5

Reading What do the brackets around processes mean? I understand that the executable name is printed.

Linux ps man page:

Sometimes the process args will be unavailable; when this happens, ps will instead print the executable name in brackets.

However with ps -Awwo pid,comm,args I get:

  PID COMMAND         COMMAND
    1 init            init [2]

What does this mean? Does the "executable name" supposed to be init or [2]?

I suppose the executable is of course init - what is [2]? Why is it printed?

(Also, I don't really get why it can't show the full path if it knows the executable name.)

Community
  • 1
n611x007
  • 1,007

1 Answers1

7

Both the comm column and the first word of the args column in the ps output show the name of the executable program if everybody involved follows the default convention. However it is possible to have discrepancies for various reasons.

When a program starts, the command name as shown in the args column is chosen by the parent program that executes the program and passed as an argument (argv[0]). By convention, the parent chooses the base name of the executable (i.e. the path to the executable without the directory part), but this is not enforced. Once the program is running, it can overwrite that string.

Init (at least the traditional Linux SysVinit) overwrites its argv[0] to indicate the current runlevel.

On Linux, the comm column is initially filled in by the kernel to the first 16 characters of the base name of the executable. The process can change the content with the prctl system call.

If the executable is renamed or deleted, neither the comm column nor the args column will reflect this.

ps doesn't display the path to the executable, that's not in its job description. lsof can tell you with lsof -a -p 1 -d txt.

On Linux, you can see this information in files in /proc/PID/:

  • The process name (comm field) in in /proc/1/stat (second field in parentheses) and /proc/1/status (Name field).
  • The path to the executable via /proc/1/exe.
  • The arguments (starting with argv[0]) in /proc/1/cmdline (the arguments are separated by null bytes).
Stéphane Chazelas
  • 544,893
Gilles 'SO- stop being evil'
  • 829,060
  • So the square brackets in [2] is actually a kind of coincidence? They are part of the modified command name made by init, ps doesn't touch them. – n611x007 Nov 24 '13 at 22:19
  • 2
    @naxa Yes, the square brackets in [2] are chosen by init, whereas the square brackets in e.g. [kthreadd] are chosen by ps. – Gilles 'SO- stop being evil' Nov 24 '13 at 22:21
  • @StéphaneChazelas I've added information about the Linux process name, is it ok now? – Gilles 'SO- stop being evil' Aug 06 '14 at 10:25
  • Much better :-) – Stéphane Chazelas Aug 06 '14 at 10:30
  • init as the grand-daddy (PID=1) of all other processes (well apart from the swap daemon but lets not worry about the theoretical PID=0) is always going to be process 1 {unless the unruly teenager systemd gets it's way) - so it replaces the original argument with the current runlevel - which is something that may be of interest to some parties to know. – SlySven Feb 13 '16 at 16:51