Who is REALLY running a process? 1

[Xitron]

Hi all.

In AIX 4.3.3*, what can I do within a script to learn who is REALLY running a process?

Here's the situation:
I've written a bash script that runs once a minute which checks the output of 'ps -Ao %C,%u,%p,%n,%a' for CPU (second field) utilization that exceeds a given threshhold. If it does, that line of output is emailed to me, the SysAdmin.

Often, though, these things are running as 'root' by myself or another admin while su'd to root, so they show up as being owned by 'root', but I'd like to see the actual user behind the su to root. For instance, if I su to root and run 'who am i', my real identity is revealed. Is there some way I can obtain that information from within my script, where I point to the process ID and ask, who is that REALLY?

Thanks all!

Unca Xitron

 

[unixtechie]

You can trace this back with `lsof` using the following:

#lsof -l | grep "whatever"

#lsof -p PID (whatever the pid of the grep is)

#lsof /dev/pts/X (where X is the pts device under the NAME column)

 

[Xitron]

Thank you, unixtechie!

Unca Xitron

 

[RodKnowlton]

You could add a %y (tty) field to your ps command, then use that tty value to execute another ps to be mailed. I'd add the %P (parent PID) field so you can figure out who spawned who:

[tt]
# HOGTTY = the tty you parsed

ps -t${HOGTTY} -o %C,%u,%p,%P,%n,%a

[/tt]


Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L