Some files in /proc/PID owned by root instead of UID:GID?
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
Issue
- Some files in /proc/PID owned by root instead of UID:GID?
Resolution
- Start the process/application with proper user.
Root Cause
- This usually happens with the way process started.
- Have a look at below test, process started by user foo, so all the files folder inside /proc/pid is owned by this user.
[foo@foo ~]$ ps -ef | grep xchat
foo 2395 1762 0 10:37 ? 00:00:43 xchat
foo 6965 6871 0 17:20 pts/3 00:00:00 grep --color=auto xchat
[foo@foo ~]$ ll /proc/23
23/ 2300/ 2349/ 2353/ 2361/ 2395/ 2399/
[foo@foo ~]$ ll /proc/2395/
[foo@foo ~]$ ll /proc/2395/
total 0
dr-xr-xr-x. 2 foo foo 0 Dec 11 17:18 attr
-rw-r--r--. 1 foo foo 0 Dec 11 17:18 autogroup
-r--------. 1 foo foo 0 Dec 11 17:18 auxv
-r--r--r--. 1 foo foo 0 Dec 11 17:18 cgroup
--w-------. 1 foo foo 0 Dec 11 17:18 clear_refs
-r--r--r--. 1 foo foo 0 Dec 11 10:37 cmdline
-rw-r--r--. 1 foo foo 0 Dec 11 17:18 comm
-rw-r--r--. 1 foo foo 0 Dec 11 17:18 coredump_filter
-r--r--r--. 1 foo foo 0 Dec 11 17:18 cpuset
lrwxrwxrwx. 1 foo foo 0 Dec 11 17:18 cwd -> /home/foo
-r--------. 1 foo foo 0 Dec 11 17:18 environ
- Another example of firefox started by user foo
[foo@foo ~]$ ps -ef | grep firefox
foo 2413 1762 7 10:37 ? 00:29:06 /usr/lib64/firefox/firefox
foo 2588 2413 2 10:38 ? 00:08:39 /usr/lib64/firefox/plugin-container /usr/lib64/flash-plugin/libflashplayer.so -greomni /usr/lib64/firefox/omni.ja -appomni /usr/lib64/firefox/browser/omni.ja -appdir /usr/lib64/firefox/browser 2413 true plugin
foo 7013 6871 0 17:23 pts/3 00:00:00 grep --color=auto firefox
[foo@foo ~]$
[foo@foo ~]$ cd /proc/2413/
[foo@foo 2413]$ ll
total 0
dr-xr-xr-x. 2 foo foo 0 Dec 11 17:23 attr
-rw-r--r--. 1 foo foo 0 Dec 11 17:23 autogroup
-r--------. 1 foo foo 0 Dec 11 17:23 auxv
-r--r--r--. 1 foo foo 0 Dec 11 17:23 cgroup
--w-------. 1 foo foo 0 Dec 11 17:23 clear_refs
-r--r--r--. 1 foo foo 0 Dec 11 10:37 cmdline
-rw-r--r--. 1 foo foo 0 Dec 11 17:23 comm
-rw-r--r--. 1 foo foo 0 Dec 11 17:23 coredump_filter
-r--r--r--. 1 foo foo 0 Dec 11 17:23 cpuset
lrwxrwxrwx. 1 foo foo 0 Dec 11 17:23 cwd -> /home/foo
-r--------. 1 foo foo 0 Dec 11 17:23 environ <-------------
- Process started by root
[foo@foo 2413]$ ps -ef | grep cron
root 979 1 0 10:35 ? 00:00:00 /usr/sbin/crond -n
foo 7054 6871 0 17:29 pts/3 00:00:00 grep --color=auto cron
[foo@foo 979]$
[foo@foo 979]$ ll
total 0
dr-xr-xr-x. 2 root root 0 Dec 11 17:29 attr
-rw-r--r--. 1 root root 0 Dec 11 17:29 autogroup
-r--------. 1 root root 0 Dec 11 17:29 auxv
-r--r--r--. 1 root root 0 Dec 11 10:35 cgroup
--w-------. 1 root root 0 Dec 11 17:29 clear_refs
-r--r--r--. 1 root root 0 Dec 11 10:35 cmdline
-rw-r--r--. 1 root root 0 Dec 11 10:35 comm
-rw-r--r--. 1 root root 0 Dec 11 17:29 coredump_filter
-r--r--r--. 1 root root 0 Dec 11 17:29 cpuset
lrwxrwxrwx. 1 root root 0 Dec 11 17:29 cwd
-r--------. 1 root root 0 Dec 11 17:29 environ
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
1 Comments
If the executable for a process has cap_ipc_lock set, that makes the /proc files owned by root:root, even if the process is not root:root.