Exploring the Linux /proc Filesystem: A Complete Guide to Process Information

proc Overview

The /proc directory is a virtual filesystem that the kernel automatically mounts at /proc and can also be manually mounted with mount -t proc proc /proc. It presents kernel data structures as files and directories, allowing users to inspect and modify many system attributes.

Key Directories and Files

/proc/pid

For each running process a directory /proc/<pid> exists, containing a wealth of information about that process. Subdirectories such as task hold per‑thread data, while files include: cmdline: the full command line used to start the process (empty for zombies). comm: the short command name; can be read or set via prctl(PR_SET_NAME) or pthread_setname_np. environ: environment variables, separated by null bytes. Example to display them:

cat /proc/4451/environ | tr '\000' '
'

exe

: a symbolic link to the executable binary of the process (read‑only, can be dereferenced with readlink). fd/: entries for each open file descriptor (0 = stdin, 1 = stdout, 2 = stderr). Example of using a descriptor as a file:

foobar -i /proc/self/fd/0 -o /proc/self/fd/1

fdinfo/

: detailed info for each descriptor (offset, flags, mount ID, etc.). maps and smaps: memory mapping information, showing address ranges, permissions, offsets, device IDs, inode numbers, and, for smaps, size, RSS, shared/dirty page statistics. status and stat / statm: human‑readable and raw process statistics (state, UID/GID, memory usage, thread count, etc.). cgroup, mountinfo, mounts, mountstats: information about the process’s mount namespace. attr/: security‑related attributes used by SELinux (e.g., current, exec, fscreate, keycreate, socketcreate). These files allow reading or setting security contexts when the kernel is compiled with CONFIG_SECURITY. oom_adj / oom_score_adj: values that influence the OOM killer’s decision; higher values increase the likelihood of termination.

/proc/self and /proc/thread-self

/proc/self

is a symbolic link that points to the calling process’s own /proc/<pid> directory. Likewise, /proc/thread-self links to /proc/self/task/<tid>, providing a convenient way for a thread to access its own information.

/proc/[a‑z]* and Miscellaneous Files

Beyond per‑process entries, /proc contains many system‑wide files: cpuinfo: CPU model, cores, and architecture details. meminfo: current memory usage statistics (total, free, buffers, cached, etc.). modules: list of loaded kernel modules. cmdline: kernel boot parameters. net/: network‑related virtual files such as arp, dev, tcp, udp, unix, providing routing tables, interface statistics, and socket information. mountinfo: detailed mount information with fields for mount ID, parent ID, major:minor device numbers, root, mount point, mount options, optional fields, filesystem type, source, and super options. Example line:

36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue

stat

: overall kernel statistics (CPU time, interrupts, context switches, etc.). sys/: tunable kernel parameters.

Security and Permissions

Most files under /proc are readable by any user, but write access is restricted to the owning process or to privileged users (e.g., root). Files such as /proc/pid/clear_refs are write‑only and require specific kernel configuration ( CONFIG_PROC_PAGE_MONITOR) to exist. The dumpable attribute, controllable via prctl(PR_SET_DUMPABLE) or /proc/sys/fs/suid_dumpable, determines whether a process’s memory can be examined by a core dump.

Practical Usage Examples

List the current process’s working directory: cd /proc/$$/cwd && /bin/pwd Show environment variables of a specific PID: cat /proc/4451/environ | tr '\000' '\n' Inspect open file descriptors: ls -l /proc/4451/fd Read memory maps: cat /proc/4451/maps Understanding the /proc filesystem is essential for system debugging, performance analysis, and security auditing on Linux.