Getting the (parent) process executing the command in Linux shell

Question

Please advice , how to verify the program that execute the process ?

For example

the following commands ( ps -ef ) will view the process sendmail in case this process is running

  ps –ef | grep sendmail
  root     9558 9544 019:05?      00:00:00/usr/sbin/sendmail-FCronDaemon-i-odi-oem-oi-t

what I want to find is the script that execute the binary /usr/sbin/sendmail

so my question – which flags I need to add to the syntax "ps –ef" in order to get from ps –ef the full details , include which program running the process

is it possible ?

• Example and remark

If /etc/rc3.d/sendmail run the binary /usr/sbin/sendmail

Then I expect to see the /etc/rc3.d/sendmail PATH from the command ps –ef …….

Answer 1

What do you need is a tree output and know the parent processes.

Example pstree -a:

[~]# pstree -a
init
  ├─atd
  ├─atop -a -w /var/log/atop.log 600
  ├─cron
  ├─dbus-daemon --system --fork --activation=upstart
  ├─getty -8 38400 tty4
  │   ├─sshd
  │   └─sshd
  │       └─zsh
  │           └─pstree -a
  ├─udevd --daemon
  │   ├─udevd --daemon
  │   └─udevd --daemon
  ├─upstart-socket- --daemon
  ├─upstart-udev-br --daemon

Here you can see that there is a process of zsh (my shell) which is running command pstree. The zsh itself was started by process sshd.

Here is the same output for ps -AF:

root     10006   649  0 22329  3944   0 12:48 ?        00:00:00 sshd: root@pts/2
root     10041 10006  0 10355  5276   0 12:48 pts/2    00:00:00 -zsh
root     16465 10041  0  4538  1220   0 12:52 pts/2    00:00:00 ps -AF

The second column is process id and the third column is parent process id. You see that the parent of ps -AF is the shell process 10041. You can always trace back processes to the init (process id 1) by walking them parent by parent.

In your case if you want to find /etc/rc3.d/sendmail you probably need to walk processes up from /usr/sbin/sendmail until you have something of which full path us under /etc/rc3.d.