Get list of processes that were forked off my currently running process?
up vote
2
down vote
favorite
I am writing a wrapper application to bash scripts and want the application to keep a track of which tools/processes have been launched from user scripts. I would like to know what is the best way to determine the list of child processes that were spawned of this parent process.
I tried
- Periodically invoking ps command and building a process tree (like ps -ejH) but this misses out on processes that ran to completion very quickly.
- Using a tool like forkstat that uses the proc connector interface, but that would only run with elevated privileges. While this gives the correct data, running as sudo would not work in my case?
Any suggestions how this can be achieved?
process ps process-management
New contributor
This question has an open bounty worth +50
reputation from divyanshm ending in 6 days.
This question has not received enough attention.
add a comment |
up vote
2
down vote
favorite
I am writing a wrapper application to bash scripts and want the application to keep a track of which tools/processes have been launched from user scripts. I would like to know what is the best way to determine the list of child processes that were spawned of this parent process.
I tried
- Periodically invoking ps command and building a process tree (like ps -ejH) but this misses out on processes that ran to completion very quickly.
- Using a tool like forkstat that uses the proc connector interface, but that would only run with elevated privileges. While this gives the correct data, running as sudo would not work in my case?
Any suggestions how this can be achieved?
process ps process-management
New contributor
This question has an open bounty worth +50
reputation from divyanshm ending in 6 days.
This question has not received enough attention.
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I am writing a wrapper application to bash scripts and want the application to keep a track of which tools/processes have been launched from user scripts. I would like to know what is the best way to determine the list of child processes that were spawned of this parent process.
I tried
- Periodically invoking ps command and building a process tree (like ps -ejH) but this misses out on processes that ran to completion very quickly.
- Using a tool like forkstat that uses the proc connector interface, but that would only run with elevated privileges. While this gives the correct data, running as sudo would not work in my case?
Any suggestions how this can be achieved?
process ps process-management
New contributor
I am writing a wrapper application to bash scripts and want the application to keep a track of which tools/processes have been launched from user scripts. I would like to know what is the best way to determine the list of child processes that were spawned of this parent process.
I tried
- Periodically invoking ps command and building a process tree (like ps -ejH) but this misses out on processes that ran to completion very quickly.
- Using a tool like forkstat that uses the proc connector interface, but that would only run with elevated privileges. While this gives the correct data, running as sudo would not work in my case?
Any suggestions how this can be achieved?
process ps process-management
process ps process-management
New contributor
New contributor
edited Nov 14 at 12:07
New contributor
asked Nov 14 at 12:00
divyanshm
614
614
New contributor
New contributor
This question has an open bounty worth +50
reputation from divyanshm ending in 6 days.
This question has not received enough attention.
This question has an open bounty worth +50
reputation from divyanshm ending in 6 days.
This question has not received enough attention.
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
up vote
2
down vote
pstree -p `pgrep NetworkManager`
NetworkManager(1638)─┬─dhclient(3594)
├─{NetworkManager}(1645)
├─{NetworkManager}(1647)
└─{NetworkManager}(7363)
I think this is what you were looking for.
use direct pid or pgrep with process name.
-p used to print pids of children.
add a comment |
up vote
1
down vote
pgrep command will be helpful. Use this command :
pgrep -P $pid
where $pid
is your process ID.
add a comment |
up vote
0
down vote
If forkstat gives you the correct data that you want, why not edit your sudoers file to allow it to be exicuted without elevation. It is a status monitor, using it as a sercurity breaching head would be difficult, so risk would be low.
whereis forkstat to get its run location.
user host = (root) NOPASSWD: /PATH/TO/FOORKSTAT
Where user is your username and host is your hostname and of course the path to the command.
New contributor
add a comment |
up vote
0
down vote
If you're using Linux, you can use strace
to trace system calls used by a process. For example:
~ strace -e fork,vfork,clone,execve -fb execve -o log ./foo.sh
foo bar
~ cat log
4817 execve("./foo.sh", ["./foo.sh"], [/* 42 vars */]) = 0
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4818
4818 execve("/bin/true", ["/bin/true"], [/* 42 vars */] <detached ...>
4817 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4818, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4819
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4820
4820 execve("/bin/echo", ["/bin/echo", "foo", "bar"], [/* 42 vars */] <detached ...>
4817 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4820, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
4817 +++ exited with 0 +++
4819 execve("/bin/sleep", ["sleep", "1"], [/* 42 vars */] <detached ...>
You can see that the script forked off three processes (PIDs 4818, 4819, 4820) using the clone(2)
system call, and the execve(2)
system calls in those forked off processes show the commands executed.
-e fork,vfork,clone,execve
limits strace output to these system calls
-f
follows child processes
-b execve
detaches from a process when theexecve
is reached, so we don't see further tracing of child processes.
add a comment |
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
pstree -p `pgrep NetworkManager`
NetworkManager(1638)─┬─dhclient(3594)
├─{NetworkManager}(1645)
├─{NetworkManager}(1647)
└─{NetworkManager}(7363)
I think this is what you were looking for.
use direct pid or pgrep with process name.
-p used to print pids of children.
add a comment |
up vote
2
down vote
pstree -p `pgrep NetworkManager`
NetworkManager(1638)─┬─dhclient(3594)
├─{NetworkManager}(1645)
├─{NetworkManager}(1647)
└─{NetworkManager}(7363)
I think this is what you were looking for.
use direct pid or pgrep with process name.
-p used to print pids of children.
add a comment |
up vote
2
down vote
up vote
2
down vote
pstree -p `pgrep NetworkManager`
NetworkManager(1638)─┬─dhclient(3594)
├─{NetworkManager}(1645)
├─{NetworkManager}(1647)
└─{NetworkManager}(7363)
I think this is what you were looking for.
use direct pid or pgrep with process name.
-p used to print pids of children.
pstree -p `pgrep NetworkManager`
NetworkManager(1638)─┬─dhclient(3594)
├─{NetworkManager}(1645)
├─{NetworkManager}(1647)
└─{NetworkManager}(7363)
I think this is what you were looking for.
use direct pid or pgrep with process name.
-p used to print pids of children.
answered 1 hour ago
Devidas
23416
23416
add a comment |
add a comment |
up vote
1
down vote
pgrep command will be helpful. Use this command :
pgrep -P $pid
where $pid
is your process ID.
add a comment |
up vote
1
down vote
pgrep command will be helpful. Use this command :
pgrep -P $pid
where $pid
is your process ID.
add a comment |
up vote
1
down vote
up vote
1
down vote
pgrep command will be helpful. Use this command :
pgrep -P $pid
where $pid
is your process ID.
pgrep command will be helpful. Use this command :
pgrep -P $pid
where $pid
is your process ID.
answered 14 hours ago
Vipul Kumar
333
333
add a comment |
add a comment |
up vote
0
down vote
If forkstat gives you the correct data that you want, why not edit your sudoers file to allow it to be exicuted without elevation. It is a status monitor, using it as a sercurity breaching head would be difficult, so risk would be low.
whereis forkstat to get its run location.
user host = (root) NOPASSWD: /PATH/TO/FOORKSTAT
Where user is your username and host is your hostname and of course the path to the command.
New contributor
add a comment |
up vote
0
down vote
If forkstat gives you the correct data that you want, why not edit your sudoers file to allow it to be exicuted without elevation. It is a status monitor, using it as a sercurity breaching head would be difficult, so risk would be low.
whereis forkstat to get its run location.
user host = (root) NOPASSWD: /PATH/TO/FOORKSTAT
Where user is your username and host is your hostname and of course the path to the command.
New contributor
add a comment |
up vote
0
down vote
up vote
0
down vote
If forkstat gives you the correct data that you want, why not edit your sudoers file to allow it to be exicuted without elevation. It is a status monitor, using it as a sercurity breaching head would be difficult, so risk would be low.
whereis forkstat to get its run location.
user host = (root) NOPASSWD: /PATH/TO/FOORKSTAT
Where user is your username and host is your hostname and of course the path to the command.
New contributor
If forkstat gives you the correct data that you want, why not edit your sudoers file to allow it to be exicuted without elevation. It is a status monitor, using it as a sercurity breaching head would be difficult, so risk would be low.
whereis forkstat to get its run location.
user host = (root) NOPASSWD: /PATH/TO/FOORKSTAT
Where user is your username and host is your hostname and of course the path to the command.
New contributor
New contributor
answered 10 hours ago
Michael Prokopec
566
566
New contributor
New contributor
add a comment |
add a comment |
up vote
0
down vote
If you're using Linux, you can use strace
to trace system calls used by a process. For example:
~ strace -e fork,vfork,clone,execve -fb execve -o log ./foo.sh
foo bar
~ cat log
4817 execve("./foo.sh", ["./foo.sh"], [/* 42 vars */]) = 0
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4818
4818 execve("/bin/true", ["/bin/true"], [/* 42 vars */] <detached ...>
4817 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4818, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4819
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4820
4820 execve("/bin/echo", ["/bin/echo", "foo", "bar"], [/* 42 vars */] <detached ...>
4817 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4820, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
4817 +++ exited with 0 +++
4819 execve("/bin/sleep", ["sleep", "1"], [/* 42 vars */] <detached ...>
You can see that the script forked off three processes (PIDs 4818, 4819, 4820) using the clone(2)
system call, and the execve(2)
system calls in those forked off processes show the commands executed.
-e fork,vfork,clone,execve
limits strace output to these system calls
-f
follows child processes
-b execve
detaches from a process when theexecve
is reached, so we don't see further tracing of child processes.
add a comment |
up vote
0
down vote
If you're using Linux, you can use strace
to trace system calls used by a process. For example:
~ strace -e fork,vfork,clone,execve -fb execve -o log ./foo.sh
foo bar
~ cat log
4817 execve("./foo.sh", ["./foo.sh"], [/* 42 vars */]) = 0
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4818
4818 execve("/bin/true", ["/bin/true"], [/* 42 vars */] <detached ...>
4817 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4818, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4819
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4820
4820 execve("/bin/echo", ["/bin/echo", "foo", "bar"], [/* 42 vars */] <detached ...>
4817 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4820, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
4817 +++ exited with 0 +++
4819 execve("/bin/sleep", ["sleep", "1"], [/* 42 vars */] <detached ...>
You can see that the script forked off three processes (PIDs 4818, 4819, 4820) using the clone(2)
system call, and the execve(2)
system calls in those forked off processes show the commands executed.
-e fork,vfork,clone,execve
limits strace output to these system calls
-f
follows child processes
-b execve
detaches from a process when theexecve
is reached, so we don't see further tracing of child processes.
add a comment |
up vote
0
down vote
up vote
0
down vote
If you're using Linux, you can use strace
to trace system calls used by a process. For example:
~ strace -e fork,vfork,clone,execve -fb execve -o log ./foo.sh
foo bar
~ cat log
4817 execve("./foo.sh", ["./foo.sh"], [/* 42 vars */]) = 0
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4818
4818 execve("/bin/true", ["/bin/true"], [/* 42 vars */] <detached ...>
4817 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4818, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4819
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4820
4820 execve("/bin/echo", ["/bin/echo", "foo", "bar"], [/* 42 vars */] <detached ...>
4817 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4820, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
4817 +++ exited with 0 +++
4819 execve("/bin/sleep", ["sleep", "1"], [/* 42 vars */] <detached ...>
You can see that the script forked off three processes (PIDs 4818, 4819, 4820) using the clone(2)
system call, and the execve(2)
system calls in those forked off processes show the commands executed.
-e fork,vfork,clone,execve
limits strace output to these system calls
-f
follows child processes
-b execve
detaches from a process when theexecve
is reached, so we don't see further tracing of child processes.
If you're using Linux, you can use strace
to trace system calls used by a process. For example:
~ strace -e fork,vfork,clone,execve -fb execve -o log ./foo.sh
foo bar
~ cat log
4817 execve("./foo.sh", ["./foo.sh"], [/* 42 vars */]) = 0
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4818
4818 execve("/bin/true", ["/bin/true"], [/* 42 vars */] <detached ...>
4817 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4818, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4819
4817 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1bb563b9d0) = 4820
4820 execve("/bin/echo", ["/bin/echo", "foo", "bar"], [/* 42 vars */] <detached ...>
4817 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4820, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
4817 +++ exited with 0 +++
4819 execve("/bin/sleep", ["sleep", "1"], [/* 42 vars */] <detached ...>
You can see that the script forked off three processes (PIDs 4818, 4819, 4820) using the clone(2)
system call, and the execve(2)
system calls in those forked off processes show the commands executed.
-e fork,vfork,clone,execve
limits strace output to these system calls
-f
follows child processes
-b execve
detaches from a process when theexecve
is reached, so we don't see further tracing of child processes.
answered 4 hours ago
muru
34.8k580153
34.8k580153
add a comment |
add a comment |
divyanshm is a new contributor. Be nice, and check out our Code of Conduct.
divyanshm is a new contributor. Be nice, and check out our Code of Conduct.
divyanshm is a new contributor. Be nice, and check out our Code of Conduct.
divyanshm is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f481693%2fget-list-of-processes-that-were-forked-off-my-currently-running-process%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown