Chapter 5. The proc File System
/proc/directory — also called the
procfile system — contains a hierarchy of special files which represent the current state of the kernel — allowing applications and users to peer into the kernel's view of the system.
/proc/directory, one can find a wealth of information detailing the system hardware and any processes currently running. In addition, some of the files within the
/proc/directory tree can be manipulated by users and applications to communicate configuration changes to the kernel.
5.1. A Virtual File System
/proc/directory contains another type of file called a virtual file. It is for this reason that
/proc/is often referred to as a virtual file system.
/proc/partitionsprovide an up-to-the-moment glimpse of the system's hardware. Others, like the
/proc/filesystemsfile and the
/proc/sys/directory provide system configuration information and interfaces.
/proc/ide/contains information for all physical IDE devices. Likewise, process directories contain information about each running process on the system.
5.1.1. Viewing Virtual Files
lesscommands on files within the
/proc/directory, users can immediately access enormous amounts of information about the system. For example, to display the type of CPU a computer has, type
cat /proc/cpuinfoto receive output similar to the following:
processor : 0 vendor_id : AuthenticAMD cpu family : 5 model : 9 model name : AMD-K6(tm) 3D+ Processor stepping : 1 cpu MHz : 400.919 cache size : 256 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu vme de pse tsc msr mce cx8 pge mmx syscall 3dnow k6_mtrr bogomips : 799.53
/proc/file system, some of the information is easily understandable while some is not human-readable. This is in part why utilities exist to pull data from virtual files and display it in a useful way. Examples of these utilities include
/proc/directory are readable only by the root user.
5.1.2. Changing Virtual Files
/proc/directory are read-only. However, some can be used to adjust settings in the kernel. This is especially true for files in the
echocommand and a greater than symbol (
>) to redirect the new value to the file. For example, to change the hostname on the fly, type:
echo www.example.com > /proc/sys/kernel/hostname
cat /proc/sys/net/ipv4/ip_forwardreturns either a
0indicates that the kernel is not forwarding network packets. Using the
echocommand to change the value of the
1immediately turns packet forwarding on.
/sbin/sysctl. For more information on this command, refer to Section 5.4, “Using the
/proc/sys/subdirectory, refer to Section 5.3.9, “
5.1.3. Restricting Access to Process Directories
/proc/so that they can be viewed only by the
rootuser. You can restrict the access to these directories with the use of the
mountcommand with the
-o remountoption. As
hidepidis one of:
0(default) — every user can read all world-readable files stored in a process directory.
1— users can access only their own process directories. This protects the sensitive files like
statusfrom access by non-root users. This setting does not affect the actual file permissions.
2— process files are invisible to non-root users. The existence of a process can be learned by other means, but its effective UID and GID is hidden. Hiding these IDs complicates an intruder's task of gathering information about running processes.
Example 5.1. Restricting access to process directories
1, a non-root user cannot access the contents of process directories. An attempt to do so fails with the following message:
/proc/1/ls: /proc/1/: Operation not permitted
2enabled, process directories are made invisible to non-root users:
/proc/1/ls: /proc/1/: No such file or directory
hidepidis set to 1 or 2. To do this, use the
hidepidwas set to 0. However, users which are not supposed to monitor the tasks in the whole system should not be added to the group. For more information on managing users and groups see Chapter 37, Users and Groups.