Loading ...Security Tip: Find out current working directory of a process
For security reason you may need to find out current working directory of a process. You can obtained this information by visiting /proc/pid/cwd directory or using the pwdx command. It reports the current working directory of a process or processes.
Find out out working directory for a process
Run ps aux to find out PID of a process:
$ ps aux | grep {process-name}
To find out current working directory of a PID 13456:
$ pwdx 13456
Output:
13456: /tmp/.xy
Look like someone try to hide process (PID # 13456) /tmp/.xy directory. You can also run command:
$ ls -l /proc/13456/cwd
Output:
lrwxrwxrwx 1 apache apache 0 Nov 14 05:30 /proc/13456/cwd -> /tmp/.xy
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or full RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in...
- Download of the day: Linux Weather wallpaper
- Finding out who is logged on to a Solaris system
- How do I find out what shell I’m using?
- Understanding UNIX process creation
- HP-UX - logname command is not working
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: cwd, grep_command, Linux, pid, proc fs, processes, ps_command, pwdx_command, Security ~ Last updated on: November 14, 2007
Great thing, I usually use lsof | grep whtaiwant. Thanks!
yup, lsof is a nifty tool for admins.
Hey Vivek,
You can add the lsof command for this as well.
# lsof -p 13456|more
The more option over here is to make sure you don’t run out to the next page as the current working directory will be displayed right at the top.