The [P]ID Trick

I spend a surprising amount of time pawing through process tables on various UNIX boxes. The biggest problem I run into is that the grep process itself generally shows up in the process table while the search is running, so it gets picked up. The downside there is that grep still finds stuff, even if the process doesn't exist!

→  ps -ef | grep 12345
501 71075 70391   0 10:49AM ttys015    0:00.00 grep 12345

See? There is no process 12345, but there is a grep for it.

The naive solution (which I used for years) is to grep out the grep:

→  ps -ef | grep 12345 | grep -v grep

It works (unless process 12345 is itself a grep), but it feels bad.

A while back, I picked up a technique that uses the power of regular expressions:

→  ps -ef | grep 1[2]345

This works because [2] in grep's implementation of regular expression is a character class match; it matches any character in the set '2' (which is just a literal '2'). However, in the process table entry for the searching grep, the literal command line is 1[2]345, which doesn't match.

I call this "The [P]ID Trick" because I usually employ it to find processes by their process ID (almost always from a pidfile somewhere).

You can put the brackets anywhere. You don't even have to be looking for a process ID! This finds all SSH processes (client and server):

→  ps -ef | grep s[s]h

Happy Hacking!

James (@iamjameshunt) works on the Internet, spends his weekends developing new and interesting bits of software and his nights trying to make sense of research papers.

Currently working on Rook.