why is pid number so large and what is running `file` command?

I've got Ubuntu 20.04.2 on good hardware with Mate and all updated packages.

The process identifiers (pid's) are in the 800,000's after only 7 days of uptime.

how do I determine which process is launching so frequently to cause PIDs to get so large?

The output of dump-acct indicates thousands of occurrences of file and occasionally ping commands.

What's going on and how can I figure out what's launching so many processes?

What system process needs to run file and why?

the open source system monitor glances executes the /usr/bin/file command every N seconds for it's update. that was the source of thousands of file occurrences in the system accounting log.

this was verified quite clearly by running glances for 4 update cycles and verifying with the resulting output from dump-acct /var/log/account/pacct

with this explanation, there was likely no nefarious source of all those file entries.

this issue has caused me to monitor process number increase rate. this is a simple bash script to monitor pid rate:

loop_cnt=0
loop_cnt_max=10000
sleep_time=60 #5 # (seconds)

ppl=2  # ppl--> processes per loop from this script; remove this many new processes in the rate estimate

pid_cnt=`sysctl -n kernel.ns_last_pid`
let pid_cnt=$pid_cnt-1 # 1st loop only

while [ "$loop_cnt" -le "$loop_cnt_max" ];
 do
     pid_cnt_last=$pid_cnt
     pid_cnt=`sysctl -n kernel.ns_last_pid`
     let delta_pid=($pid_cnt - $pid_cnt_last - $ppl) # get pid delta over the last loop interval
     let pid_rate=$delta_pid/$sleep_time
     pid_rate=`bc <<< "scale=2; $delta_pid/$sleep_time"` # floating point arithmetic
     echo 'pid_cnt=' $pid_cnt ', an increase of' $delta_pid,' over the last' $sleep_time, ' seconds,  pid_rate=' $pid_rate '(pid/s),    cnt = ' $loop_cnt ', and cnt_max = ' $loop_cnt_max
     let loop_cnt=loop_cnt+1
     
     sleep $sleep_time
done