We often need to figure out the command-line arguments that we pass to a running process. We can then use them for debugging or troubleshooting purposes.
In this tutorial, we’ll look at several ways to accomplish this. All of the methods we’ll be using below require us to know the PID of the process. Because of that, we’ll briefly go over how we can figure out the PID for a process.
2. Finding the PID of a Process
We can use the ps command to get a lot of useful information about running processes. To find the PID of our process, we can use the ps command to list all processes and then search the output for our process using grep:
$ ps -ef | grep mongo mongodb 811 1 0 06:11 ? 00:00:36 /usr/bin/mongod --config /etc/mongod.conf
With this output, we see that 811 is the PID of the process we are looking for. We can also use the pgrep command to do this in a single step:
$ pgrep -l -f mongod 811 mongod
3. Using the ps Command to Get Arguments Using PID
Once the PID is known, we can use the ps command to get detailed output about the process:
$ ps -fp 1366 UID PID PPID C STIME TTY TIME CMD kd 1366 1 4 06:12 ? 00:05:08 /opt/google/chrome/chrome --enable-crashpad $ ps -fp 90960 UID PID PPID C STIME TTY TIME CMD kd 90960 1535 0 07:10 ? 00:00:07 /opt/google/chrome/chrome --type=renderer --enable-crashpad -
While the above command works perfectly fine for short commands, we see that the line is truncated for longer commands as seen in the latter case. To prevent this, we can pass the -ww option to the ps, for wide output, as follows:
$ ps -ww -fp 23441 UID PID PPID C STIME TTY TIME CMD kd 23441 1535 0 06:26 ? 00:00:00 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=1485 ...
The ps command also provides an option -o that enables us to specify the format for output. So, if we need only the arguments, we can get rid of all the other unnecessary columns in the table and have the command print only what we need:
$ ps -o args= -ww -fp 23441 /opt/google/chrome/chrome --type=renderer --enable-crashpad --crashpad-handler-pid=1485 --enable-crash-reporter=e8242aea-a1ad-40f1-9787-b33d85f30b99 ...
We can readily use this output for further processing by removing the command from the start, which will leave us with just the list of arguments.
4. Reading /proc/<pid>/cmdline
For every process running on our system, Linux creates a directory under the /proc/ directory. For the process with pid 1366, the directory will be /proc/1366. This directory contains various files that can give information about the particular process. We must note that the /proc directory doesn’t really exist on the disk and is created by the OS as an in-memory filesystem for utility purposes.
To get the arguments that we pass to a process, we can read the cmdline file under the process folder as follows:
$ cat /proc/1366/cmdline /opt/google/chrome/chrome --enable-crashpad
Depending on the terminal application we’re using, we might have a badly formatted output because the system replaces the spaces in the command with NUL characters. We can further process this output using the sed command to convert these NULs into spaces:
$ cat /proc/1366/cmdline | sed -e "s/\x00/ /g"; echo /opt/google/chrome/chrome --enable-crashpad
We have added an echo command at the end to simply end the output with a newline character. We can also use other commands such as xargs, tr, or strings to directly read the file with spaces instead of NULs:
$ xargs -0 < /proc/1366/cmdline /opt/google/chrome/chrome --enable-crashpad $ tr '\0' ' ' < /proc/1366/cmdline; echo /opt/google/chrome/chrome --enable-crashpad $ strings /proc/1366/cmdline /opt/google/chrome/chrome --enable-crashpad
In this article, we looked at two different ways of getting the list of arguments that we pass to a running process. Using the ps command is the easiest way to accomplish this.
We can also read the /proc/<pid>/cmdline with the appropriate PID of the process.