proc(5) File Formats Manual proc(5)
NAME
proc - process information, system information, and sysctl pseudo-
filesystem
DESCRIPTION
The proc filesystem is a pseudo-filesystem which provides an interface
to kernel data structures. It is commonly mounted at /proc. Typically,
it is mounted automatically by the system, but it can also be mounted
manually using a command such as:
mount -t proc proc /proc
Most of the files in the proc filesystem are read-only, but some files
are writable, allowing kernel variables to be changed.
Mount options
The proc filesystem supports the following mount options:
hidepid=n (since Linux 3.3)
This option controls who can access the information in /proc/pid
directories. The argument, n, is one of the following values:
0 Everybody may access all /proc/pid directories. This is the
traditional behavior, and the default if this mount option is
not specified.
1 Users may not access files and subdirectories inside any
/proc/pid directories but their own (the /proc/pid directo-
ries themselves remain visible). Sensitive files such as
/proc/pid/cmdline and /proc/pid/status are now protected
against other users. This makes it impossible to learn
whether any user is running a specific program (so long as
the program doesn't otherwise reveal itself by its behavior).
2 As for mode 1, but in addition the /proc/pid directories be-
longing to other users become invisible. This means that
/proc/pid entries can no longer be used to discover the PIDs
on the system. This doesn't hide the fact that a process
with a specific PID value exists (it can be learned by other
means, for example, by "kill -0 $PID"), but it hides a
process's UID and GID, which could otherwise be learned by
employing stat(2) on a /proc/pid directory. This greatly
complicates an attacker's task of gathering information about
running processes (e.g., discovering whether some daemon is
running with elevated privileges, whether another user is
running some sensitive program, whether other users are run-
ning any program at all, and so on).
gid=gid (since Linux 3.3)
Specifies the ID of a group whose members are authorized to
learn process information otherwise prohibited by hidepid
(i.e., users in this group behave as though /proc was mounted
with hidepid=0). This group should be used instead of ap-
proaches such as putting nonroot users into the sudoers(5)
file.
subset=pid (since Linux 5.8)
Show only the specified subset of procfs, hiding all top level
files and directories in the procfs that are not related to
tasks.
Overview
Underneath /proc, there are the following general groups of files and
subdirectories:
/proc/pid subdirectories
Each one of these subdirectories contains files and subdirecto-
ries exposing information about the process with the correspond-
ing process ID.
Underneath each of the /proc/pid directories, a task subdirectory
contains subdirectories of the form task/tid, which contain cor-
responding information about each of the threads in the process,
where tid is the kernel thread ID of the thread.
The /proc/pid subdirectories are visible when iterating through
/proc with getdents(2) (and thus are visible when one uses ls(1)
to view the contents of /proc).
/proc/tid subdirectories
Each one of these subdirectories contains files and subdirecto-
ries exposing information about the thread with the corresponding
thread ID. The contents of these directories are the same as the
corresponding /proc/pid/task/tid directories.
The /proc/tid subdirectories are not visible when iterating
through /proc with getdents(2) (and thus are not visible when one
uses ls(1) to view the contents of /proc).
/proc/self
When a process accesses this magic symbolic link, it resolves to
the process's own /proc/pid directory.
/proc/thread-self
When a thread accesses this magic symbolic link, it resolves to
the process's own /proc/self/task/tid directory.
/proc/[a-z]*
Various other files and subdirectories under /proc expose system-
wide information.
All of the above are described in more detail in separate manpages whose
names start with proc_.
NOTES
Many files contain strings (e.g., the environment and command line) that
are in the internal format, with subfields terminated by null bytes
('\0'). When inspecting such files, you may find that the results are
more readable if you use a command of the following form to display
them:
$ cat file | tr '\000' '\n'
SEE ALSO
cat(1), dmesg(1), find(1), free(1), htop(1), init(1), ps(1), pstree(1),
tr(1), uptime(1), chroot(2), mmap(2), readlink(2), syslog(2),
slabinfo(5), sysfs(5), hier(7), namespaces(7), time(7), arp(8), hd-
parm(8), ifconfig(8), lsmod(8), lspci(8), mount(8), netstat(8),
procinfo(8), route(8), sysctl(8)
The Linux kernel source files: Documentation/filesystems/proc.rst, Docu-
mentation/admin-guide/sysctl/fs.rst, Documentation/ad-
min-guide/sysctl/kernel.rst, Documentation/admin-guide/sysctl/net.rst,
and Documentation/admin-guide/sysctl/vm.rst.
Linux man-pages 6.9.1 2024-06-15 proc(5)
Generated by dwww version 1.16 on Tue Dec 16 04:29:40 CET 2025.