Get the Name of a Process from PID
The Kubernetes ecosystem is huge and quite complex, so it’s easy to forget about costs when trying out all of the exciting tools.
To avoid overspending on your Kubernetes cluster, definitely have a look at the free K8s cost monitoring tool from the automation platform CAST AI. You can view your costs in real time, allocate them, calculate burn rates for projects, spot anomalies or spikes, and get insightful reports you can share with your team.
Connect your cluster and start monitoring your K8s costs right away:
1. Overview
The Linux Operating system generates a PID for each process. In this quick tutorial, let’s explore how to get the process name by a given PID.
2. Introduction to the Problem
As usual, let’s understand the problem by an example.
First, let’s create a simple shell script to simulate a long-running process:
$ cat long-running.sh #!/bin/bash echo "PID of $0: $$" echo "Parameter: $1" watch -n 300 date > /dev/nullAs we can see, we first print the PID of the current script by reading the special variable $$. Then, we tell the watch command to execute the date command every 300 seconds and discard the output.
In this way, we can know its PID when we start the script. Further, it runs as a “long-running” process:
$ ./long-running.sh PARAM PID of ./long-running.sh: 407203 parameter: PARAM Now, assuming we only know this PID, we would like to figure out which process is running with this PID.
Of course, our expected result is the long-running.sh script. Next, let’s see how to find the process.
3. Using the ps Command
The ps command is the standard tool to check current processes’ status in the Linux command line.
Further, we can pass the -p option to the ps command to get only the information of the given process, for example:
$ ps -p 407203 PID TTY TIME CMD 407203 pts/3 00:00:00 long-running.shAs the output above shows, we’ve seen the expected process name in the CMD column. We can also adjust the ps command’s -o option to ask ps to output only required information.
For example, we can pass “-o comm” to the ps command to get the name of the program only:
$ ps -p 407203 -o comm COMMAND long-running.shIf we want to know the entire command line that was used to start the given process, we can pass “-o command” to ps:
$ ps -p 407203 -o command COMMAND /bin/bash ./long-running.sh PARAMAs the output shows, this time, the ps command reports the complete command, including parameters used to start the process.
Sometimes, we want to suppress the column header, for example, “COMMAND” in the output above, so that we can easily pass the result to other programs to do further processing.
To suppress the header from the ps output, we can simply add the “=” character after the -o ColumnName option:
$ ps -p 407203 -o command= /bin/bash ./long-running.sh PARAM4. Reading Files Under the /proc/ Directory
The /proc directory is present on all Linux distributions. This directory is a virtual file system. The /proc directory contains details about processes and other system information such as kernel, memory usage, CPU data, and configuration parameters. The operating system mounts /proc at boot.
Each process has a subdirectory under the /proc directory named with its PID. For example, if we want to check the information of the process 407203, we can enter the /proc/407203 directory. There are many “files” under each /proc/ directory. Those files hold detailed information about the process:
$ ls /proc/407203 arch_status [email protected] maps pagemap stat attr/ environ mem personality statm . [email protected] . cmdline io ns/ sessionid timers comm . We can read three files to gain the name or the command line of the process: comm, exe, and cmdline. Next, let’s see them in action.
To get the program name of a process, we can read the comm file:
$ cat /proc/407203/comm long-running.sh The exe file is a symbolic link. It links to the real command file to start the process:
$ ls -l /proc/407203/exe lrwxrwxrwx 1 kent kent 0 Apr 26 09:20 /proc/407203/exe -> /usr/bin/bashAs our process is a shell script, which is always started by the shell, the exe file will merely link to the shell command, which is /usr/bin/bash in this case. However, if our process is started by a regular program, the exe file will point to the executable:
$ ls -l /proc/437301/exe lrwxrwxrwx 1 kent kent 0 Apr 26 09:17 /proc/437301/exe -> /usr/bin/vimThe example above shows a vim process.
However, if we would like to know the complete command that started the process along with its parameters, we can check the cmdline file:
$ cat /proc/407203/cmdline /bin/bash./long-running.shPARAMAs the output above shows, the shell command, script name, and the script parameter are printed, but they are joined together without separators.
Actually, the output is separated by null characters. We can see them if we pass the -A option (display all) to the cat command:
$ cat -A /proc/407203/cmdline /bin/bash^@./long-running.sh^@PARAM^@This time, we can see that the null characters are represented as ‘^@‘.
We can use the tr command to reformat the output. For example, we can replace all null characters with spaces:
$ cat /proc/407203/cmdline | tr '\0' ' ' /bin/bash ./long-running.sh PARAM5. Conclusion
In this quick article, we’ve explored how to get the name and the command line of a given PID in the Linux command line.
The ps -p command is pretty straightforward to get the process information of a PID. Alternatively, we can also access the special /proc/PID directory to retrieve process information.
How to Find a Process Name Using PID Number in Linux
In this article, we will look at how to find a process name by its process identification number (PID). Before we dive into the actual solution, let us briefly talk about how processes are created and identified by Linux.
Every time a user or the system (Linux) launches a program, the kernel will create a process. A process holds execution details of the program in memory such as its input and output data, variables and so on.
Importantly, since Linux is a multitasking operating system, it executes several programs simultaneously, and this means each process process must be identified specifically.
The kernel identifies each process using a process ID (PID), a every instance of process must have a unique PID from other processes which is assigned when the process is invoked, to avoid any execution errors.
The /proc file system stores information about currently running processes on your system, it contains directories for each process.
Use the ls command to list its contents, however, the list may be long, so employ a pipeline and the less utility to view the /proc contents in a more convenient way as below:
$ ls /proc OR $ ls /proc | less
1 168 2230 25 329 584 7386 83 driver schedstat 10 169 2234 2503 33 603 74 830 execdomains scsi 1070 17 2247 2507 34 610 7411 833 fb self 1081 1702 2256 2523 349 611 7423 836 filesystems slabinfo 109 1714 2258 253 35 612 745 839 fs softirqs 11 173 2266 2551 36 613 746 84 interrupts stat 110 1760 2273 26 362 62 75 844 iomem swaps 1188 1763 2278 2688 3642 63 7533 85 ioports sys 12 1769 2282 2694 3643 64 7589 86 irq sysrq-trigger 1204 177 2283 2695 37 6436 76 860 kallsyms sysvipc 1209 1773 2285 2698 38 65 7619 87 kcore thread-self 1254 18 2287 2699 39 66 7689 9 keys timer_list 13 1847 2295 27 3974 67 7690 94 key-users timer_stats 15 1914 23 2702 3976 68 77 977 kmsg tty 152 1917 2308 28 4273 6897 7725 981 kpagecgroup uptime 153 1918 2309 280 4374 69 7729 987 kpagecount version 154 1938 2310 2815 4392 6969 7733 997 kpageflags version_signature 155 1956 2311 2817 44 6980 78 acpi loadavg vmallocinfo 156 1981 2315 282 45 7 79 asound locks vmstat 1565 1986 2316 283 4543 70 790 buddyinfo mdstat zoneinfo 1567 1988 2317 29 46 71 8 bus meminfo 157 2 2324 2935 461 7102 80 cgroups misc 1579 20 2347 2944 4686 72 808 cmdline modules 158 2010 2354 3 47 73 81 consoles mounts 1584 2043 2436 30 4700 7304 810 cpuinfo mtrr 159 2044 2437 3016 5 7311 815 crypto net 1590 21 2442 31 515 7322 82 devices pagetypeinfo 16 2167 2443 318 5273 7347 820 diskstats partitions 160 22 2492 32 5274 7367 823 dma sched_debug
From the screenshot above, the numbered directories store information files about the processes in execution, where each number corresponds to a PID.
Below is the list of files for systemd process with PID 1:
ls: cannot read symbolic link '/proc/1/cwd': Permission denied ls: cannot read symbolic link '/proc/1/root': Permission denied ls: cannot read symbolic link '/proc/1/exe': Permission denied attr coredump_filter gid_map mountinfo oom_score schedstat status autogroup cpuset io mounts oom_score_adj sessionid syscall auxv cwd limits mountstats pagemap setgroups task cgroup environ loginuid net personality smaps timers clear_refs exe map_files ns projid_map stack uid_map cmdline fd maps numa_maps root stat wchan comm fdinfo mem oom_adj sched statm
You can monitor processes and their PIDs using traditional Linux commands such as ps, top and relatively new glances command plus many more as in the examples below:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 185728 6268 ? Ss 10:15 0:01 /sbin/init splash root 2 0.0 0.0 0 0 ? S 10:15 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S 10:15 0:00 [ksoftirqd/0] root 5 0.0 0.0 0 0 ? S< 10:15 0:00 [kworker/0:0H] root 7 0.0 0.0 0 0 ? S 10:15 0:09 [rcu_sched] root 8 0.0 0.0 0 0 ? S 10:15 0:00 [rcu_bh] root 9 0.0 0.0 0 0 ? S 10:15 0:00 [migration/0] root 10 0.0 0.0 0 0 ? S 10:15 0:00 [watchdog/0] root 11 0.0 0.0 0 0 ? S 10:15 0:00 [watchdog/1] root 12 0.0 0.0 0 0 ? S 10:15 0:00 [migration/1] root 13 0.0 0.0 0 0 ? S 10:15 0:00 [ksoftirqd/1] root 15 0.0 0.0 0 0 ? S< 10:15 0:00 [kworker/1:0H] root 16 0.0 0.0 0 0 ? S 10:15 0:00 [watchdog/2] root 17 0.0 0.0 0 0 ? S 10:15 0:00 [migration/2] root 18 0.0 0.0 0 0 ? S 10:15 0:00 [ksoftirqd/2] root 20 0.0 0.0 0 0 ? S< 10:15 0:00 [kworker/2:0H] root 21 0.0 0.0 0 0 ? S 10:15 0:00 [watchdog/3] root 22 0.0 0.0 0 0 ? S 10:15 0:00 [migration/3] root 23 0.0 0.0 0 0 ? S 10:15 0:00 [ksoftirqd/3] root 25 0.0 0.0 0 0 ? S< 10:15 0:00 [kworker/3:0H] root 26 0.0 0.0 0 0 ? S 10:15 0:00 [kdevtmpfs] root 27 0.0 0.0 0 0 ? S< 10:15 0:00 [netns] root 28 0.0 0.0 0 0 ? S< 10:15 0:00 [perf] .
Monitor Linux processes using traditional top command.
Monitor Linux processes using glances, a new real-time process monitoring tool for Linux.
Find Out Process PID Number
To find out the PID of a process, you can use pidof , a simple command to print out the PID of a process:
$ pidof firefox $ pidof python $ pidof cinnamon
Coming back to our point of focus, assuming you already know the PID of a process, you can print its name using the command form below:
Find Out Process Name Using PID Number
In this section, we will see how to find out a process name using its PID number with the help of user defined format i.e comm= which means command name, same as the process name.
$ ps -p 2523 -o comm= $ ps -p 2295 -o comm=
For additional usage information and options, look through the ps man page.
If you want to kill a process using its PID number, I suggest you to read Find and Kill Linux Processes Using its PID.
Thats it for the moment, if you know any other better way to find out a process name using PID, do share with us via our comment section below.