The UNIX and Linux Forums  
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Dummies Questions & Answers
Reload this Page Process and its initiator's IP
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: Process and its initiator's IP
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #2 (permalink)  
Old 10-15-2002
Perderabo's Avatar
Perderabo Perderabo is offline Forum Staff  
Unix Daemon
  
 

Join Date: Aug 2001
Location: Ashburn, Virginia
Posts: 9,100
You should be giving each user a unique id which is used to login to your system. This id would then appear in the UID field of your "ps" listing. Then you would know the user who started the process and if you really cared which workstation he used to start the process you could just ask him. But this won't work if you let many people log on as "oracle" or something.

If there is a value like "pts/23" in the TTY field, you can try "ps -ft pts/23" and get all the processes using that tty.

The start time of the process (STIME) may be a clue. You can see who was logged on at that time by checking your wtmp file. (who /var/adm/wtmp)

You can look at the PPID field to get the parent. And get the parent of that and so on all the way to pid 1. Ignore pid 1 and look at the process whose parent is 1. If this is inetd, look at the next process in the chain. If this is something like xterm or telnetd, it will have a connection to a remote system. You can use "lsof -p" to see that connection.