Top is showing some process are running as system user( For example httpd is running as nobody ,...like so) i want to know 1 thing is it possible to identify which user is running this process or from which user home directory this process is executing.(Like phpsuexec or Suphp is doing in the case of php).Or any other tradional ways.

yes, that process is being run by "nobody", its a actual user, usually with its home directory /dev/null

look at /etc/passwd .. it contains a list of all users, and there home directory's

Not getting u man , iam not talking about not only nobody user , like wise lot of processes are running as system user's , i want to know which user in my system is running this particular process in a particular time.

Any suggestions.....

So are you wanting to know when a user executes a process? Or are you wanting to see which user is running a current process and where it's executed from?

For the latter, us ps-ef. It will show you the user running the process, the process running, and where it's being executed from and with what options.

Thanks i can try this....I want to see to see which user is running a current process and where it's executed from.....

nobody 28597 1982 0 05:35 ? 00:00:02 /usr/local/apache/bin/httpd -DSSL
nobody 28601 1982 0 05:35 ? 00:00:01 /usr/local/apache/bin/httpd -DSSL
nobody 28602 1982 0 05:35 ? 00:00:02 /usr/local/apache/bin/httpd -DSSL
nobody 28604 1982 0 05:35 ? 00:00:01 /usr/local/apache/bin/httpd -DSSL
nobody 28605 1982 0 05:35 ? 00:00:02 /usr/local/apache/bin/httpd -DSSL
nobody 28614 1982 0 05:35 ? 00:00:03 /usr/local/apache/bin/httpd -DSSL
nobody 28618 1982 0 05:35 ? 00:00:03 /usr/local/apache/bin/httpd -DSSL
nobody 28619 1982 0 05:35 ? 00:00:02 /usr/local/apache/bin/httpd -DSSL
nobody 28620 1982 0 05:35 ? 00:00:03 /usr/local/apache/bin/httpd -DSSL
nobody 28621 1982 0 05:35 ? 00:00:03 /usr/local/apache/bin/httpd -DSSL


Ok that ps-ex is executed but that is not the answer of my Question.

Look at this output of ps -ex , lot of users running apache here, how can i know which user is usiers are running apache now.

Removed text

That i know "nobody" is the user but that 1 is a system user, but i want to from which user is executing this appache(Don't say nobody is the user ,i want to know from which user in my server is executing apache now, or from which user directory in /home)

Any other suggestions

Well, you already know which user is executing httpd process. There is no user in /home that is running this process.

I can see why other people are somewhat confused at your question because I am in the same boat.

If you read this, can you see why we are somewhat puzzled at your question? If user 'nobody' has started this process, what makes you think a different user has executed this? That is why we are puzzled at your question.

OR do you mean who is apache serving these requests to?

-twantrd

that user "nobody"is default apache user ( in cpanel server) .But in a particular time lot of clients executing apache from their home directory.I wnat to know which client is executing my webserver process now(not only webserver all process)(That i said eairly if u view phpsuexec logs ucan eaisly know which user is running php pages now like wise is it possible to know which client is running a particular process).


Or
is there any mechanisam to which client is taking more server resources,Yesterday 1 of my server shows very high load,when i check it there is one perl script is running as "nobody" user , but iam not able to find which user is running this perl scripts,because n number of perl scripts are in our server......

Ok, I think I understand what you mean now after taking a look at what phpsuexec is.

Phpsuexec just changes owners and groups to have certain rwx permissions so that only "trusted" users/groups
will modify/execute it and not everyone can abuse it. This is not relevant for html pages. This is relevant for
php pages because php files are not readible but are parsed.

Read more about phpsuexec and see what they do. Then you'll understand. Therefore, to answer you....your question
doesn't apply to apache.


-twantrd