I want to find the PID of all processes which were run by a cmdline call which contains a certain string my_exec
.
For instance, with macOS or Ubuntu, open a terminal and run /bin/bash
, and then in another terminal type ps all | grep '/bin/bash'
.
You will be prompted with something like this
501 2995 2366 0 31 0 4290112 1424 - Ss+ s000 0:00.01 /bin/bash --noediting -i
0 2316 2274 0 31 0 4349520 6376 - Ss s007 0:00.02 login -pfl my_username /bin/bash -c exec -la bash /bin/bash
0 2325 2274 0 31 0 4349520 6380 - Ss s008 0:00.02 login -pfl my_username /bin/bash -c exec -la bash /bin/bash
501 8246 2333 0 31 0 4279872 1520 - S+ s008 0:00.00 /bin/bash
501 8255 8248 0 31 0 4267768 888 - S+ s014 0:00.00 grep /bin/bash
The second column is the PID so I will be able to get it playing with sed.
With Ubuntu the format of the output of ps all
slightly different, so one should use different sed calls, anyway it is easy to handle this.
The problem is that among the various Linux distros the format of the output of ps
can be completely different. For instance this is the case of Alpine Linux, for which I am not even able to get the column containing the cmdline.
What can I do for having a portable code? Maybe examining manually the files /proc/<PID>/cmdline
(maybe there are problem of permissions here)?
This is my code so far, please help me for the else part.
if [ "$(uname)" == "Darwin" ]; then
pid=$(ps all|grep 'my_exec'|sed 's/^[[:space:]]*[a-z0-9]*//g'|sed 's/^[[:space:]]*\([0-9]*\)[^0-9].*/\1/g');
pid=$(echo $pid|xargs)
IFS=' ' read -r -a array <<< "$pid"
else
%portable code for various linux distros
fi