Solved

Full path name of process command

Posted on 2004-09-01
8
13,262 Views
Last Modified: 2013-12-27

How do I get the full path name of the command used to start a process ?
(in a shell script)

Specifically a process might be started as "./xxx" where xxx is the binary.
No matter what version of ps I try it will not reveal to me where the binary
resides.

I've tried for example:  

    /usr/ucb/ps -auxwwwl
    ps -efd

I also tried using /usr/proc/pmap <pid> but this command will only tell me the
full path of library files used by the process, not the binary itself.

Any ideas ?

Thanks
0
Comment
Question by:kxix
8 Comments
 

Author Comment

by:kxix
ID: 11950286
I'm on Solaris 2.6.
0
 
LVL 45

Accepted Solution

by:
sunnycoder earned 500 total points
ID: 11950370
Hi kxix,

http://forum.sun.com/thread.jsp?forum=4&thread=20328&tstart=0&trange=15
http://forum.sun.com/thread.jsp?forum=10&thread=9437

The ps(1) command and others report the result from the proc(4) filesystem, which
caches the first 16 characters of the filename used to exec() the process, as well as
the first 80 characters of the argv[]. This is what ps -o comm and ps -o args report.
If you want the full path, you can take advantage of the new Solaris 10 feature
that permits filenames to be cached and reported in the kernel -- the new pfiles(1)
takes advantage of this, and you can use it to answer this question as well by
simply looking at the /proc/<pid>/path/a.out symlink. For example, to find the path
of the "ls" command I run I can do this on a Solaris 10 system:

$ ls -l /proc/self/path/a.out
lrwxrwxrwx 1 mws staff 0 Jun 19 18:57 /proc/self/path/a.out -> /usr/bin/ls*

or here is the path of my shell

$ ls -l /proc/$$/path/a.out
lrwxrwxrwx 1 mws staff 0 Jun 19 16:14 /proc/200300/path/a.out -> /usr/bin/ksh*

Sunnycoder
0
 
LVL 38

Expert Comment

by:yuzh
ID: 11959331
To find out the FULL path of the command, you need to use: /usr/bin/ps with -o args,
eg:

/usr/bin/ps -e -o pid,args | grep mycommand

man ps
to learn more details.

0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:kxix
ID: 11961509
Reply to yuzh:  Nope, does not return the full path name of the binary if the
process was started from the directory where the binary resides.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 11969835
That's the limit of ps, but it does tell the story about how the process was start!

When you run something like:

./ls

it show you ./ls

/bin/ls

it give you

/bin/ls
0
 

Expert Comment

by:matjc
ID: 12388409
You can't expect the world. If you run a process such as ./ls then how is the kernel supposed to remember where you started it from in the future?

Either get into the habit of running all your processes with their full path eg /usr/bin/ls or put up with it.

You can of course "find / -name "ls" -ls" and see how many binaries you have and where it is of the indentified process.

Then use your memory to remember which one you ran ;)

0
 
LVL 11

Expert Comment

by:siliconbrit
ID: 12586528
Comments from matjc are entirely correct, the newer implementation of the /proc filesystem has taken away a few things we used to take for granted, and to be fair its tough to ask the OS to store the absolute path with every process when 1000s are started/dropped in every minute.

However, dont give up - here's a couple of 'B' grade answers because I'm in a bit of a hurry:

1. Try the UCB ps command

If you have /usr/ucb/ps installed (or /ucb/ps) you could try that version of ps.  Its not truly supported for Solaris 9 and later, but a lot of corporations put a lot of heat on Sun to make sure it is still available to support older scripts.  If I'm right, you can use:

   /usr/ucb/ps -auxwww

If this doesn't work, look around for the options available to that version of the ps command.

2. Use the pfiles tools to determine the environment under which the process was run.

If you do a 'man pfiles' I believe there is one command that can show you the working environment when the process was started.  You should be able to use the pfiles tools to find

Using this tool, you should be able to work out the command line (CMD), the Current Working Directory (CWD) and PATH.  You can then write a simple script to do the following:

If $CMD matches "./binary",
   then
      the path is "$CWD/binary".
If the process was started without any '/' characters,
   then
      set path to $PATH
      which "$CMD"

Note that I just used the variable names to shorten this text, you'll have to make up your own :-)

0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now