Linux lsof by pid

18 Quick lsof Command Examples for Linux Geeks

When it comes to analyzing and troubleshooting processes in Linux, the “lsof” command is a versatile and essential tool in every sysadmin’s toolkit. Short for “list open files,” lsof provides detailed information about files opened by processes, network connections, and much more.

In this blog post, we will explore 18 useful lsof command examples to gain valuable insights into system activities and solve common issues.

Where to use lsof?

lsof command is mainly used to retrieve information about files that are opened by various processes. Open files in a system can be disk files, network sockets, named pipes and devices. This distinctive feature of lsof command, enables one to debug and understand Linux operating System in a better way.

How to Install lsof?

Whenever we do the minimal installation of RHEL /CentOS / AlmaLinux / Ubuntu/ OpenSUSE , lsof is not the part of default installation, so use the following command to install lsof command.

For RHEL / CentOS / AlmaLinux / Fedora,

$ sudo yum install lsof -y or $ sudo dnf install lsof -y

Debian Based Systems (Ubuntu / Linux Mint),

The command “lsof” comes equipped with many options and switches. It will be very interesting to explore some of these important ones. Let’s deep dive into the examples of lsof comamnd.

1) List All Open Files

Running lsof command without any options will list all open files of your system that belongs to all active process.

Just typing ‘lsof’ command without any options at command line gives the following output,

Note:- Since lsof output gives lot of information to STDOUT, it will be better to use pipe “|” operation to see this output page by page.

lsof-Command-with-pagewise

The above command output if you examine carefully provides lot of information with many parameters. For example, process “systemd” (which is a daemon process) has Process Id ( PID) of “1”, User is “root” , File Descriptor (FD) as “cwd” and etc.

The FD comes-up with many values, as one is aware that File Descriptor is generated for any open files automatically in Linux Systems. Below are some of the well-known “ FD” values used for lsof commands,

Читайте также:  Linux new disk partition

Process-parameter-lsof-command

Note: In some cases, the “mem” is followed by number and various characters like “r”, “u”, “w” etc. These characters are “r” for read, “w” for write, “u” for read and write.

Finally, the “ TYPE ” in the command output indicates type of the file. The following are the standard types of files in Linux systems.

File-type-linux-lsof-command

The other fields that are displayed along with this are as follows,

  • DEVICE –> Device id
  • SIZE/OFF –> Actual size of this process (taken during run time)
  • NODE –> Typically inode number of the directory or parent directory
  • NAME –> Path or link

2) List Open Files of Particular File System

As you are aware the “ /proc” will be existing only during the life time of the Linux OS, this directory contains lot of important process related information. Executing “lsof” on /proc will throw interesting output for us to explor,

lsof-slash-proc-file-system

As mentioned earlier, “lsof” of “lsof” itself is captured here and all the details are displayed. Other than “lsof” there are other processes like systemd and rsyslogd which are daemons used for swap, mounting etc purposes.

Similarly, we can list open files of another file system like /var/log,

Identify Processes Holding Deleted Files

lsof command become very handy in a situation where df and du command shows different disk usage of same file system, using lsof command we can find processes still holding deleted files in memory

# lsof /var/log | grep -i "deleted"

This displays files marked as “deleted” but still in use. So, to release the space from file system we can safely kill those processes by its pid.

3) List Open Files by File System Type

To display open files based on their file system type, employ:

Replace with the desired file system type, such as “nfs” or “tmpfs.”

4) List Open Files by a Specific User

To see all files currently opened by a specific user, use the following command:

Replace with the actual username.

List all open files for root user

List-of-open-files-root-user

List of open files for non-root users, let’s see all open files for linuxtechi user,

# lsof -u linuxtechi | more Or # lsof -l -u linuxtechi | more

list-openfiles-user-linux

To List all open files except root user, use ^(caret symbol) in front of root user ( lsof -u ^root),

list-openfiles-other-than-root-user

5) List all Open Internet and UNIX Domain Files

Use “-i -U” option in lsof command to list all open internet and UNIX domain files on your system, example is shown below,

list-open-file-unix-type

6) List All Open IPv4 Network Files

Use “-i -4” option in lsof command to list all open network connections for IPv4,

View-IPv4-Network-files-lsof

To list all open IPv4 network files used by a specific process whose process id “any_number”, examples is shown below

Let’s assume we want to list all IPv4 network files for rpcbind process

# lsof -i 4 -a -p 1633 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rpcbind 1633 rpc 4u IPv4 16576 0t0 TCP *:sunrpc (LISTEN) rpcbind 1633 rpc 5u IPv4 16577 0t0 UDP *:sunrpc rpcbind 1633 rpc 10u IPv4 16649 0t0 UDP *:960 #

7) List all Open Network Files for IPv6

Assuming ipv6 domain is supported, then open network files can be listed using ‘-i 6’ option.

Читайте также:  How to get arch in linux

IPV6-Network-Open-Files-lsof

8) Find Processes Running on a Specific Port:

To list all tcp and udp process running on a specific port, use the following syntax,

Let’s assume we want to list all the TCP process running on 80 port, use the below command

To list all open files on TCP port from port range (1 to 1048), use the following command

View-Open-Files-TCP-Port-Range

To List all UDP process running on a specific port use the beneath command

# lsof -i UDP:16498 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dhclient 2494 root 21u IPv6 20952 0t0 UDP *:16498 #

Note: To list all open UDP process on your linux system then use the command “lsof -i UDP”

9) View All Open Files for Specific Device

The following command can be used to list all open files on device

Note: In this case the device type is virtual, in general this can be of type /dev/hd/ sd

lsof-device-linux

10) List Open Files by File Descriptor

To obtain a list of open files by their file descriptors, use the command.

Replace with the desired file descriptor number.

The following command is used for all open files on terminal

# lsof /dev/tty1 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME bash 2442 root 0u CHR 4,1 0t0 4689 /dev/tty1 bash 2442 root 1u CHR 4,1 0t0 4689 /dev/tty1 bash 2442 root 2u CHR 4,1 0t0 4689 /dev/tty1 bash 2442 root 255u CHR 4,1 0t0 4689 /dev/tty1 #

To view files opened by a specific type, such as regular files or directories, use the following syntax:

Replace with the desired file type (e.g., REG, DIR).

12) Show Open Files Associated to Specific Program

To find all files opened by a particular program, use the command:

Replace with the name of the program.

Let’s assume we want to list all open files which are associated httpd,

Open-Files-of-Httpd-Process

To show files opened by a specific IP address, run:

Replace with the desired IP address.

13) List All Network Connections (lsof -i)

Use “-i” option in lsof command to list all network related process or commands, example is shown below,

List-All-Network-Connections-lsof

14) View IPv4 /IPv6 Socket Files

To find the IPv4 socket file use the below command, replace IP address with your system IP

IPv4-Socket-Connections-lsof

To find an IP version 6 socket file by an associated numeric colon-form address that has a run of zeroes in it – e.g., the loop-back address(127.0.0.1), use below command and options:

# lsof -i@[::1] COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME master 2433 root 14u IPv6 21027 0t0 TCP localhost:smtp (LISTEN) #

15) List All Processes that Belong to a Process ID

Using command ‘lsof -p ’, we can show all the process that belong to pid.

Let’s assume we want to list all process or commands that belongs to a specific process id (1598), Example is shown below

Читайте также:  Настройка ethernet в линукс

List-Processes-for-PID-lsof

16) Kill All User’s Processes

lsof command become very handy where we want to kill all the process that belongs to a specific user, below example will kill all process that belongs to linuxtechi user,

# kill -9 `lsof -t -u linuxtechi`

17) Show Open Files for a Directory

To see all files opened under a specific directory, use the following command:

Let’s assume we want list all open files under /var/log directory, run

View-Open-Files-Under-Directory-lsof

Note: In above command if we use +D option then lsof will list all open files of a directory recursively and if you don’t want to list open files of directory recursively then use “+d” option

18) lsof to Check Who Opened Log File (to find PID)

The following command option is used to find who opened the /var/log/httpd/access.log file and what is the PID of that process. And then with “ps -ef” command we can find exact user

# lsof -t /var/log/httpd/access_log 3109 3110 3111 3112 3113 3114 # # ps -ef | grep -E "3109|3110|3111|3112|3113|3114" | grep -v grep or # ps -fp "$(lsof -t /var/log/httpd/access_log | xargs echo)" root 3109 1 0 03:36 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 3110 3109 0 03:36 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 3111 3109 0 03:36 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 3112 3109 0 03:36 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 3113 3109 0 03:36 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 3114 3109 0 03:36 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND #

Many options of the lsof command can be combined for multiple purposes as below are some combination of flags “-c”, “-u” and “-I”. For more details refer the manual page.

The below command combination will give output every 1 second about “linuxtechi” home directory what all the files opened repeatedly.

# lsof -u linuxtechi -c init -a -r1 ======= COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME inita.sh 2971 linuxtechi cwd DIR 8,1 4096 393218 /home/linuxtechi inita.sh 2971 linuxtechi rtd DIR 8,1 4096 2 / inita.sh 2971 linuxtechi txt REG 8,1 83344 524367 /bin/dash inita.sh 2971 linuxtechi mem REG 8,1 1434567 1443695 ~/libc-2.13.so ……………………………………………………………………………

Conclusion:

The lsof command is a powerful utility that allows you to gain deep insights into file and network-related activities in a Linux system. By using the 18 unique examples outlined in this blog post, you can effectively monitor processes, identify resource bottlenecks, and troubleshoot issues related to open files and network connections. Mastering lsof will undoubtedly enhance your system administration skills and make you a more efficient Linux professional.

3 thoughts on “18 Quick lsof Command Examples for Linux Geeks”

Example 3 isn’t throwing an error because you’re calling it on itself, it’s throwing an error because you’re calling it on a non-existent file. Type any garbage file name there and you’ll get the same result. lsof /usr/bin/lsof works just fine. Reply

Nice article. Although example #18 could be better written with the PIDs passed through a sub-command: # ps -fp “$(lsof -t /var/log/httpd/access_log | xargs echo)” instead of having to grep all pids, and then yet another one to exclude the first grep Reply

Источник

Оцените статью
Adblock
detector