pcred - Man Page

pcred [-a] [pid | core]...

Print the credentials (effective, real, saved, and filesystem UIDs and GIDs) of each process or process core file. By default, if the effective, real, saved-set, and filesystem user (group) IDs are identical, they are printed in condensed form as e/r/s/fsuid (e/r/s/fsgid); otherwise they are printed individually. Supplementary groups are also displayed.

-a,  --all

Report all credential information separately. By default, if the effective, real, saved-set, and filesystem user (group) IDs are identical, they are reported in condensed form.

pid

Process ID list. A /proc/pid path may also be used, allowing shell expansions like /proc/* to target all processes on the system.

core

Process core file, as produced by systemd-coredump(8), or an Ubuntu/Debian apport .crash file. For systemd core files, the file does not need to exist on disk; if it has been removed, the corresponding systemd journal entry will be used instead. See Notes below.

0 on success, non-zero if an error occurs (such as no such process, permission denied, or invalid option).

/proc/pid/*

Process information and control files.

When a core file has been removed by systemd-tmpfiles(8) or by storage limits configured in coredump.conf(5), the systemd-coredump(8) journal entry for the crash may still be available. In this case, the path to the deleted core file can be passed as the core operand even though the file no longer exists on disk, and process metadata will be retrieved from the journal entry instead. Use coredumpctl(1) to obtain the path of a missing core file, e.g., coredumpctl list <name> -F COREDUMP_FILENAME.

Ubuntu/Debian apport .crash files are also supported. These files use Debian control syntax with base64-encoded gzip core dumps. Text fields (such as ProcCmdline, ProcEnviron, and ExecutablePath) are mapped to COREDUMP_* fields, and the core dump is extracted on first access.

pfiles(1), coredumpctl(1), proc(5), credentials(7)