Linux list files of user

7 Examples of lsof command in Linux

I guess at some point in time you have wondered if there is a way to show opened files by a process or a user. The good thing is that the answer to that question is lsof command.

You probably already know that ls command is short for ‘list’. lsof stands for ‘List Open Files’. And that’s exactly what it does, listing open files by processes, users, and process IDs.

Let me show you some of the most common usages of the lsof command.

lsof command examples

If you use lsof command without any options and arguments, it will list all opened files by all the processes in the system.

The output should be like this:

COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root cwd DIR 252,1 4096 2 / systemd 1 root rtd DIR 252,1 4096 2 / systemd 1 root txt REG 252,1 1595792 17384 /lib/systemd/systemd systemd 1 root mem REG 252,1 1700792 2077 /lib/x86_64-linux-gnu/libm-2.27.so

The output is mostly self-explanatory but you may still wonder about FD and TYPE columns.

FD means file descriptor. Some of the common values for FD are:

• cwd – Current Working Directory
• txt – Text files
• mem – Memory mapped file
• mmap – Memory mapped device
• NUMBER – The actual file descriptor. It also has information about which file permission it is opened in.

TYPE is a no-brainer. It specifies the file type. Here are some examples:

• REG – Regular file
• DIR – Directory
• CHR – Character special file
• FIFO – First In First Out

Trust me. You wouldn’t want to run the lsof command without any arguments.

Why do I say this? Because it will start flooding your screen with thousands of results.

If I run the lsof command on an Ubuntu server and count the number of lines with wc command, here’s the result.

Yes! That’s right. There are over eleven thousand files opened by various processes in the system.

Don’t worry. lsof command is very helpful in debugging because you can see what processes open what files and which file is opened by which process.

If you are not logged in as root, the output of lsof command would be very limited. It is a good idea to use sudo if you are logged in as a non-root user.

1. List all the processes that have opened a certain file

This is simple. You just need to specify the path to the file.

2. List all the files opened by user

This comes handy in a multi-user environment. You can list all the files opened by a certain user in the following manner:

You can also specify more than one user like this:

3. List all opened files in a directory

If you are wondering which of the files have been opened in a certain directory, you can use lsof command with +D option.

The search is recursive. So it will list all the opened files in the mentioned directory and all of its sub-directories.

4. List all opened files by a process

You need to know the process id (pid) in this case. If you know the process id, you can use the -p option of the lsof command to find the files opened by it.

You can specify multiple process ids as well.

5. List all files opened by a command

This is specially helpful in debugging. Suppose you want to see what files are used by http daemon, you just need to specify the command name (httpd in our example).

6. Find files opened by a user and a command or a process

You can combine options like user and command and a process using the –a option. Think of it as the AND operator. This gives you an additional filter while trying to narrow down on your search.

lsof -a -u user_name -c command_name

7. List network connections and ports with lsof command

You can file all kinds of open ports with the -i option:

The output may look like this:

lsof -i COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 920 root 3u IPv4 20507 0t0 TCP *:ssh (LISTEN) sshd 920 root 4u IPv6 20535 0t0 TCP *:ssh (LISTEN) docker-pr 1163 root 4u IPv6 21687 0t0 TCP *:https (LISTEN) docker-pr 1175 root 4u IPv6 21717 0t0 TCP *:http (LISTEN) sshd 7528 root 3u IPv4 39506588 0t0 TCP testing:ssh->212.91.91.19:58904 (ESTABLISHED) systemd-r 10993 systemd-resolve 12u IPv4 20901990 0t0 UDP localhost:domain systemd-r 10993 systemd-resolve 13u IPv4 20901991 0t0 TCP localhost:domain (LISTEN)

You can also specify the network connection type. For example, to list all the opened TCP ports, you can use:

To find which process is using a specific port, you can provide the port number:

Bonus Tip: Using the negation operator with lsof

You can use the negation operator to exclude a user or process while using lsof command.

For example, if you want to list all the files opened by a user other than root, use it in this manner:

lsof command becomes even more useful when you use it with the grep command.

I hope you learned something new from this article. If you have questions or suggestions, please leave a comment below.

Источник

list of file owners in folder on linux

I have a folder with many files. The files have been created by many different users. I do not know about shell scripting. I need to get the list of the username (only) of the owners of the files. I may save the output of ls -l and then parse it using perl python etc. But how can i do this using shell scripting?

3 Answers 3

ls -l /some/dir/some/where | awk '' | sort | uniq 

which gets you a unique and sorted list of owners.

@DanielKamilKozar Perhaps it’s not odd, but if you allow whitespace in your system’s filenames, then there are bigger problems at hand.

to go through the directory recursively, add the R switch to the ls command: ls -lR /some/dir/some/where | awk ‘‘ | sort | uniq .

People, people — this is what the find command is meant for. Try something like this: find /some/dir/some/where -execdir stat -c «%U» <> + | sort | uniq .

The two solutions so far are good, but have their limitations.

This should guarantee you properly and recursively search every file in a directory tree.

sudo find /some/dir/ -exec stat -c "%U" <> + | sort | uniq 

In other words, recursively search for files in /some/dir , and execute stat -c «%U» (print username) on the files, in as few invocations of stat as possible ( -exec <> + syntax), then of course sort the list of usernames, and in turn cull them to just the uniq ue set of usernames.

To limit the search to just regular files, then add the -type f clause:

sudo find /some/dir/ -type f -exec stat -c "%U" <> + | sort | uniq _______ 

Источник

List files and directories that a user has permission to

How can one list the content of a directory but only show directories and files that a user has Read access to? I have worked out this but it only lists files owned:

find /dir/to/search -user johnsmith1 -ls 

I was thinking a possible alternative was to «sudo su johnsmith1» and then ls or find but I am not sure if that is possible either.

3 Answers 3

List directories & files that a user ( ubuntu in the examples) has read permissions to:

find -exec sudo -u ubuntu test -r '<>' \; -print 

List directories & files that a user has write permissions to:

find -exec sudo -u ubuntu test -w '<>' \; -print 

List directories & files that a user has execute permissions to:

find -exec sudo -u ubuntu test -x '<>' \; -print 

List directories & files that a user has read, write & execute permissions to:

find -exec sudo -u ubuntu test -rwx '<>' \; -print 

find -maxdepth 1 \( -type d -or -type f \) \( \( -user johnsmith1 -perm /u=r \) -o \( -group johnsmith1 -perm /g=r \) -o -perm /o=r \) -ls 

This will miss the case where a file is readable as a result of the user’s secondary group memberships, I think?

You could do this by piping the output of ls into grep so if you only wanted to review directories or files which you have read permission only you could use this command

if you wanted to review directories or files which you have read, write, and execution permissions you could use this command

if you wanted to review directories or files which you have read, and maybe other permissions you could use this command

I don’t think parsing ls output is a good approach — at the least you would need to anchor the matches to the start of the pattern. Your last expression in particular appears to confuse shell globs and regex — it will match the strings -r , ,r and dr (you probably meant [d-] not [d,-] ) anywhere — including the user, group and filename. Also get into the habit of quoting patterns when they contain shell special characters such as * — otherwise you will get unexpected results when they happen to match filenames.

No that is precisely the match I wanted, dr* is for directories with read permision. -r * is for files with read permision. The brackets ensure that only strings starting with «-r» and «dr» will be matched. This will only provide secondary matches with filenames if those files include the required permissions because I’m piping from ls -l despite your unsubstantiated opinion about the approach. if you can demonstrate your claim ill be very surprised.

Источник