The folks at SANS have a nice resource (requires an account and auth to access, but if a person searches the web they can find that others have posted this info to sites that do not require auth) for incident handlers called the Intrusion Discovery Cheat Sheet for Linux; it is quick crash course in commands that can be useful to find out if anything odd is occurring on a host.
Yesterday, I was working on a machine and wanted to obtain the Parent PID (ppid) of a process with the pid of 5485. I turned to the SANS cheat sheet which instructed me to use lsof via this command:
# losof -p 5485
Oh… I don’t have root. lsof really seems to want a person to be root before it shows much info.
I found another way, thx to Dennis Williamson over at superuser.com and this works w/o root access:
$ ps -o ppid= -p 5485 1
So, the ppid of 5485 is 1.
trfflhntr 
One thought on “Get a ppid without having root”