lsof is a tool for locating open files. What makes this especially useful is that in Linux, everything is treated as a file: pipes, directories, devices, inodes, sockets and so on.
lsof (no options) will list all files opened by any processes currently running. To restrict this to processes owned by username, use lsof -u username. Here's some sample output:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2354 nobs mem REG 254,0 14880 105723 /lib/libcap.so.1.10
sshd 2354 nobs DEL REG 0,8 127123574 /dev/zero
bash 2363 nobs cwd DIR 254,4 20480 7274497 /home/nobs
bash 2363 nobs txt REG 254,0 769368 4126 /bin/bash
bash 2363 nobs mem REG 254,0 97928 105698 /lib/ld-2.3.6.so
The FD column shows file descriptor information, or identifies other types of file. Here, cwd indicates the current working directory, and txt indicates program text. The TYPE column has filetype info (REG indicates a regular file). The NODE column may be useful if you're trying to recover a deleted file. See the man page for a full explanation of the output.
lsof filename shows which processes have files of this name open. lsof +D /directory will show processes which have files in this directory open. You can use this if you're trying to unmount a filesystem but getting an 'in use' error, to find the processes using files on that File System, and kill them as required.
lsof -c processname will show all processes beginning with processname that have files open; lsof +p PID does the same thing for a process ID. Using lsof -i will get you information about IP sockets. Check out the man page for more detail and for the many other available options. lsof is really a cool one to play around.
Cheers
Nobs
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment