Please advice , how to verify the program that execute the process ?
For example
the following commands ( ps -ef ) will view the process sendmail in case this process is running
ps –ef | grep sendmail
root 9558 9544 019:05? 00:00:00/usr/sbin/sendmail-FCronDaemon-i-odi-oem-oi-t
what I want to find is the script that execute the binary /usr/sbin/sendmail
so my question – which flags I need to add to the syntax "ps –ef" in order to get from ps –ef the full details , include which program running the process
is it possible ?
If /etc/rc3.d/sendmail run the binary /usr/sbin/sendmail
Then I expect to see the /etc/rc3.d/sendmail PATH from the command ps –ef …….
What do you need is a tree output and know the parent processes.
Example pstree -a:
[~]# pstree -a
init
├─atd
├─atop -a -w /var/log/atop.log 600
├─cron
├─dbus-daemon --system --fork --activation=upstart
├─getty -8 38400 tty4
│ ├─sshd
│ └─sshd
│ └─zsh
│ └─pstree -a
├─udevd --daemon
│ ├─udevd --daemon
│ └─udevd --daemon
├─upstart-socket- --daemon
├─upstart-udev-br --daemon
Here you can see that there is a process of zsh (my shell) which is running command pstree. The zsh itself was started by process sshd.
Here is the same output for ps -AF:
root 10006 649 0 22329 3944 0 12:48 ? 00:00:00 sshd: root@pts/2
root 10041 10006 0 10355 5276 0 12:48 pts/2 00:00:00 -zsh
root 16465 10041 0 4538 1220 0 12:52 pts/2 00:00:00 ps -AF
The second column is process id and the third column is parent process id. You see that the parent of ps -AF is the shell process 10041. You can always trace back processes to the init (process id 1) by walking them parent by parent.
In your case if you want to find /etc/rc3.d/sendmail you probably need to walk processes up from /usr/sbin/sendmail until you have something of which full path us under /etc/rc3.d.