利用 ps 命令查看进程的位置
利用 ps 命令查看进程的位置
首先,理解一下 ps -ef
的输出。
以下是该命令的一个输出示例:
$ ps -ef
UID PID PPID C STIME TTY TIME CMD
0 1 0 0 9:05PM ?? 0:05.03 /sbin/launchd
0 93 1 0 9:05PM ?? 0:00.33 /usr/sbin/syslogd
...
根据 ps 的 man 页面找到的信息:
`man ps` 输出中 `STANDARD FORMAT SPECIFIERS` 部分
STANDARD FORMAT SPECIFIERS
Here are the different keywords that may be used to control the
output format (e.g., with option -o) or to sort the selected
processes with the GNU-style --sort option.
For example: ps -eo pid,user,args --sort user
This version of ps tries to recognize most of the keywords used in
other implementations of ps.
The following user-defined format specifiers may contain spaces:
args, cmd, comm, command, fname, ucmd, ucomm, lstart, bsdstart,
start.
Some keywords may not be available for sorting.
CODE HEADER DESCRIPTION
%cpu %CPU cpu utilization of the process in "##.#"
format. Currently, it is the CPU time used
divided by the time the process has been
running (cputime/realtime ratio), expressed as
a percentage. It will not add up to 100%
unless you are lucky. (alias pcpu).
%mem %MEM ratio of the process's resident set size to
the physical memory on the machine, expressed
as a percentage. (alias pmem).
args COMMAND command with all its arguments as a string.
Modifications to the arguments may be shown.
The output in this column may contain spaces.
A process marked <defunct> is partly dead,
waiting to be fully destroyed by its parent.
Sometimes the process args will be unavailable;
when this happens, ps will instead print the
executable name in brackets. (alias cmd,
command). See also the comm format keyword,
the -f option, and the c option.
When specified last, this column will extend to
the edge of the display. If ps can not
determine display width, as when output is
redirected (piped) into a file or another
command, the output width is undefined (it may
be 80, unlimited, determined by the TERM
variable, and so on). The COLUMNS environment
variable or --cols option may be used to
exactly determine the width in this case. The
w or -w option may be also be used to adjust
width.
blocked BLOCKED mask of the blocked signals, see signal(7).
According to the width of the field, a 32 or
64-bit mask in hexadecimal format is displayed.
(alias sig_block, sigmask).
bsdstart START time the command started. If the process was
started less than 24 hours ago, the output
format is " HH:MM", else it is " Mmm:SS" (where
Mmm is the three letters of the month). See
also lstart, start, start_time, and stime.
bsdtime TIME accumulated cpu time, user + system. The
display format is usually "MMM:SS", but can be
shifted to the right if the process used more
than 999 minutes of cpu time.
c C processor utilization. Currently, this is the
integer value of the percent usage over the
lifetime of the process. (see %cpu).
caught CAUGHT mask of the caught signals, see signal(7).
According to the width of the field, a 32 or 64
bits mask in hexadecimal format is displayed.
(alias sig_catch, sigcatch).
cgname CGNAME display name of control groups to which the
process belongs.
cgroup CGROUP display control groups to which the process
belongs.
class CLS scheduling class of the process. (alias
policy, cls). Field's possible values are:
- not reported
TS SCHED_OTHER
FF SCHED_FIFO
RR SCHED_RR
B SCHED_BATCH
ISO SCHED_ISO
IDL SCHED_IDLE
DLN SCHED_DEADLINE
? unknown value
cls CLS scheduling class of the process. (alias
policy, cls). Field's possible values are:
- not reported
TS SCHED_OTHER
FF SCHED_FIFO
RR SCHED_RR
B SCHED_BATCH
ISO SCHED_ISO
IDL SCHED_IDLE
DLN SCHED_DEADLINE
? unknown value
cmd CMD see args. (alias args, command).
comm COMMAND command name (only the executable name).
Modifications to the command name will not be
shown. A process marked <defunct> is partly
dead, waiting to be fully destroyed by its
parent. The output in this column may contain
spaces. (alias ucmd, ucomm). See also the
args format keyword, the -f option, and the c
option.
When specified last, this column will extend to
the edge of the display. If ps can not
determine display width, as when output is
redirected (piped) into a file or another
command, the output width is undefined (it may
be 80, unlimited, determined by the TERM
variable, and so on). The COLUMNS environment
variable or --cols option may be used to
exactly determine the width in this case. The
w or -w option may be also be used to adjust
width.
command COMMAND See args. (alias args, command).
cp CP per-mill (tenths of a percent) CPU usage. (see
%cpu).
cputime TIME cumulative CPU time, "[DD-]hh:mm:ss" format.
(alias time).
cputimes TIME cumulative CPU time in seconds (alias times).
drs DRS data resident set size, the amount of physical
memory devoted to other than executable code.
egid EGID effective group ID number of the process as a
decimal integer. (alias gid).
egroup EGROUP effective group ID of the process. This will
be the textual group ID, if it can be obtained
and the field width permits, or a decimal
representation otherwise. (alias group).
eip EIP instruction pointer.
esp ESP stack pointer.
etime ELAPSED elapsed time since the process was started, in
the form [[DD-]hh:]mm:ss.
etimes ELAPSED elapsed time since the process was started, in
seconds.
euid EUID effective user ID (alias uid).
euser EUSER effective user name. This will be the textual
user ID, if it can be obtained and the field
width permits, or a decimal representation
otherwise. The n option can be used to force
the decimal representation. (alias uname,
user).
f F flags associated with the process, see the
PROCESS FLAGS section. (alias flag, flags).
fgid FGID filesystem access group ID. (alias fsgid).
fgroup FGROUP filesystem access group ID. This will be the
textual group ID, if it can be obtained and the
field width permits, or a decimal
representation otherwise. (alias fsgroup).
flag F see f. (alias f, flags).
flags F see f. (alias f, flag).
fname COMMAND first 8 bytes of the base name of the process's
executable file. The output in this column may
contain spaces.
fuid FUID filesystem access user ID. (alias fsuid).
fuser FUSER filesystem access user ID. This will be the
textual user ID, if it can be obtained and the
field width permits, or a decimal
representation otherwise.
gid GID see egid. (alias egid).
group GROUP see egroup. (alias egroup).
ignored IGNORED mask of the ignored signals, see signal(7).
According to the width of the field, a 32 or 64
bits mask in hexadecimal format is displayed.
(alias sig_ignore, sigignore).
ipcns IPCNS Unique inode number describing the namespace
the process belongs to. See namespaces(7).
label LABEL security label, most commonly used for SELinux
context data. This is for the Mandatory Access
Control ("MAC") found on high-security systems.
lstart STARTED time the command started. See also bsdstart,
start, start_time, and stime.
lsession SESSION displays the login session identifier of a
process, if systemd support has been included.
luid LUID displays Login ID associated with a process.
lwp LWP light weight process (thread) ID of the
dispatchable entity (alias spid, tid). See tid
for additional information.
lxc LXC The name of the lxc container within which a
task is running. If a process is not running
inside a container, a dash ('-') will be shown.
machine MACHINE displays the machine name for processes
assigned to VM or container, if systemd support
has been included.
maj_flt MAJFLT The number of major page faults that have
occurred with this process.
min_flt MINFLT The number of minor page faults that have
occurred with this process.
mntns MNTNS Unique inode number describing the namespace
the process belongs to. See namespaces(7).
netns NETNS Unique inode number describing the namespace
the process belongs to. See namespaces(7).
ni NI nice value. This ranges from 19 (nicest) to
-20 (not nice to others), see nice(1). (alias
nice).
nice NI see ni.(alias ni).
nlwp NLWP number of lwps (threads) in the process.
(alias thcount).
numa NUMA The node assocated with the most recently used
processor. A -1 means that NUMA information is
unavailable.
nwchan WCHAN address of the kernel function where the
process is sleeping (use wchan if you want the
kernel function name). Running tasks will
display a dash ('-') in this column.
ouid OWNER displays the Unix user identifier of the owner
of the session of a process, if systemd support
has been included.
pcpu %CPU see %cpu. (alias %cpu).
pending PENDING mask of the pending signals. See signal(7).
Signals pending on the process are distinct
from signals pending on individual threads.
Use the m option or the -m option to see both.
According to the width of the field, a 32 or 64
bits mask in hexadecimal format is displayed.
(alias sig).
pgid PGID process group ID or, equivalently, the process
ID of the process group leader. (alias pgrp).
pgrp PGRP see pgid. (alias pgid).
pid PID a number representing the process ID (alias
tgid).
pidns PIDNS Unique inode number describing the namespace
the process belongs to. See namespaces(7).
pmem %MEM see %mem. (alias %mem).
policy POL scheduling class of the process. (alias class,
cls). Possible values are:
- not reported
TS SCHED_OTHER
FF SCHED_FIFO
RR SCHED_RR
B SCHED_BATCH
ISO SCHED_ISO
IDL SCHED_IDLE
DLN SCHED_DEADLINE
? unknown value
ppid PPID parent process ID.
pri PRI priority of the process. Higher number means
lower priority.
psr PSR processor that process is currently assigned
to.
rgid RGID real group ID.
rgroup RGROUP real group name. This will be the textual
group ID, if it can be obtained and the field
width permits, or a decimal representation
otherwise.
rss RSS resident set size, the non-swapped physical
memory that a task has used (in kilobytes).
(alias rssize, rsz).
rssize RSS see rss. (alias rss, rsz).
rsz RSZ see rss. (alias rss, rssize).
rtprio RTPRIO realtime priority.
ruid RUID real user ID.
ruser RUSER real user ID. This will be the textual user
ID, if it can be obtained and the field width
permits, or a decimal representation otherwise.
s S minimal state display (one character). See
section PROCESS STATE CODES for the different
values. See also stat if you want additional
information displayed. (alias state).
sched SCH scheduling policy of the process. The policies
SCHED_OTHER (SCHED_NORMAL), SCHED_FIFO,
SCHED_RR, SCHED_BATCH, SCHED_ISO, SCHED_IDLE
and SCHED_DEADLINE are respectively displayed
as 0, 1, 2, 3, 4, 5 and 6.
seat SEAT displays the identifier associated with all
hardware devices assigned to a specific
workplace, if systemd support has been
included.
sess SESS session ID or, equivalently, the process ID of
the session leader. (alias session, sid).
sgi_p P processor that the process is currently
executing on. Displays "*" if the process is
not currently running or runnable.
sgid SGID saved group ID. (alias svgid).
sgroup SGROUP saved group name. This will be the textual
group ID, if it can be obtained and the field
width permits, or a decimal representation
otherwise.
sid SID see sess. (alias sess, session).
sig PENDING see pending. (alias pending, sig_pend).
sigcatch CAUGHT see caught. (alias caught, sig_catch).
sigignore IGNORED see ignored. (alias ignored, sig_ignore).
sigmask BLOCKED see blocked. (alias blocked, sig_block).
size SIZE approximate amount of swap space that would be
required if the process were to dirty all
writable pages and then be swapped out. This
number is very rough!
slice SLICE displays the slice unit which a process belongs
to, if systemd support has been included.
spid SPID see lwp. (alias lwp, tid).
stackp STACKP address of the bottom (start) of stack for the
process.
start STARTED time the command started. If the process was
started less than 24 hours ago, the output
format is "HH:MM:SS", else it is " Mmm dd"
(where Mmm is a three-letter month name). See
also lstart, bsdstart, start_time, and stime.
start_time START starting time or date of the process. Only the
year will be displayed if the process was not
started the same year ps was invoked, or
"MmmDD" if it was not started the same day, or
"HH:MM" otherwise. See also bsdstart, start,
lstart, and stime.
stat STAT multi-character process state. See section
PROCESS STATE CODES for the different values
meaning. See also s and state if you just want
the first character displayed.
state S see s. (alias s).
stime STIME see start_time. (alias start_time).
suid SUID saved user ID. (alias svuid).
supgid SUPGID group ids of supplementary groups, if any. See
getgroups(2).
supgrp SUPGRP group names of supplementary groups, if any.
See getgroups(2).
suser SUSER saved user name. This will be the textual user
ID, if it can be obtained and the field width
permits, or a decimal representation otherwise.
(alias svuser).
svgid SVGID see sgid. (alias sgid).
svuid SVUID see suid. (alias suid).
sz SZ size in physical pages of the core image of the
process. This includes text, data, and stack
space. Device mappings are currently excluded;
this is subject to change. See vsz and rss.
tgid TGID a number representing the thread group to which
a task belongs (alias pid). It is the process
ID of the thread group leader.
thcount THCNT see nlwp. (alias nlwp). number of kernel
threads owned by the process.
tid TID the unique number representing a dispatchable
entity (alias lwp, spid). This value may also
appear as: a process ID (pid); a process group
ID (pgrp); a session ID for the session leader
(sid); a thread group ID for the thread group
leader (tgid); and a tty process group ID for
the process group leader (tpgid).
time TIME cumulative CPU time, "[DD-]HH:MM:SS" format.
(alias cputime).
times TIME cumulative CPU time in seconds (alias
cputimes).
tname TTY controlling tty (terminal). (alias tt, tty).
tpgid TPGID ID of the foreground process group on the tty
(terminal) that the process is connected to, or
-1 if the process is not connected to a tty.
trs TRS text resident set size, the amount of physical
memory devoted to executable code.
tt TT controlling tty (terminal). (alias tname,
tty).
tty TT controlling tty (terminal). (alias tname, tt).
ucmd CMD see comm. (alias comm, ucomm).
ucomm COMMAND see comm. (alias comm, ucmd).
uid UID see euid. (alias euid).
uname USER see euser. (alias euser, user).
unit UNIT displays unit which a process belongs to, if
systemd support has been included.
user USER see euser. (alias euser, uname).
userns USERNS Unique inode number describing the namespace
the process belongs to. See namespaces(7).
utsns UTSNS Unique inode number describing the namespace
the process belongs to. See namespaces(7).
uunit UUNIT displays user unit which a process belongs to,
if systemd support has been included.
vsize VSZ see vsz. (alias vsz).
vsz VSZ virtual memory size of the process in KiB
(1024-byte units). Device mappings are
currently excluded; this is subject to change.
(alias vsize).
wchan WCHAN name of the kernel function in which the
process is sleeping, a "-" if the process is
running, or a "*" if the process is
multi-threaded and ps is not displaying
threads.
从左到右各列依次表示:
- UID:用户 ID
- PID:进程 ID
- PPID:父进程 ID
- C:CPU 使用率,同 %cpu
- STIME:同 start_time.进行开始时间
- TTY:所属命令行
- TIME:CPU 使用时间
- CMD:该进程对应的可执行程序
查找某个进程
一般 ps 的输出会比较多,配合 grep 可有效查到对应进程。
$ ps -ef | grep <pid|name>
查看进程的文件位置
ps -ef
的输出中不一定能找出进程对应的可执行文件的位置,可通过如下方式解决。
还是先用 ps 列出程序,得到 pid,比如 kafka
$ ps -ef | grep kafka
root 20891 700 0 23:08 pts/7 00:00:00 grep --color=auto kafka
然后再 sudo ls -l /proc/PID/exe
$ sudo ls -l /700/PID/exe
lrwxrwxrwx 1 root root 0 May 8 16:19 /proc/700/exe -> /usr/bin/bash