lsof stands for List Of Openfiles is a powerful command to analyze which files are open by the process .this command really helps the system administrators to keep track of the process usage, When you are trying to unmount a filesystem or device and if it shows the device is busy means the files are being used, with the help of the lsof command now we can easily identify the files which are in use.
What do we get from the lsof output?
With lsof you can use some options to get more detail output about the open files by the process, Below are the details you can get it after executing the command
1.Process in the system
6.Network file (NFS, Internet socket, Unix domain socket)
Note: By default in Unix/Linux this command comes with pre-installed. When you are executing lsof and if it is showing error lsof: command not found, it could be the command lsof is not in your PATH, check with /bin and /sbin directory for this command if the command is not listed in these directories then you have to install it manually.
Now let us see some of the examples with the lsof command in detail,
Ex:1 To list all open files by all the process
Without any option, this will list you all opened files and process.
From the above output, you can see the details of all open files, FD column stands for File descriptor and it shows some values
CWD Current working directory
rtd Root directory
txt Program text code
FD column numbers like 10u is a file descriptor and it is followed by u,r,w modes
r means read access
w means write access
u means both read and write access.
TYPE –file types and identity
REG– Regular file
CHR-Character special file
FIFO-First In First Out
Ex:2 How to get the details of all process which has opened file?
In this example I have opened the file /hello.txt for live monitoring so I use tail -f /hello.txt to let the file in open stream, Now check with the lsof to see which process is using the file /hello.txt
As you can see from the above output the file /hello.txt is opened by the process “tail”
Ex:3 How to list all opened files by a user?
by adding -u option with the lsof you can get the files which all are opened by the user
#lsof -u Vasanth
From the above output, you can see the files opened by the user Vasanth (marked with square red box)
You can also add multiple users by providing comma between the username
#lsof -u anis, Nirmal, Marshall
Ex:4 To list all files opened by a particular command
#lsof -c <command>
Let me put a file in buffering mode by using the tail -f /cts then after that run the lsof to view files opened by the tail command
#lsof -c tail
From the output, you can see the files opened by the tail command from the path /home/Vasanth/data file and then from the root directory path /cts file and much more…
To list all files opened by more than one commands use the below syntax
#lsof -c firefox,top
Ex:5 To list files opened by a particular User and command?
Here you can also combine the options -u and -c together
#lsof -u Vasanth -c firefox
From the output, you can see the user opened files as well the files which all are opened by the command firefox.
Ex:6 How to list all open files by a process using the PID number
Its nothing just add the option -p with the lsof command will list the files opened by the process with PID
First get the PID number of the running program by using top or ps command
Once you got the PID use the same with the lsof command.Here I use the PID 18
#lsof -p <PID>
From the above output, the PID has opened some files from the path / and /proc and also you can see the user who is running that program(here root), the command name and what type of files the PID is using and much more.
Ex:7 To list all network connection
here I means internet socket i.e TCP and UDP sockets)
From the above screenshot, you can see the port status whether it is listening or non -listening, the type of protocol connected, the node and many more details you can find it.
If you want to get all the TCP open socket connection details
#lsof -i tcp
Ex:8 How to get which process is using a port?
you can also use the netstat command for this
you can also use the service name instead of the port number
I hope you have understood the need of using the lsof command in Unix/Linux Operating system.
If you found this article useful, Kindly Subscribe here 👉🏿👉🏿Click here to Subscribe