Linux user account management - check which user a process is running as
In a Linux system, we can use different commands to see which user a process is running as. This article will introduce three commonly used commands: using psthe command, using pstreethe command, and using /procthe directory.
use the ps command
pscommand can be used to list the processes currently running on the system and provide detailed information about each process. The following is to use psthe command to see which user the process is running as:
ps -eo user,pid,cmd | grep [process_name]
Where, [process_name]is the name or PID of the process to be found. The above command will output information about all processes associated with that name or PID, including the username running the process.
For example, to see 1234which user a process with process ID is running as, execute the following command:
ps -eo user,pid,cmd | grep 1234
The first column in the output is the user who ran the process. For example:
username 1234 /usr/bin/process_name
where is usernamethe username under which the process is running.
Use the pstree command
pstreeThe command displays processes in a tree structure, including parent and child processes. The following is to use pstreethe command to see which user the process is running as:
pstree -p [pid] | grep --color=auto [pid]
where is [pid]the PID of the process to find. The above command will output the process information associated with the specified PID and display it in a tree structure.
For example, to see 1234which user a process with process ID is running as, execute the following command:
pstree -p 1234 | grep --color=auto 1234
In the output, the username of the process follows the name of its parent process, for example:
├─sshd(username)─┬─sshd(username)───bash
│ └─sshd(username)
└─{
process_name}(1234)
where is usernamethe username under which the process is running.
Using the /proc directory
The Linux kernel treats all system processes as part of the file system. Each process has its own /procdirectory, which contains information about the process, including its user identity. Here's /prochow to use the directory to see which user a process is running as:
ls -l /proc/[pid]/exe | awk '{print $3}'
where is [pid]the PID of the process to find. In the above commands, use lsthe command to list process-related file information, and then use awkthe command to filter the output content, and only output a line containing the user name.
For example, to see 1234which user a process with process ID is running as, execute the following command:
ls -l /proc/1234/exe | awk '{print $3}'
The output is the username under which the process is running.
Compare various methods of viewing which user a process is running as
The following table compares the differences between using three different methods to find out which user a process is running as:
| Order | output information | Result Clarity | Convenience |
|---|---|---|---|
| ps -eo user,pid,cmd | grep [process_name] | Username, PID and process name | high |
| pstree -p [pid] | grep --color=auto [pid] | Parent and child processes, and display them in a tree structure | middle |
| ls -l /proc/[pid]/exe | awk ‘{print $3}’ | username | high |
In general, using psthe command is the most common way to find out which user a process is running as, but if you need to know additional information or look up the process tree, consider using the pstreecommand. Using /proca directory is more tedious, but usually gives the most accurate results.
This article describes three methods in Linux that you can use to find out which user a process is running as. Regardless of the method you use, knowing which user a process is running as can help you better manage and use your system.