The reason that some versions of ps, and thus derivatives such as w, sometimes print commands in parentheses [one of our UNIX systems uses square brackets-JP ]:
%ps -f -u jerry
UID PID PPID C STIME TTY TIME COMMAND jerry 29240 29235 0 07:56:19 ttyp1 0:01 sh find_mh_dupes jerry 29259 29240 23 07:57:52 ttyp1 0:07 (egrep)
is that whoever wrote ps liked it that way. The parentheses indicate that the command overwrote its name, or that ps could not find the name, and that ps is printing instead the "accounting name." (The accounting name is the last component of the name given to the exec (38.2) system call, and is the name used in the system resource usage accounting file.) Basically, ps does this [in the C language-JP ]:
if (proc->argv == NULL || strcmp(proc->acct_name, proc->argv[0]) != 0) printf("(%s)", proc->acct_name);
In the case of a large environment, ps is unable to find the argument vector. This is because it reads only the last few stack pages of each process.
Other versions of ps use completely different mechanisms for locating the command arguments and may never print parentheses.
- in net.unix-wizards on Usenet, 13 November 1983