Security Tip: Find out current working directory of a process

by on November 14, 2007 · 3 comments· Last updated November 14, 2007

For security reason you may need to find out current working directory of a process. You can obtained this information by visiting /proc/pid/cwd directory or using the pwdx command. It reports the current working directory of a process or processes.

Find out out working directory for a process

Run ps aux to find out PID of a process:
$ ps aux | grep {process-name}

To find out current working directory of a PID 13456:
$ pwdx 13456
Output:
13456: /tmp/.xy

Look like someone try to hide process (PID # 13456) /tmp/.xy directory. You can also run command:
$ ls -l /proc/13456/cwd
Output:
lrwxrwxrwx 1 apache apache 0 Nov 14 05:30 /proc/13456/cwd -> /tmp/.xy



You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

{ 3 comments… read them below or add one }

1 virens November 14, 2007 at 8:22 pm

Great thing, I usually use lsof | grep whtaiwant. Thanks!

Reply

2 vivek November 15, 2007 at 1:19 am

yup, lsof is a nifty tool for admins.

Reply

3 Gagan Brahmi November 23, 2007 at 10:31 pm

Hey Vivek,

You can add the lsof command for this as well.

# lsof -p 13456|more

The more option over here is to make sure you don’t run out to the next page as the current working directory will be displayed right at the top.

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 12 + 8 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.




Tagged as: , , , , , , , ,

Previous post:

Next post: