Friday, March 4, 2011

Using the /proc filesystem

                                          **The Proc File System**
Today I have come to know these all things about Proc File System. really so Interesting.

                                    The proc filesystem is a special filesystem found on most UNIX-based systems.It holds a great deal of information, in ASCII format, most of which is not very friendly to the average user.It is important that you keep in mind that the files under /proc are not kept on a physical storage, meaning they are subject to change after reboot. Also, they should not really be called files as they are pseudo-files, as they exist only in memory.
I break that rule on regular basis and intend to do that also in this article.
I’ve made a list of some of the files i find to be of most use.

/proc contains a directory named after the PID (process identification number) of each excising process on the system.
Lets take a look at some of the files found there.
Contains the command line used to launch the process.
This is a symbolic link to the current working directory of the process.
If you have a process with the PID 1234, then you can find out it’s current working directory by using the command “cd /proc/1234/cwd; /bin/pwd”
This file contains information about the processes status, such as it’s name, state, pid, parent pid, owner.
Contains all the arguments passed to the kernel at boot time.
Perhaps the most known one, it contains processor related information, such as the architecture, frequency and amount of cache found on the cpu.
A list of all the file systems supported by the current kernel.
Lines beginning with ‘nodev’ indicate non-physical filesystems such as network filesystems and proc.
Holds information regarding the load average of the system.
The first three fields are the same ones you get from ‘uptime’.
The fourth field consists of two numbers seperated by a slash, the first one represents the number of currently executing processes/threads. This number will not exceed the number of processors cores the system has.
The second number (the one after the slash) represents the number of processes/threads currently existing on the system.
The fifth field is the PID of the process most recently created.Now, this is where you need to be careful.If you execute ‘cat /proc/loadav’, then this number will represent the PID of the cat command you just executed!
Contains statistics about memory usage.
The command ‘free’ makes use of this file to build its output.
This directory holds alot of files rated to the networking layer.
All the files are ASCII structured and can be read.
Holds the arp table
Information such as the total number of received and transmitted packets and bytes by each network interface.
Holds the routing table, in hexademical format.
Holds information related to the current wireless connection, such as thequality and number of discarded packets.
Shows the amount of swap in use and the priority of the defined swap partitions.
Contains the current hostname of the system.
You can change this by executing “echo ‘newHostname’ > /proc/sys/kernel/hostname”
Specifies the maximum number of processess/threads that can excist at any given time on the system.
Compare this to the current number of processes/threads from the fourth field in /proc/loadavg
The value in this file controls how willing the kernel will be to swap memory.
If you raise this number, the kernel will want to swap more often, while lowering it will decrease his tendency to swap.
The default value is 60.
Contains two numbers, the first one tells you how long the system has been up (in seconds), while the second one tells you for how long it has been idle.
You can use something like:echo `cut -d’ ‘ -f2 /proc/uptime` / `cut -d’ ‘ -f1 /proc/uptime` | bc -l to get the percentage of idle time on your computer.
Contains virtual memory statistics
Controls whether the kernel will allow tcp forwarding.The default value is 0 which means forwarding is OFF.You can set this to 1 if you with to enable it…
Think: Internet connection sharing without password protection.

!Enjoy Linux

What is Zombie process in Linux?

Zombie process    

                                      On Unix and Unix-like computer operating systems, a zombie process or defunct process is a process that has completed execution but still has an entry in the process table. This entry is still needed to allow the process that started the (now zombie) process to read its exit status. The term zombie process derives from the common definition of zombie—an undead person. In the term's metaphor, the child process has "died" but has not yet been "reaped". Also, unlike normal processes, the kill command has no effect on a zombie process.

Finding if zombies exist

  • execute the top command
  • one line is tasks:
    • Example output:
      Tasks: 139 total,   2 running, 136 sleeping,   0 stopped,   1 zombie

Who is zombie

  • execute: ps aux | awk '{ print $8 " " $2 }' | grep -w Z
    • example output:
    • [root@server2~]#ps aux | awk '{print $8 " " $2}' | grep -w Z

    Kill the zombies

    zombies are living dead, so the aren't always easy to kill.
    • Try executing: kill -9 PID 
    • [root@server2~]#kill -9 5245
      [root@server2~]#ps aux | awk '{print $8 " " $2}' | grep -w Z
      Z 5245
    • If its still undead
      • get a cross or garlic, well reliable sources tell me the don't work. We must try something else
    • Kill the zombie's parent (process)
    • execute: ps efx
      • this will display a process (family) tree
      • find the command who is the PID matches the zombie then look at the parents and try killing them
    • example:
      5191 tty7     Ss+    0:14      \_ /usr/bin/Xorg :0 -br -audit 0 -aut /var/gdm/:0.Xauth -nolisten tcp vt7 bckclr=tput setb 7 HOSTNAME=server

    5213 ?        Ss     0:00                  \_ /usr/bin/gnome-session bckclr=tput setb 7  SSH_AGENT_PID=5253 HOSTNAME=server2 SHELL=/bin/bash TERM=dumb HI
     5245 ?        Z      0:00                         \_ [Xsession]
    • Xsession matches the PID above, 5245 
    • so in this example I would try killing
            5213 pts/1 Sl+ 1:29 /usr/bin/gnome-session
            5191 tty1 S 0:00 xterm -e /usr/bin/Xorg

    • Hopefully this will work 

    Kuldeep Sharma