Proc File System

Understanding the Proc File System

• The Linux kernel provides a mechanism to access its underlying internal data-structure and also to change its kernel setting at run-time through /proc file system. We will be discussing the /proc file system here targeted to the Intel x86 architecture; though the basic concepts will remain the same for linux on any plarform.

/proc - a Virtual File System:

The /proc file system is a mechanism that is used for the kernel and kernel modules to send information to processes ( hence the name /proc ). This pseudo file system allows you to interact with the internal data-structure of the kernel,bet useful information about the processes, and to change settings ( by modifying the kernel parameters ) on the fly. /proc is stored in memory, unlike other file-systems, which are stored on disk. If you look at the file /proc/mount ( which lists all the mounted file systems, like "mount command), you should see a line in it like:

gerp proc /proc/mounts
/proc /proc proc rw 0 0

/proc  is controlled by the kernel and does not have an underlying device. Because it contains mainly state information controlled by the kernel, the most logical place to store the information is in memory controlled by the kernel. Doing a 'ls -l'
on /proc reveals that most of the files are 0 bytes in size; yet when the file is viewed, quite a bit of information is seen. How is this possible ? This happens because the /proc file-system like any other regular file-system registers itself to the Virtual File System layer ( VFS ). However when VFS make calls to it requesting i-nodes for files/directories the /proc file system creates those files/directories from information within the kernel.

Mounting the proc file system:

If already not mounted on your system, proc file system can be mounted on your system by running the following command -

mount -t proc proc /proc

The above command should successfully mount your proc file system. Please read the mount man page for more details.

Viewing the /proc files:

/proc files can be used to access information about the state of the kernel, the attributes of the machine the state of the running processes etc. Most of the files in the /proc directory provide the latest glimpse of a system's physical environment. Although these /proc files are virtual yet they can be viewed using file the file is created on  the fly from information within the kernel. Here are some interesting results which i got on my system.

$ ls -l /proc/cpuinfo   
-r--r--r--  1 root root 0 2012-03-06 11:47 /proc/cpuinfo

$ file /proc/cpuinfo
/proc/cpuinfo: empty

processor    : 0
vendor_id    : GenuineIntel
cpu family    : 15
model        : 4
model name    :                   Intel(R) Xeon(TM) CPU 3.40GHz
stepping    : 1
cpu MHz        : 3391.625
cache size    : 1024 KB
physical id    : 0
siblings    : 2
core id        : 0
cpu cores    : 1
fpu        : yes
fpu_exception    : yes
cpuid level    : 5
wp        : yes
flags        : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall lm constant_tsc pni monitor ds_cpl est cid cx16 xtpr
bogomips    : 6792.84
clflush size    : 64
cache_alignment    : 128
address sizes    : 36 bits physical, 48 bits virtual
power management:

processor    : 1
vendor_id    : GenuineIntel
cpu family    : 15
model        : 4
model name    :                   Intel(R) Xeon(TM) CPU 3.40GHz
stepping    : 1
cpu MHz        : 3391.625


ETC..

This is the result for a five-CPU machine. Most of the information above is self-explanatory and gives useful hardware information about the system. Some of the information in /proc files is encoded and various utilities are built that interpret this encoded information and output it in a human readable format. Some of these utilities are: 'top', 'ps', 'apm' etc.

Getting Useful system/kernel information:

The Proc File System can be used to gather useful information about the system and the running kernel. Some of the important files are listed below:

• /proc/cpuinfo - information about the CPU ( model, family, cache size etc.)
• /proc/meminfo - information about the physical RAM, Swap space etc.
• /proc/mounts - list of mounted file system.
• /proc/devices - list of available devices
• /proc/filesystem - supported file system
• /proc/modules -  list of loaded modules
• /proc/version - Kernel version
• /proc/cmdline - Parameters passed to the kernel at the time of starting 

There are much more files in /proc than listed above. An alert reader is expected to do a 'more' on every file in /proc directory or read [1]1 for more information about the files present in /proc directory. I suggest to use 'more' and not 'cat' until you know the filesystem a bit because some files (e.g. kcore) can be very large.

Information about running processes:

The /proc file system can be used to retrieve information about any running process. There are couple of numbered sub-directories inside /proc. Each numbered corresponds to a process id (PID). Thus for each running process, there is a sub-directory inside /proc named by its PID. Inside these sub-directories are files that provide important details about the state and environment of a process. Lets try to search for a running process.


$ps -aux | grep mozilla

The above command shows that there is a running process of mozilla with PID ***.

The file  "cmdline" contains the command invoked to start the process. The "environ" file contains the environment variables for the process. "status" has status information on the process, including the user (UID) and group (GID) identification for the user executing the process the parent process ID (PPID) that instantiated the PID and the current state of the process such as "Sleeping" or "Running". Each process directory also has a couple of symbolic links. "cwd" is a link to the current working directory for the process ,"exe" to the executable program of the running process, "root" is a link to the directory, which the process, sees as its root directory (usually "/"). The directory "fd" contains links to the file description that the process is using. "cpu" entry appears only on SMP linux kernels. It contains a breakdown of process time by CPU.

/proc/self is an interesting sub-directory that makes it easy for a program to use /proc to find information about its own process. The entry /proc/self is a symbolic link to the /proc directory corresponding to the process accessing the /proc directory.

Interacting with kernel via /proc:

Most of the files in /proc discussed above are read-only. However the /proc file system provides provision of interact with kernel via read-write files inside. Writing to these files can change the state of the kernel and therefore changes to these files should be made with caution. The /proc/sys directory is the one that hosts all the read-write files and thus can be used to change the kernel behaviour.


/porc /sys/kernel - This directory contains information that reflects general kernel behaviour. /proc/sys/kernel/{domainname,hostname} hold the domain-name and hostname for the machine/network. These files can be configured to modify these names.

$hostname
$cat /proc/sys/kernel/domainname
$cat /proc/sys/kernel/hostname
$echo "new-machinename" > /proc/sys/kernel/hostname
$hostname

Thus by modifying the file inside /proc file system. we are able to modify the hostname. Lots of other configurable files exists inside /proc/sys/kernel. Again its impossible to list down every file here so readers are expected to go through this directory in detail.
Another configurable directory is /proc/sys/net. Files inside this directory can be modified to change the networking properties of the machine/network. E.g. By simply modifying a file, you can hide your machine in the network.


$echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

This will hide your machine in the network as it disables answers to icmp_echos. The host will not respond to ping queries from other hosts.

$ ping machiname.domainname.com


To trun it back to default behaviour, do
$echo 0> /proc/sys/net/ipv4/icmp_echo_ignore_all

There are lots of other sub-directories in /proc/sys which can be configured to change the kernel properties. See [1],[2] for detailed information.

Conclusion:

The /proc File System provides a file-based interface to the linux internals. It assists in determining the state and configuration of various devices and processes on system. Understanding and applied knowledge of this file-system is therefore the key to making the most out of your linux system.