How to View/Inspect Environment Variables of a Running Process in Unix/Linux


4 views

When debugging applications on Unix/Linux systems, we often need to inspect the exact environment variables being used by a running process. Unlike Windows where GUI tools like ProcessExplorer provide this functionality, Unix requires command-line approaches.

The most reliable method on modern Linux systems is through the /proc pseudo-filesystem:

cat /proc/[PID]/environ | tr '\0' '\n'

Example for process ID 1234:

cat /proc/1234/environ | tr '\0' '\n'

This converts null-separated entries to newline-separated for readability.

For a quick glimpse of the environment size:

ps ewww -p [PID]

Example:

ps ewww -p 1234

For processes where the above methods don't work (like some daemons):

gdb -p [PID]
(gdb) call (void)putenv("DUMMY=dummy")
(gdb) call (char**)environ
(gdb) detach
(gdb) quit

Note: This method should be used cautiously on production systems.

To view environment variables stored in process memory:

pmap [PID] | grep -A 10 environ

Let's say we're troubleshooting an Nginx configuration issue:

# Find Nginx worker process
ps aux | grep nginx

# View environment of first worker process
cat /proc/$(pgrep -f "nginx: worker" | head -1)/environ | tr '\0' '\n'
  • Some processes may modify their environment after startup
  • Environment variables might be inherited from parent processes
  • Security restrictions may prevent accessing certain process environments

For more advanced inspection, consider these utilities:

  • lsof -p [PID] - shows open files including environment
  • strace -f -e trace=execve -p [PID] - traces environment changes

When debugging applications on Unix/Linux systems, examining the environment variables of a running process is often crucial. Unlike Windows where tools like ProcessExplorer provide GUI access, Unix requires command-line approaches.

Here are the most effective ways to inspect environment variables for active processes:

1. Using /proc Filesystem

The /proc/[pid]/environ file contains the process's environment variables in null-delimited format:


# For process ID 1234:
cat /proc/1234/environ | tr '\0' '\n'

2. With ps Command

Combine ps with strings to extract variables:


ps eww -p 1234 -o command | tr ' ' '\n' | grep '='

3. Using gdb Debugger

For processes you have permission to attach to:


gdb -p 1234
(gdb) call putenv("DUMMY=1")  # Optional: test variable injection
(gdb) call (void)system("printenv")
(gdb) detach

Case: Apache Web Server

To check environment variables for Apache worker processes:


# Find Apache worker PIDs
pgrep -P $(cat /var/run/apache2/apache2.pid) | \
xargs -I{} sh -c 'echo "PID {}:"; cat /proc/{}/environ | tr "\0" "\n"'

Case: Docker Containers

For processes inside containers:


docker exec -it container_name bash -c 'cat /proc/1/environ | tr "\0" "\n"'

Monitoring Changes

Use watch to track variable changes:


watch -n 1 'cat /proc/1234/environ | tr "\0" "\n" | grep PATH'

Security Considerations

Remember that:

  • Reading /proc files requires appropriate permissions
  • Some variables may contain sensitive data (passwords, API keys)
  • Attaching debuggers to production processes can cause instability

For more user-friendly inspection:


# Install lsof if needed
sudo apt install lsof

# View environment of process using lsof
lsof -p 1234 -a -e /proc/1234/environ