+4 votes
270 views
How to list the files opened by a process in Linux

in Guides by (551k points)
reopened | 270 views

1 Answer

+5 votes
Best answer

How to list the files opened by a process in Linux with the lsof command.
Practical examples of using the lsof command.
Basis for understanding the output of the lsof command.
List the files opened by a specific process.
List the files opened by a specific user.
List the processes that have opened a specific file.
List open files in a directory.
List all network and internet files.

Today we are going to use the terminal to list the files opened by a process in Linux . This is a very common task, which we will have to face sooner or later if we manage Linux servers, so better be prevented.

image

In my case, the need to list the files opened by a process has arisen because I needed to find out where a demon was recording its activity . This activity knew that he recorded it in a file, but he did not know its location. So I got down to work and it was when the lsof command appeared to fix the problem.

How to list the files opened by a process in Linux with the lsof command.

As I anticipated, the command we will use will be lsof , which is available in all Linux distributions, * BSD, etc. It is a very flexible command and that can get us out of more than a hurry.

The most basic use is to execute the sudo lsof command and we will have a list with all the files opened by processes . This list is usually very extensive, so we will need to filter it to find what we are looking for, but we will see this later.

Basis for understanding the output of the lsof command.

If we look at the output of the lsof command, we see that it shows us the information organized in different columns. Most of the columns will recognize its meaning intuitively (pid, user, name, etc) , but others (FD, Type, etc.) may be somewhat strange, so we will explain its meaning quickly.

The FD column shows the file descriptors (File Descriptor) . The possible values "‹"‹of FD are:

  • cwd : refers to the current Working Directory .
  • txt : refers to a text file.
  • mem : reference to a memory mapping file.
  • mmap : refers to a mapped memory device.
  • number : sometimes a number will be displayed that refers to the file descriptor. This number will be followed by the letters r (open file for read only) , w (open file for write) or u (open file for read and write) .

On the other hand, the TYPE column can display the following values:

  • REG : regular file.
  • DIR : directory.
  • FIFO : First In First Out (first in, first out) .
  • CHR : special character file.

There are more values "‹"‹that FD and TYPE coulmnas can adopt, but in this tutorial I only collect the most common ones. If you need more information, do not hesitate to go to the help page with the man lsof command.

Practical examples of using the lsof command.

We are going to see a series of examples that are used regularly during system administration tasks.

List the files opened by a specific process.

To list the files opened by a specific process we will need to first find out your PID. The easiest way to find out the PID of a process by knowing its name is with the pidof nombre_proceso command pidof nombre_proceso .

As an example we are going to imagine that we want to find out the PID of the MySQL server process, for which I execute the pidof mysqld command. This command returns the number of the PID, which as an example we will assume is 1009 .

Once I have found out the PID, I just have to execute the lsof -p PID command, which by transferring it to our example would be sudo lsof -p 1009 .

image

This command is the one I use most and allows me to quickly find out the paths of the log files of an Apache or Nginx server (it is necessary to run lsof with root permissions) .

List the files opened by a specific user.

Thanks to this command we can also list the files opened by a specific user . In this case the command to execute would be lsof -u nombre_usuario .

As an example, we will list all files opened by the user www-data , commonly used on Apache servers, with the sudo lsof -u www-data command.

image

List the processes that have opened a specific file.

Sometimes we will know the path of the open file and we will need to find out which process has opened that file. In this case, the command would be lsof /ruta/ejemplo/archivo .

We will give an example in which we will find out which process has opened the file /var/log/apache2/access.log , which as we can expect will be the process or processes corresponding to an Apache server. In this case the command would be sudo lsof /var/log/apache2/access.log .

image

List open files in a directory.

Another interesting option is to list all open files that are under the same directory. The command to execute would be lsof +D /ruta/ejemplo/directorio/ .

In this way, we can execute a very useful command to find out the open log files of the system. For this, we just have to execute the sudo lsof +D /var/log/ command.

image

List all network and internet files.

A process can not only open a file or folder, it can also open a connection, a socket, a stream, etc. With the following command we can list all open network and internet files: sudo lsof -i .

image


by (3.5m points)

Related questions

+5 votes
1 answer
asked Aug 9, 2019 in Guides by backtothefuture (551k points) | 197 views
+5 votes
1 answer
+5 votes
1 answer
+5 votes
1 answer
+3 votes
1 answer
asked Aug 9, 2019 in Guides by backtothefuture (551k points) | 353 views
Sponsored articles cost $40 per post. You can contact us via Feedback
10,632 questions
10,764 answers
510 comments
3 users