Importance of “lsof” command in Linux

lsof stands for List Of Openfiles is a powerful  command  to analyze which files are open by the process .this command really helps the system administrators to keep track of the process usage, When  you are trying to unmount a filesystem or device and if it shows the device is busy  means the files are being used, with the help of the lsof command now we can easily identify the files which are in use.

What do we get from the lsof output?

With lsof you can use some options to get more detail output about the open files by the process, Below are the details you can get it after executing the command

1.Process in the system


3.Network service

4.Regular file


6.Network file (NFS, Internet socket, Unix domain socket)

Note: By default in Unix/Linux this command comes with pre-installed. When you are executing lsof and if it is showing error lsof: command not found, it could be the command lsof is not in your PATH, check with /bin and /sbin directory for this command if the command is not listed in these directories then you have to install it manually.

Now let us see some of the examples with the lsof command in detail,

Ex:1 To list all open files by all the process


Without any option, this will list you all opened files and process.

From the above output, you can see the details of all open files, FD column stands for File descriptor and it shows some values

CWD Current working directory

rtd Root directory

txt Program text code

mem Memory

FD column numbers like 10u is a file descriptor and it is followed by u,r,w modes

r means read access

w means write access

u means both read and write access.

TYPE –file types and  identity

DIR– Directory

REG– Regular file

CHR-Character special  file

FIFO-First In First Out

Ex:2 How to get the details of all process which has opened file?

#lsof   /hello.txt

In this example I have opened the file /hello.txt for live monitoring so I use tail -f /hello.txt to let the file in open stream, Now check with the lsof to see which process is using the file /hello.txt

As you can see from the above output the file /hello.txt is opened by the process “tail”

Ex:3 How to list all opened files by a user?

by adding  -u option with the lsof  you can get the files which all are opened by the user

#lsof  -u Vasanth

From the above output, you can see the files opened by the user Vasanth (marked with square red box)

You can also add multiple users by providing comma between the username

#lsof -u anis, Nirmal, Marshall

Ex:4 To list all files opened by  a particular command

#lsof  -c  <command>

Let me put a file in buffering mode by using the tail -f  /cts then after that  run the lsof to view files opened by the tail command

#lsof -c  tail

From the output, you can see the files opened by the tail command from the path /home/Vasanth/data file and then from the root directory path /cts file and much more…

To list all files opened by more than one  commands use the below syntax

#lsof -c firefox,top

Ex:5 To list files opened by a particular User and command?

Here you can also combine the options -u and -c together

#lsof  -u Vasanth  -c firefox

From the output, you can see the user opened files as well the files which all are opened by the command firefox.

Ex:6 How to list all open files by a process using the PID number

Its nothing just add the option -p with the lsof command will list the files opened by the process with PID

First get the PID number of the running program by using top or ps command


Once you got the PID use the same with the lsof command.Here I use the PID 18

#lsof -p  <PID>

From the above output, the PID has opened some files from the path / and /proc and also you can see the user who is running that program(here root), the command name and what type of files the PID is using and much more.

Ex:7  To list all network connection

#lsof  -i

here I means internet socket i.e TCP and UDP sockets)

From the above screenshot, you can see the port status whether it is listening or non -listening, the type of protocol connected, the node and many more details you can find it.

If you want to get all the TCP open socket connection details

#lsof  -i tcp

Ex:8 How to get which process is using a port?

you can also use the netstat command  for this

#lsof  -i:22

you can also use the service name instead of the port number

#lsof -i:ssh

I hope you have understood the need of using the lsof command in Unix/Linux Operating system.

If you found this article useful, Kindly Subscribe here 👉🏿👉🏿Click here to Subscribe




About Author:

Hello readers! Let me introduce my self first. My name is Vasanth Nirmal Singh J S having 9+ years of experience in IT on all flavours of Unix operating systems ,Storage's and many more .. I would like to share my technical experience i have come across - can be help to other people. So in this blog, I'll post my thoughts related to ITIS. I'll share experiences that I've had while working in different environments. You can expect content related to Unix,Solaris,Linux,EMC Storeages,HP-UX and many others. I hope this blog can be useful for you! Your comments will be appreciated!

2 thoughts on “Importance of “lsof” command in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *