Linux user account management - check which user a process is running as
In a Linux system, we can use different commands to see which user a process is running as. This article will introduce three commonly used commands: using ps
the command, using pstree
the command, and using /proc
the directory.
use the ps command
ps
command can be used to list the processes currently running on the system and provide detailed information about each process. The following is to use ps
the command to see which user the process is running as:
ps -eo user,pid,cmd | grep [process_name]
Where, [process_name]
is the name or PID of the process to be found. The above command will output information about all processes associated with that name or PID, including the username running the process.
For example, to see 1234
which user a process with process ID is running as, execute the following command:
ps -eo user,pid,cmd | grep 1234
The first column in the output is the user who ran the process. For example:
username 1234 /usr/bin/process_name
where is username
the username under which the process is running.
Use the pstree command
pstree
The command displays processes in a tree structure, including parent and child processes. The following is to use pstree
the command to see which user the process is running as:
pstree -p [pid] | grep --color=auto [pid]
where is [pid]
the PID of the process to find. The above command will output the process information associated with the specified PID and display it in a tree structure.
For example, to see 1234
which user a process with process ID is running as, execute the following command:
pstree -p 1234 | grep --color=auto 1234
In the output, the username of the process follows the name of its parent process, for example:
├─sshd(username)─┬─sshd(username)───bash
│ └─sshd(username)
└─{
process_name}(1234)
where is username
the username under which the process is running.
Using the /proc directory
The Linux kernel treats all system processes as part of the file system. Each process has its own /proc
directory, which contains information about the process, including its user identity. Here's /proc
how to use the directory to see which user a process is running as:
ls -l /proc/[pid]/exe | awk '{print $3}'
where is [pid]
the PID of the process to find. In the above commands, use ls
the command to list process-related file information, and then use awk
the command to filter the output content, and only output a line containing the user name.
For example, to see 1234
which user a process with process ID is running as, execute the following command:
ls -l /proc/1234/exe | awk '{print $3}'
The output is the username under which the process is running.
Compare various methods of viewing which user a process is running as
The following table compares the differences between using three different methods to find out which user a process is running as:
Order | output information | Result Clarity | Convenience |
---|---|---|---|
ps -eo user,pid,cmd | grep [process_name] | Username, PID and process name | high |
pstree -p [pid] | grep --color=auto [pid] | Parent and child processes, and display them in a tree structure | middle |
ls -l /proc/[pid]/exe | awk ‘{print $3}’ | username | high |
In general, using ps
the command is the most common way to find out which user a process is running as, but if you need to know additional information or look up the process tree, consider using the pstree
command. Using /proc
a directory is more tedious, but usually gives the most accurate results.
This article describes three methods in Linux that you can use to find out which user a process is running as. Regardless of the method you use, knowing which user a process is running as can help you better manage and use your system.