Article Directory
- An lsof command
- Two columns
-
- 2.1 List all open files
- 2.2 Common methods
-
- List all open files:
- See who is using a file
- Than use the +D option to traverse and view all file information in a directory
- List file information opened by a user
- List file information opened by a program
- List file information opened by multiple programs
- List the file information opened by a certain user and a certain program
- List the opened file information except for a certain user
- Display the file to be opened by a certain process number
- List file information corresponding to multiple process numbers
- List information about files opened by other process IDs except for a certain process ID
- List all network connections
- List all tcp network connection information
- List all udp network connection information
- List who is using a port
- List who is using a specific udp port
- Specific tcp port
- List all active network ports of a user
- List all network file systems
- List the corresponding file information according to the file description
- List file information according to file description range
An lsof command
The lsof command is used to view the file opened by your process, the process that opened the file, and the port (TCP, UDP) opened by the process. Retrieve/restore deleted files. It is a very convenient system monitoring tool, because the lsof command needs to access the core memory and various files, so it needs to be executed by the root user.
In the Linux environment, everything exists in the form of files. Through files, you can access not only regular data, but also network connections and hardware. Therefore, such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) sockets, the system allocates a file descriptor for the application in the background. Regardless of the nature of the file, the file descriptor is the application The interaction with the basic operating system provides a common interface. Because the descriptor list of the file opened by the application provides a lot of information about the application itself, it will be very helpful for system monitoring and troubleshooting to be able to view this list through the lsof tool.
1.1 Syntax
lsof(选项)
1.2 Options
Two columns
2.1 List all open files
[root@localhost~]# lsof
command PID USER FD type DEVICE SIZE NODE NAME
init 1 root cwd DIR 8,2 4096 2 /
init 1 root rtd DIR 8,2 4096 2 /
init 1 root mem REG 8,2 1722304 7823915 /lib64/libc-2.5.so
migration 2 root cwd DIR 8,2 4096 2 /
migration 2 root txt unknown /proc/2/exe
ksoftirqd 3 root cwd DIR 8,2 4096 2 /
2.1.1 The meaning of each column of information output by lsof is as follows
- COMMAND: The name of the process
- PID: Process identifier
- PPID: parent process identifier (need to specify -R parameter)
- USER: process owner
- PGID: the group to which the process belongs
- FD: File descriptor, the application program recognizes the file through the file descriptor.
- DEVICE: Specify the name of the disk
- SIZE: the size of the file
- NODE: index node (identification of the file on the disk)
- NAME: the exact name of the opened file
- FD file descriptor list
The list of FD file descriptors includes:
- cwd: stands for current work dirctory, that is: the current working directory of the application, which is the directory where the application is started, unless it changes this directory itself
- txt: This type of file is program code, such as the application binary file itself or shared library, such as the /sbin/init program shown in the above list
- lnn: library references (AIX) (library references);
- er: FD information error (see NAME column) (fd information error);
- jld: jail directory (FreeBSD) (monitoring directory);
- ltx: shared library text (code and data);
- mxx: hex memory-mapped type number xx (hexadecimal memory-mapped type number xx);
- m86: DOS Merge mapped file (DOS Merge mapped file);
- mem: memory-mapped file (memory-mapped file);
- mmap: memory-mapped device (memory-mapped device);
- pd: parent directory (parent directory);
- rtd: root directory (with the directory);
- tr: kernel trace file (OpenBSD) (kernel trace file);
- v86 VP/ix mapped file (VP/IX mapped file);
- 0: indicates standard output
- 1: Represents standard input
- 2: Represents standard error
Generally, the standard output, standard error, and standard input are followed by the file status mode:
- u: Indicates that the file is opened and in read/write mode.
- r: Indicates that the file is opened and in read-only mode.
- w: Indicates that the file is opened and in.
- Space: indicates that the status mode of the file is unknow and it is not locked.
- -: Indicates that the status mode of the file is unknow and is locked.
At the same time, after the file status mode, there are related locks:
- N: for a Solaris NFS lock of unknown type (for a Solaris NFS lock of unknown type);
- r: for read lock on part of the file (used to read and lock part of the file);
- R: for a read lock on the entire file (read lock on the entire file);
- w: for a write lock on part of the file;
- W: for a write lock on the entire file; (write lock on the entire file)
- u: for a read and write lock of any length (for a read and write lock of any length);
- U: for a lock of unknown type (for a lock of unknown type);
- x: for an SCO OpenServer Xenix lock on part of the file (sco openserver xenix lock for the file);
- X: for an SCO OpenServer Xenix lock on the entire file (sco openserver xenix lock on the entire file);
- space: if there is no lock (if there is no lock).
2.1.2 File type:
- DIR: indicates the directory.
- CHR: Represents the character type.
- BLK: Block device type.
- UNIX: UNIX domain socket.
- FIFO: First-in-first-out (FIFO) queue.
- IPv4: Internet Protocol (IP) socket.
- DEVICE: Specify the name of the disk
- SIZE: the size of the file
- NODE: index node (identification of the file on the disk)
- NAME: the exact name of the opened file
2.2 Common methods
List all open files:
lsof
Note: If you do not add any parameters, all opened files will be opened. It is recommended to add the following parameters for specific positioning
See who is using a file
lsof /filepath/file
#Recursively view the file information of a directory.
lsof +D /filepath/filepath2/
Remarks: When +D is used, all subdirectories and files in the corresponding directory will be listed
Than use the +D option to traverse and view all file information in a directory
lsof | grep ‘/filepath/filepath2/’
List file information opened by a user
lsof -u username
Remarks: -u option, u is actually the abbreviation of user
List file information opened by a program
lsof -c mysql
Remarks: The -c option will list all the files of the program beginning with mysql. In fact, you can also write lsof | grep mysql, but the first method is obviously less typing than the second method.
List file information opened by multiple programs
lsof -c mysql -c apache
List the file information opened by a certain user and a certain program
lsof -u test -c mysql
List the opened file information except for a certain user
lsof -u ^root
Remarks: The ^ symbol before the user name will prevent the process opened by the root user from being displayed
Display the file to be opened by a certain process number
lsof -p 1
List file information corresponding to multiple process numbers
lsof -p 123,456,789
List information about files opened by other process IDs except for a certain process ID
lsof -p ^1
List all network connections
lsof -i
List all tcp network connection information
lsof -i tcp
List all udp network connection information
lsof -i udp
List who is using a port
lsof -i :3306
List who is using a specific udp port
lsof -i udp:55
Specific tcp port
lsof -i tcp:80
List all active network ports of a user
lsof -a -u test -i
List all network file systems
lsof -N
#Domain name socket file
lsof -u
#File information opened by a user group
lsof -g 5555
List the corresponding file information according to the file description
lsof -d description(like 2)
List file information according to file description range
lsof -d 2-3