Find where a process is running from

You may see a process running and wonder exactly where it's running from. Fortunately, there's a way to find out!

Let's say, for instance, the process is as follows:

# ps aux | grep perl | tail -1
user 852679  0.0  0.0  30920  2472 ?        S    Feb17   0:00 perl main.css

To find out where 'perl main.css' started from:

# ls -l /proc/852679/cwd
lrwxrwxrwx 1 user user 0 Feb 22 16:16 /proc/852679/cwd -> /home/user/public_html/domain.com/

As you can see, process 852679 originated from the directory /home/user/public_html/domain.com/

This can be helpful when tracking down processes that you've not seen before, malware, etc.
  • 3 Users Found This Useful
Was this answer helpful?

Related Articles

You may be familiar with ClamAV and Maldet (aka Linux Malware Detect). They're widely known as two excellent choices for identifying malware. What you may not realize, however, is that they can be...

Read More ...

On cPanel servers, you may come across the process /usr/local/cpanel/bin/mysqluserstore/usr/local/cpanel/bin/mysqluserstore creates and updates the /var/cpanel/databases/users.db and...

Read More ...

If your server is running cPanel/WHM, simply execute the below commands via SSH (as root):wget http://www.litespeedtech.com/packages/cpanel/lsws_whm_plugin_install.shsh...

Read More ...

If you're like us, you'll want your server's timezone to match your local time to make log management easier. Fortunately, this is easy to do! This guide works perfectly on servers running CentOS...

Read More ...

This nifty command allows you to built up a list of the largest files and directories:FS='/';clear;date;df -h $FS; echo "Largest Directories:"; du -hcx –max-depth=2 $FS 2>/dev/null | grep [0-9]G...

Read More ...