Jump to Navigation

279 - Monitor Open File

It is easy to remember lsof command if you think of it as “ls + of”, where ls stands for list, and of stands for open files.
It is a command line utility which is used to list the information about the files that are opened by various processes. In unix, everything is a file,
( pipes, sockets, directories, devices, etc.). So by using lsof, you can get the information about any opened files.

Simply typing lsof will provide a list of all open files belonging to all active processes.

# lsof

COMMAND     PID      USER   FD      TYPE             DEVICE SIZE/OFF       NODE NAME
init          1      root  cwd       DIR              253,0     4096          2 /
init          1      root  rtd       DIR              253,0     4096          2 /
init          1      root  txt       REG              253,0    43496   52527309 /sbin/init
init          1      root  mem       REG              253,0   144776   59899935

By default One file per line is displayed. Most of the columns are self explanatory.
We will explain the details about couple of cryptic columns (FD and TYPE).

*** FD - Represents the file descriptor. Some of the values of FDs are :

    cwd - Current Working Directory
    txt - Text file
    mem - Memory mapped file
    mmap - Memory mapped device
    NUMBER - Represent the actual file descriptor. The character after the number i.e ’1u’, represents the mode in which the file is opened. r for read,
                     w for write, u for read and write.

*** TYPE - Specifies the type of the file. Some of the values of TYPEs are :

    REG - Regular File
    DIR - Directory
    FIFO - First In First Out
    CHR - Character special file

1. List opened files under a directory

You can list the processes which opened files under a specified directory using ‘+D’ option.
+D will recurse the sub directories also. If you don’t want lsof to recurse, then use ‘+d’ option.

# lsof +D /var/log/

2. List opened files based on process names starting with

You can list the files opened by process names starting with a string, using ‘-c’ option.
-c followed by the process name will list the files opened by the process starting with that processes name.
You can give multiple -c switch on a single command line.

# lsof -c ssh -c http

3.List files opened by a specific user

In order to find the list of files opened by a specific users, use ‘-u’ option.

# lsof -u oracle

Sometimes you may want to list files opened by all users, expect some 1 or 2.
In that case you can use the ‘^’ to exclude only the particular user as follows.

# lsof -u ^root

 

 

Linux:


Main menu 2

Story | by Dr. Radut