 14:10 fd/0 -> /dev/null
lrwx------. 1 root root 64 Oct 3 14:10 fd/1 -> 'socket:[39555]'
lrwx------. 1 root root 64 Oct 3 14:10 fd/2 -> 'socket:[39555]'
lr-x------. 1 root root 64 Oct 3 14:10 fd/3 -> /dev/urandom
lr-x------. 1 root root 64 Oct 3 14:10 fd/4 -> /var/lib/sss/mc/passwd
lrwx------. 1 root root 64 Oct 3 14:10 fd/5 -> 'socket:[45446]'
lrwx------. 1 root root 64 Oct 3 14:10 fd/6 -> 'socket:[45450]'
lr-x------. 1 root root 64 Oct 3 14:10 fd/7 -> /var/lib/sss/mc/group
lrwx------. 1 root root 64 Oct 3 14:10 fd/8 -> 'socket:[45452]'

TODO: I’ll be sure to write a separate post on the /proc filesystem with more thorough walkthrough.

Show Process Limits Using /proc

One of the files in /proc subdirectories is file called limits, and it’s super useful for confirming the current OS limits applied to the process in question.

So for the sshd process with PID 5130, here’s what we can see:

root@redhat:/proc/5130 # cat limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size unlimited unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 127372 127372 processes
Max open files 1024 4096 files
Max locked memory 16777216 16777216 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 127372 127372 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us

Basically, this confirms that I haven’t fine-tuned anything on this new desktop just yet – open files count of 1024 is small cause it’s not a server that requires serving multiple files simultaneously.

Hope you find this useful!

See Also




Show All TCP Connections with lsof

unix-tutorial-blue

I’ve spoken about lsof command briefly a few times, but think it deserves a few more mentions just because it’s such a universally useful tool.

Show TCP Connections with lsof

Using the –i tcp option, you can get lsof to report all the TCP connections currently open by any process in your system.

For example (it’s a long list so I’m just showing the first few lines):

greys@MacBook-Pro:/ $ lsof -i tcp | head -10
COMMAND     PID  USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
cloudd      361 greys  197u  IPv4 0x90d8806378f8ff3d      0t0  TCP localhost:55919->localhost:nfsd-status (ESTABLISHED)
cloudd      361 greys  199u  IPv4 0x90d88063ab22823d      0t0  TCP localhost:65345->localhost:nfsd-status (ESTABLISHED)
rapportd    368 greys    3u  IPv4 0x90d8806374a56f3d      0t0  TCP *:65115 (LISTEN)
rapportd    368 greys    4u  IPv6 0x90d88063935504fd      0t0  TCP *:65115 (LISTEN)
rapportd    368 greys   11u  IPv4 0x90d8806378f91bbd      0t0  TCP macbook-pro.localdomain:65115->iphonex.localdomain:61268 (ESTABLISHED)
rapportd    368 greys   14u  IPv4 0x90d880637350a8bd      0t0  TCP macbook-pro.localdomain:65115->glebs-ipad-2.localdomain:59156 (ESTABLISHED)
SetappAge   555 greys    3u  IPv4 0x90d880637c43c53d      0t0  TCP localhost:codasrv (LISTEN)
SetappAge   555 greys    5u  IPv6 0x90d8806379b196fd      0t0  TCP localhost:codasrv (LISTEN)
Spillo      637 greys    9u  IPv4 0x90d880637350bbbd      0t0  TCP *:8490 (LISTEN)

Show TCP Connections of Specific Process

For individual processes, it’s easier to just show everything lsof can find about a process and then grep fot TCP.

I have an SSH session to one of my local systems:

greys@MacBook-Pro:/ $ ps -aef | grep ssh
501 11070 11053 0 8:35pm ttys008 0:05.59 ssh server

… so this lsof command example shows me that this process PID=11070 has TCP session open to ssh port (22) on server.localdomain server (MacOS adds localdomain everywhere):

greys@MacBook-Pro:/ $ lsof -p 11070 | grep TCP
ssh 11070 greys 3u IPv4 0x90d880638e66623d 0t0 TCP macbook-pro.localdomain:63830->server.localdomain:ssh (ESTABLISHED)

Pretty cool!

See Also

 




How To Use lsof Command

Screen Shot 2019-05-22 at 13.08.34.png

lsof is one of these super useful Linux commands that is still not installed on most distros by default, but it’s definitely part of common repositories so can easily be installed. lsof shows files, sockets and network sockets (including TCP/UDP ports) opened on your OS.

Use lsof for a Specific Process

Most often you run lsof against a specific process ID – meaning that lsof shows you just the files/sockets opened by that process.

For example, I have a process with vim editor, working on the next update to my tmux config file:

501 75010 74939 0 Thu02pm ttys006 0:00.16 vim .tmux.conf

Using the process ID of this vim session, 75010, I can use lsof to see what’s going on:

greys@maverick:~ $ lsof -p 75010
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
vim 75010 greys cwd DIR 1,4 4896 570825 /Users/greys
vim 75010 greys txt REG 1,4 1863696 110389591 /usr/bin/vim
vim 75010 greys txt REG 1,4 973824 110389688 /usr/lib/dyld
vim 75010 greys 0u CHR 16,6 0t17727 1289 /dev/ttys006
vim 75010 greys 1u CHR 16,6 0t17727 1289 /dev/ttys006
vim 75010 greys 2u CHR 16,6 0t17727 1289 /dev/ttys006
vim 75010 greys 4u REG 1,4 12288 115934590 /Users/greys/.tmux.conf.swp

As you can see, this shows that we have a file descriptor open for my current working directory /Users/greys, we have the vim editor binary along with dynamic loader dyld, a few instances of accessing my virtual console (/dev/ttys006) and, finally, the temporary file with tmux.conf changes: /Users/greys/.tmux.conf.swp.

INTERESTING: Just like any sensible editor would do, vim doesn’t actually keep changing the file you’re editing – instead it’s collecting changes in that swap file (.tmux.conf.swp) until we finish and choose to commit changes or exit the vim editor. Then it will apply the changes to the actual file I’m trying to change.

See Also