NAME

       proc - process information, system information, and sysctl pseudo-filesystem

DESCRIPTION

       The  proc filesystem is a pseudo-filesystem which provides an interface to kernel data structures.  It is
       commonly mounted at /proc.  Typically, it is mounted automatically by the system,  but  it  can  also  be
       mounted manually using a command such as:

           mount -t proc proc /proc

       Most  of  the  files  in  the proc filesystem are read-only, but some files are writable, allowing kernel
       variables to be changed.

   Mount options
       The proc filesystem supports the following mount options:

       hidepid=n (since Linux 3.3)
              This option controls who can access the information in /proc/pid directories.  The argument, n, is
              one of the following values:

              0   Everybody may access all /proc/pid directories.  This is the  traditional  behavior,  and  the
                  default if this mount option is not specified.

              1   Users  may  not access files and subdirectories inside any /proc/pid directories but their own
                  (the  /proc/pid  directories  themselves   remain   visible).    Sensitive   files   such   as
                  /proc/pid/cmdline  and  /proc/pid/status are now protected against other users.  This makes it
                  impossible to learn whether any user is running a specific program (so  long  as  the  program
                  doesn't otherwise reveal itself by its behavior).

              2   As  for  mode  1,  but  in  addition the /proc/pid directories belonging to other users become
                  invisible.  This means that /proc/pid entries can no longer be used to discover  the  PIDs  on
                  the  system.   This  doesn't hide the fact that a process with a specific PID value exists (it
                  can be learned by other means, for example, by "kill -0 $PID"), but it hides a  process's  UID
                  and GID, which could otherwise be learned by employing stat(2) on a /proc/pid directory.  This
                  greatly complicates an attacker's task of gathering information about running processes (e.g.,
                  discovering  whether  some daemon is running with elevated privileges, whether another user is
                  running some sensitive program, whether other users are running any program  at  all,  and  so
                  on).

              gid=gid (since Linux 3.3)
                  Specifies  the  ID  of  a  group  whose  members  are  authorized to learn process information
                  otherwise prohibited by hidepid (i.e., users in this group behave as though /proc was  mounted
                  with  hidepid=0).   This  group  should  be used instead of approaches such as putting nonroot
                  users into the sudoers(5) file.

       subset=pid (since Linux 5.8)
              Show only the specified subset of procfs, hiding all top level files and directories in the procfs
              that are not related to tasks.

   Overview
       Underneath /proc, there are the following general groups of files and subdirectories:

       /proc/pid subdirectories
              Each one of these subdirectories contains files and subdirectories exposing information about  the
              process with the corresponding process ID.

              Underneath  each  of the /proc/pid directories, a task subdirectory contains subdirectories of the
              form task/tid, which contain corresponding information about each of the threads in  the  process,
              where tid is the kernel thread ID of the thread.

              The  /proc/pid  subdirectories are visible when iterating through /proc with getdents(2) (and thus
              are visible when one uses ls(1) to view the contents of /proc).

       /proc/tid subdirectories
              Each one of these subdirectories contains files and subdirectories exposing information about  the
              thread  with  the  corresponding thread ID.  The contents of these directories are the same as the
              corresponding /proc/pid/task/tid directories.

              The /proc/tid subdirectories are not visible when iterating through /proc  with  getdents(2)  (and
              thus are not visible when one uses ls(1) to view the contents of /proc).

       /proc/self
              When  a  process  accesses  this  magic  symbolic link, it resolves to the process's own /proc/pid
              directory.

       /proc/thread-self
              When  a  thread  accesses  this  magic  symbolic  link,  it  resolves   to   the   process's   own
              /proc/self/task/tid directory.

       /proc/[a-z]*
              Various other files and subdirectories under /proc expose system-wide information.

       All of the above are described in more detail in separate manpages whose names start with proc_.

NOTES

       Many files contain strings (e.g., the environment and command line) that are in the internal format, with
       subfields terminated by null bytes ('\0').  When inspecting such files, you may find that the results are
       more readable if you use a command of the following form to display them:

           $ cat file | tr '\000' '\n'

SEE ALSO

       cat(1),  dmesg(1),  find(1),  free(1),  htop(1),  init(1), ps(1), pstree(1), tr(1), uptime(1), chroot(2),
       mmap(2),  readlink(2),  syslog(2),  slabinfo(5),  sysfs(5),  hier(7),  namespaces(7),  time(7),   arp(8),
       hdparm(8), ifconfig(8), lsmod(8), lspci(8), mount(8), netstat(8), procinfo(8), route(8), sysctl(8)

       The         Linux         kernel         source         files:        Documentation/filesystems/proc.rst,
       Documentation/admin-guide/sysctl/fs.rst,                     Documentation/admin-guide/sysctl/kernel.rst,
       Documentation/admin-guide/sysctl/net.rst, and Documentation/admin-guide/sysctl/vm.rst.

Linux man-pages 6.9.1                              2024-06-15                                            proc(5)