Docs / Linux Basics / Understanding /proc and /sys Virtual Filesystems

Understanding /proc and /sys Virtual Filesystems

By Admin · Mar 15, 2026 · Updated Apr 23, 2026 · 260 views · 4 min read

The /proc and /sys directories are virtual filesystems that provide a window into the kernel and running system. They do not contain real files on disk — instead, reading these files queries the kernel in real time, and writing to some of them changes kernel behavior on the fly.

/proc: Process and System Information

The /proc filesystem contains one directory per running process (named by PID), plus system-wide information files.

Per-Process Information

# Each process has a directory /proc/[PID]/
ls /proc/1/    # PID 1 is systemd

# Key files per process:
cat /proc/1/cmdline    # Command line that started the process
cat /proc/1/status     # Process status (name, state, memory, threads)
cat /proc/1/environ    # Environment variables
cat /proc/1/limits     # Resource limits
ls -la /proc/1/fd/     # Open file descriptors
cat /proc/1/maps       # Memory mappings

# Practical: Find the command line of a mysterious process
cat /proc/12345/cmdline | tr "" " " && echo

# Find memory usage of a specific process
grep -E "VmRSS|VmSize" /proc/$(pgrep mysqld)/status
# VmSize: 1048576 kB   (virtual memory)
# VmRSS:   524288 kB   (physical memory used)

System-Wide Information

# CPU information
cat /proc/cpuinfo | grep "model name" | head -1
grep -c processor /proc/cpuinfo    # Number of CPUs

# Memory information
cat /proc/meminfo | head -10

# Kernel version
cat /proc/version

# System uptime (in seconds)
cat /proc/uptime
# 1234567.89 2345678.90
# First number: uptime in seconds
# Second number: idle time across all CPUs

# Load average
cat /proc/loadavg
# 0.25 0.18 0.12 1/256 34567
# 1min 5min 15min running/total lastPID

# Mounted filesystems
cat /proc/mounts

# Network statistics
cat /proc/net/dev       # Per-interface traffic counters
cat /proc/net/tcp       # Active TCP connections (hex format)
cat /proc/net/sockstat  # Socket statistics summary

Tuning Kernel Parameters via /proc/sys

# /proc/sys contains writable kernel parameters
# Changes take effect immediately but are lost on reboot

# View a parameter
cat /proc/sys/vm/swappiness
# 60

# Change a parameter (temporary)
echo 10 | sudo tee /proc/sys/vm/swappiness

# Make permanent with sysctl
echo "vm.swappiness=10" | sudo tee -a /etc/sysctl.d/99-tuning.conf
sudo sysctl -p /etc/sysctl.d/99-tuning.conf

# Common tunable parameters:
# vm.swappiness = 10                    # Reduce swap usage
# net.core.somaxconn = 65535            # Max socket connections
# net.ipv4.tcp_max_syn_backlog = 65535  # SYN queue size
# fs.file-max = 2097152                 # Max open files system-wide
# net.ipv4.ip_local_port_range = 1024 65535  # Available ports

/sys: Hardware and Driver Information

# /sys provides a structured view of hardware devices and drivers

# Block devices (disks)
ls /sys/block/
cat /sys/block/vda/size          # Disk size in 512-byte sectors
cat /sys/block/vda/queue/scheduler  # I/O scheduler

# CPU information
ls /sys/devices/system/cpu/
cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq  # Current frequency

# Memory information
ls /sys/devices/system/memory/

# Network interfaces
ls /sys/class/net/
cat /sys/class/net/eth0/speed      # Link speed in Mbps
cat /sys/class/net/eth0/address    # MAC address
cat /sys/class/net/eth0/operstate  # Link state (up/down)
cat /sys/class/net/eth0/statistics/rx_bytes  # Bytes received
cat /sys/class/net/eth0/statistics/tx_bytes  # Bytes transmitted

Practical Monitoring Scripts

#!/bin/bash
# Quick system health check using /proc
echo "=== System Health ==="
echo "Uptime: $(awk "{printf "%.1f days", $1/86400}" /proc/uptime)"
echo "Load: $(cat /proc/loadavg | cut -d" " -f1-3)"
echo "CPUs: $(grep -c processor /proc/cpuinfo)"
echo "RAM Total: $(awk "/MemTotal/ {printf "%.1f GB", $2/1048576}" /proc/meminfo)"
echo "RAM Available: $(awk "/MemAvailable/ {printf "%.1f GB", $2/1048576}" /proc/meminfo)"
echo "Swap Used: $(awk "/SwapTotal/ {t=$2} /SwapFree/ {printf "%.1f MB", (t-$2)/1024}" /proc/meminfo)"
echo "Processes: $(ls -d /proc/[0-9]* | wc -l)"
echo "Open Files: $(cat /proc/sys/fs/file-nr | cut -f1)"

Security Considerations

  • /proc can expose sensitive information (environment variables may contain passwords)
  • Use hidepid=2 mount option to prevent users from seeing other users processes
  • Restrict access to /proc/sys to prevent unauthorized kernel parameter changes
# Hide other users processes
# Add to /etc/fstab:
# proc /proc proc defaults,hidepid=2 0 0
# Then remount:
sudo mount -o remount,hidepid=2 /proc

Was this article helpful?

Related Articles