Shashikant shah

Sunday, 4 November 2012

LSOF (List Open File)


It is a command line utility which is used to list the information about the files that are opened by various processes. In linux, everything is a file, ( pipes, sockets, directories, devices, etc.). So by using lsof, you can get the information about any opened files.

COMMAND - process name.

PID - process ID

USER - Username

FD – Represents the file descriptor

  1. cwd – Current Working Directory
  2. txt – Text file
  3. mem – Memory mapped file
  4. mmap – Memory mapped device
  5. NUMBER – Represent the actual file descriptor. The character after the number i.e ’1u’, represents the mode in which the file is opened. r for read, w for write, u for read and write
TYPE – Specifies the type of the file.
  1. REG – Regular File
  2. DIR – Directory
  3. FIFO – First In First Out
  4. CHR – Character special file
DEVICE - device number

SIZE - file size

NODE - node number

NAME - full path of the name

  1. /proc/PID/cmdline : process arguments
  2. /proc/PID/cwd : process current working directory (symlink)
  3. /proc/PID/exe : path to actual process executable file (symlink)
  4. /proc/PID/environ : environment used by process
  5. /proc/PID/root : the root path as seen by the process. For most processes this will be a link to / unless the process is running in a chroot jail.
  6. /proc/PID/status : basic information about a process including its run state and memory usage.
  7. /proc/PID/task : hard links to any tasks that have been started by this (the parent) process.


Install lsof service.

Yum install lsof*

1.List processes which opened a specific file

# lsof /var/log/syslog


2.List opened files under a directory

# lsof +D /var/log/

3.List opened files based on process names starting with

# lsof -c ssh -c init

4.List processes using a mount point

# lsof /home

5.List files opened by a specific user

# lsof -u username

6.Sometimes you may want to list files opened by all users, expect some 1 or 2. In that case you can use the ‘^’ to exclude only the particular user as follows

# lsof -u ^username

7.List all open files by a specific process

# lsof -p PID

8.List all the users who are using a particular file

# lsof /bin/vi

9.Lists all processes that use the bash shell

# lsof /bin/bash

10.Lists all opened files that are not opened by the given user

# lsof -u ^user

11.Process list a la ps aux

# lsof -d txt

12.Lists all deleted files,that are still opened and use up disk space(files with less than one link)
# lsof +L1

Finding Network Connection


1.List all network connections (You can also use ‘-i4′ or ‘-i6′ to list only)

# lsof -i

2.List all network files in use by a specific process

# lsof -i -a -p 234
OR
# lsof -i -a -c ssh

3.List processes which are listening on a particular port

# lsof -i :25

4.List all TCP or UDP connections

# lsof -i tcp; lsof -i udp;

5.List all Network File System ( NFS ) files

# lsof -N -u username -a

6.Lists all network files opened by the user www-data (boolean and with -a)

# lsof -a -i -u www-data

7.Lists all active connections

# lsof -i|grep '\->'





No comments:

Post a Comment