i'm analysing the procfs in unix/linux and some loginuid of processes are really strange. Some pid's have as loginuid a big number: 4294967295. Are they daemons or system events or whats the matter?
# cat /proc/11071/loginuid
4294967295
The proc filesystem is a pseudo-filesystem which provides an interface to kernel data structures. It is commonly mounted at /proc.
Proc file system (procfs) is virtual file system created on fly when system boots and is dissolved at time of system shut down. It contains useful information about the processes that are currently running, it is regarded as control and information center for kernel.
The /proc/stat file holds various pieces of information about the kernel activity and is available on every Linux system.
Function proc_self::exe[−][src]Returns a File of the currently running executable. Akin to fd::File::open("/proc/self/exe") on Linux.
4294967295 is just (unsigned long) -1. -1 means that loginuid was not set. This is normal behavior for processes that were not spawned by any login process (e.g. for daemons). loginuid is -1 by default; pam_loginuid module changes it to your user id whenever you login (in a tty/in DM/via ssh), and this value is preserved by child processes.
I am gravedigging, but I stumped on this and I have infos to share.
loginuid support required the kernel compiled with CONFIG_AUDITSYSCALL
To check:
zgrep CONFIG_AUDITSYSCALL /boot/config* /proc/config.gz
At the moment, I can check on two centos hosts. Both of them have 64 bit kernels compiled with CONFIG_AUDITSYSCALL=y
I am logged as a normal user in bash.
centos 5.11, kernel 2.6.18-419.el5
cat /proc/$$/loginuid
4294967295
centos 6.10, kernel 2.6.32-754.28.1.el6
cat /proc/$$/loginuid
503
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With