Search code examples
c++linuxproc

How can I get a list of processes running by a specific user?

I'm reading the list of running processes from /proc/. And from the file (status) I get some information I need about the process. I need to know the user ID that started the process. In the status file I see two fields that are interesting to me: uid and gid. After reading on the Internet, I found out that uid is the user identifier, and gid is the group identifier. please tell me how to read the value into the uid_t type? So I can compare it with the value obtained from the geteuid() function? I need to select from the list of processes only processes launched by a specific user.

This is how I currently read information from the /proc/status file:

ProcessInfo getInfoFromFileByPID(char pid[], const char* filename)
{
   printf("getInfoFromFileByPID param = %s %s\n", pid, filename);
 
   char            path[256];
   FILE*           fp;
   char            szFullLine[256];
   size_t          len;
   ProcessInfo     process;
   uid_t uid       = geteuid();  // получим идентификатор текущего пользователя
 
 
   snprintf(path, sizeof(path), filename, pid);
 
   fp = fopen(path, "r");
   if (fp)
   {
       memset(szFullLine, 0x00, sizeof(szFullLine));
       len = fread(szFullLine, sizeof(char), sizeof(szFullLine), fp);
       fclose(fp);
 
 
       if( len > 0 )
       {
 
           std::string str(szFullLine);
           std::map<std::string, std::string> map = mappify(str);
 
 
           if (map.find("Name") != map.end())
               process.Name = map["Name"];
           if (map.find("Pid") != map.end())
               process.PID = std::stoi(map["Pid"]);
 
 
           std::cout << "info: " << str << std::endl;
           return process;
       }
   }
   return process;
}

Please tell me where I can find out what IP addresses and ports the process uses? For example, if I launched Skype, I want to get the hostname where it sends data and the port.

Solution

  • The Uid: field in /proc/PID/status is indeed what you want. Linux however has not just one UID that is assigned to a process, but 4:

    • The real user id
    • The effective user id
    • The saved set user id
    • The filesystem access user id

    This is also the order in which the numbers in /proc/PID/status

    Unless you are doing something weird when it comes to permissions, what you most likely want to use is either the real user id (first field) or the effective user id (second field). (getuid() returns the real user id, geteuid() returns the effective user id.)

    So on a desktop Linux system, you'll most likely have a line in the form

    Uid:    1000      1000      1000      1000

    If you split that string and take the first number, that'll be your real user id, the second number the effective user id. For example, when you run sudo -i, that'll have the following user ids:

    Uid:    1000      0       0       0

    The real user id 1000 indicates that the user with id 1000 started the program, but the other ids being set to 0 indicate that the program actually has root privileges. (Root is always uid 0.)

    As to the other part of your question: uid_t is just an integer type, typically unsigned int on modern Linux systems, which is a 32bit unsigned integer.