System Administration
Showing results for 
Search instead for 
Did you mean: 

process for dev/ptym/ptyp1 /dev/ptym/ptyp2 /dev/ptym/ptyp3

Go to solution

process for dev/ptym/ptyp1 /dev/ptym/ptyp2 /dev/ptym/ptyp3

Hi HP Expert,

Last weeks, im getting weird process running in the HPUX 11.11 server which causing / filesystem 100%. The process are as below and there is so many process related to it as well.

# ps -efl |grep -i 3090
1 S root 14898 3090 0 156 20 4a5a0a40 23 40600161 13:07:02 ? 0:00 grep 7751386B /dev/ptym/ptyp1 /dev/ptym/ptyp2 /dev/ptym/ptyp3 /
1 S root 3090 1 0 158 20 488fa880 20 477c5040 Mar 27 ? 0:00 xargs grep 7751386B
1 S root 14954 12800 1 154 20 4fc43980 23 4378936e 13:08:12 pts/te 0:00 grep -i 3090

Can you guys tell me what actually this process for? Im just have basic knowledge in hpux.

Valued Contributor

Re: process for dev/ptym/ptyp1 /dev/ptym/ptyp2 /dev/ptym/ptyp3

Hi ,

do a patch analysis for this server , can you post the kind of big files on the fs being filled up /mount_point;find . -xdev -size +100000000c -exec ll {} \;

regards ,

Re: process for dev/ptym/ptyp1 /dev/ptym/ptyp2 /dev/ptym/ptyp3

Hi Deafrog,

There was no big files. The reason why / fileystem 100% is because that process was running there and hold that filesystem. I even check 1 by 1 and could not found big files. But when i run lsof /dev/vg00/lvol3 (root filesystem), then i saw the process is holding / filesystem with big size.

Im not sure what is this /dev/ptym/ptyp1 /dev/ptym/ptyp2 /dev/ptym/ptyp3 and why its running and filling up / filesystem

Re: process for dev/ptym/ptyp1 /dev/ptym/ptyp2 /dev/ptym/ptyp3

>/dev/ptym/ptyp1 /dev/ptym/ptyp2

These are pseudo-terminals, they shouldn't take up any space.

>ps -efl | grep -i 3090

To get the whole process tree:
UNIX95=EXTENDED_PS ps -H -flu root

It appears someone is grepping for 7751386B in all of the pseudo-terminals?

>root 3090 1 Mar 27 ? 0:00 xargs grep 7751386B

Either this xargs was put into the background or someone killed its parent.

>when I run lsof /dev/vg00/lvol3, then I saw the process is holding / with big size.

What process was that? What file was open? Did you remove any big files recently?

Re: process for dev/ptym/ptyp1 /dev/ptym/ptyp2 /dev/ptym/ptyp3

If the parent was trying to do a find then grep, you should use "-type f" so you don't try to grep device files and directories.
Bill Hassell
Honored Contributor

Re: process for dev/ptym/ptyp1 /dev/ptym/ptyp2 /dev/ptym/ptyp3

> could not found big files.

This is the most common mistake in tracking down a problem with disk space. Don't look for big files! You probably have one or more directories hundreds (maybe thousands?) of small files. Use this command to find the biggest directories:

du -kx / | sort -rn | head -10

The two largest directories must be /etc and /sbin. If /dev is in the list, someone (as root) has created a bunch of junk files in /dev. Use this command to find them (there should be nothing found):

find /dev -type f

If you find some directory like /test or /junk that is as large or larger than /sbin or /etc, that is the problem. Nothing gets stored in the / directory. You may find that there are dozens of junk files in /. This is probably caused by having root's $HOME directory still in / (a very bad idea). The / directory should have nothing but directories and mountpoints.

> ps -efl |grep -i 3090

Also a very common mistake. If you are looking for PID 3090, never use grep. Use the -p option in grep (hint: man grep):

grep -fp 3090

Otherwise, you will match anything on the command line including 13090 as well as 30903..

The 3 processes are xargs (owned by init PPID=1), grep 7751386B (PID=3090) and grep 3090 (PID=14954). Apparently xargs was part of some other task which may have been killed improperly (hint: kill -9) and the result is xargs lost its parent and was assigned to init.

These are all owned by root so you need to find all the users that know the root password and ask them what they are trying to do.

Bill Hassell, sysadmin

Re: process for dev/ptym/ptyp1 /dev/ptym/ptyp2 /dev/ptym/ptyp3

>Bill: > ps -efl | grep 3090
>If you are looking for PID 3090, never use grep. Use the -p option in grep

The advantage of "grep -w" is that it will find both the PID and the PPID being 3090.
I.e. the whole purpose is visual inspection of the results, not scripting.

Re: process for dev/ptym/ptyp1 /dev/ptym/ptyp2 /dev/ptym/ptyp3

Thanks all for you sugesstion and idea, This clear my doubt