Finding runtime information on a specific process ID
If you know the process ID number (PID) of a specific process, and want to know more about it (who called it, where it's running, what files it's accessing, etc..), then you can check the proc folder.
For example, if the PID number is 1234, type:
which will show a lot of data. The usual things to check are:
which is a link pointing to the current working directory. This is usually where the program was started from, but can be changed by the program, so cannot always be trusted.
will be a link pointing to the binary that is running.
The contents of the status file will hold a human readable list of information. The important part will usually be the Uid
field, as that number is what the process is running as (roughly the same as "ps aux | grep 1234
This directory will list all open file descriptors, which are files that the process is accessing. This can be handy to find out what it's doing, if anything locally.