Find where a process is running from

You may see a process running and wonder exactly where it's running from. Fortunately, there's a way to find out!

Let's say, for instance, the process is as follows:

# ps aux | grep perl | tail -1
user 852679  0.0  0.0  30920  2472 ?        S    Feb17   0:00 perl main.css

To find out where 'perl main.css' started from:

# ls -l /proc/852679/cwd
lrwxrwxrwx 1 user user 0 Feb 22 16:16 /proc/852679/cwd -> /home/user/public_html/domain.com/

As you can see, process 852679 originated from the directory /home/user/public_html/domain.com/

This can be helpful when tracking down processes that you've not seen before, malware, etc.
  • 3 Users Found This Useful
Was this answer helpful?

Related Articles

Running a ClamAV and Maldet scan on cPanel servers

You may be familiar with ClamAV and Maldet (aka Linux Malware Detect). They're widely known as...

What is mysqluserstore?

On cPanel servers, you may come across the process...

Installing the LiteSpeed WHM Plugin

If your server is running cPanel/WHM, simply execute the below commands via SSH (as root):wget...

Changing the timezone

If you're like us, you'll want your server's timezone to match your local time to make log...

Finding the largest files and directories

This nifty command allows you to built up a list of the largest files and...