如何查看给定进程名称的所有实例的所有祖先?
答案1
该pstree程序似乎对此非常好,例如
$ pidof bash | xargs -n 1 pstree -sp
init(1)───lightdm(1284)───lightdm(1577)───init(2017)───gnome-terminal(2595)───bash(18001)───man(10946)───pager(10955)
init(1)───lightdm(1284)───lightdm(1577)───init(2017)───gnome-terminal(2595)───bash(12895)
init(1)───sshd(1181)───sshd(11860)───sshd(11938)───bash(11939)───xargs(12124)───pstree(12127)
init(1)───sshd(1181)───sshd(9235)───sshd(9316)───bash(9317)
init(1)───lightdm(1284)───lightdm(1577)───init(2017)───gnome-terminal(2595)───bash(2897)
答案2
我制定了以下一行来实现这一目标;可能有更好的方法。正则表达式/[b]ash/用于选择要匹配的进程名称。
ps -ef | awk ' NR == 1 { header = $0; next } { pid[$2] = $0 } /[b]ash/ { toprint[$2] } END { print header; for (i in toprint) { while (i != 1) { split(pid[i], pieces, " "); i = pieces[3]; toprint[i] } } for (i in toprint) { print pid[i] } }'
事实上,我首先把它写成一个完整的剧本,然后把它浓缩成一句台词;这是更易读的版本:
ps -ef | awk '
NR == 1 {
header = $0
next
}
{
pid[$2] = $0 # Save all lines of ps -ef in this array, stored by PID
}
/[b]ash/ { # Modify this regex to change the filter
toprint[$2] # Designate all these PIDs as "to print"
}
END {
print header
for (i in toprint) { # For each PID designated "to be printed":
while (i != 1) {
split(pid[i], pieces, " ") # Look up the info on that process
i = pieces[3] # Set i to the PPID
toprint[i] # Designate that PPID as "to print"
} # Recurse to get the parent of that process, until PID 1 is reached.
}
for (i in toprint) { # Then actually print the data.
print pid[i]
}
}'
输出示例:
UID PID PPID C STIME TTY TIME CMD
root 23181 23137 0 15:33 pts/2 00:00:00 sudo su
vagrant 23136 23133 0 15:33 ? 00:00:01 sshd: vagrant@pts/2
root 23182 23181 0 15:33 pts/2 00:00:00 su
vagrant 23137 23136 0 15:33 pts/2 00:00:00 -bash
root 1041 1 0 Jan16 ? 00:00:00 /usr/sbin/sshd
root 23183 23182 0 15:33 pts/2 00:00:00 bash
root 12980 1 0 10:58 ? 00:00:01 /bin/bash /var/cfengine/bin/runalerts.sh
root 1 0 0 Jan16 ? 00:00:01 /sbin/init
root 23133 1041 0 15:33 ? 00:00:00 sshd: vagrant [priv]
请注意上面列表中列出的父 PID。