Sunday, October 14, 2018

10 Example of lsof commands in UNIX and Linux

It's been a long time since I have written anything on UNIX or Linux, but today I'll talk about the lsof command, a utility command every system admin and developers love. The lsof command stands for list open file descriptors and as the name suggests, it is used to find open files by process. Since almost everything in UNIX are file, you can use lsof command to find an open regular file, a directory, a symbolic link, a block special file, an NFS mounted file, a socket stream, a shared library, a character special file, a regular pipe, a named pipe, an internet socket, a UNIX domain socket and many others. I have mostly used it to find all the files opened by a particular process, which I will show you in the coming section.

It's an incredibly useful tool to do debugging and troubleshooting in UNIX and Linux environment, and because of its versatile nature, it's also known as the "The Swiss Army Knife of Linux". Since most of the production system runs on the UNIX-based operating system, knowledge of this tool become even more important.

As a Java developer, I often use lsof command to find all the files opened my Java process, or some time to find which process has opened a particular file e.g. a file which is used to represent a cache in memory, lsof is incredibly useful on doing that.

In this tutorial, we are going to learn different ways and options to use lsof some task, which will further help you to find process and file related information in UNIX or Linux.  You can combine the lsof with grep command for advanced search and filtering.

I often use grep command to filter output based upon file name, process id or file type. If you are not familiar with basic commands like grep and find, then I suggest you take a look at Linux Command Line Basics, a basic course for any programmer, tester, data security people or anyone, who work on UNIX and Linux based environment.



How to get lsof command

The lsof command generally comes pre-installed in many UNIX systems. If you are getting -bash: lsof: command not found an error while using lsof then it could be that lsof is not in your PATH.  Just check /usr/bin or /usr/sbin folder for this command. If you don't find there then you can install it from source or you can ask your UNIX admin to do that for you.

1) How to list all open files by all process

$ lsof

Simply running lsof without any argument print all opened file and process. This is not particularly useful but a good starting point.



2) How to list all process which has opened a file

$ lsof /home/someuser/somefile

will list all the process which has opened this file. you can see the command, PID, user and full file path to find out the process.



3) How to find all opened files by a user 
You can use lsof -u command to list all opened file by a user as shown below

$ lsof -u username

You can provide comma separated list of users to find a list of open files by multiple users as shown below

$ lsof -u user1,user2,user3

You can do the same by providing -u option multiple times :

$ lsof -u user1 -u user2

If you are struggling to remember these lsof command options, here is a nice diagram from Julia Evans which will help them to remember. If you want, you can also take a print out of this and keep at your desk for quick reference:
10 Example of lsof commands in UNIX and Linux




4) How to list all files opened by a particular command
You can use lsof -c option to provide the name of the command and list down all the files opened by that command, for example, to list all file opened by java process, you can do this :

$ lsof -c java

This is better than using grep for filtering, as instead of writing lsof | grep java, you can just write lsof -c java.

You can also find all files opened by apache which runs as httpd as shown below :

lsof -c httpd

Just like multiple users, you can also combine multiple processes name to list down files hold by them e.g.

$ lsof -c java -c httpd




5) How to find all files opened by a particular user and command
You can combine users and process name in one lsof command to list down all the files opened by a particular process or a particular user as shown below :

$ lsof -u root -c java

This will list all files opened or hold by root user + all files opened by the java process. See Linux Command Line Interface (CLI) Fundamentals, one of the great course to learn linux command line on Pluralsight.

how to use lsof command in linux






6) How to find files opened by USER and process
Like previous option, you can also combine user and process by using lsof option '-a'. This is like the AND logical operator and will only list files, which matches both options e.g.

$ lsof -a -u root - c java

will only list files opened by java process which is running under root user




7) lsof with the negation operator
Similar to AND and OR operator used earlier, you can also use negation operator with lsof command e.g.

$ lsof - u ^root

will list all files opened by all user except root




8) How to list all open files by a process using PID
As I told, I mostly use lsof command to find all files opened by a particular process. In order to do that sometimes, I usually use grep command to filter lsof output by PID, but you can also use lsof -p option to do the same, as shown below :

$ lsof -p 17783

will list all files opened by the process with PID 17783.

List users and processes, you can also supply multiple PIDs to find files opened by multiple processes e.g. :

$ lsof -p 17783,17754,17984

will list all files opened by the process with PIDs 17783,17754,17984. You can also see the Practical Guide to Linux Commands, Editors, and Shell Programming 3rd Edition by Mark G. Sobell to learn more about how to find a process in UNIX.

How to use lsof command in UNIX and Linux




9) How to list all network connection
You can use lsof - i option to find all open network connections which are nothing but open internet sockets (TCP and UDP), for example

$ lsof -i 

You can further find all TPC connection by using the tcp option as shown below :

$ lsof -i tcp

Similarly, to find all open udp connections you can do :

$ lsof -i udp

will list all process with open internet sockets.




10) How to find which process is using a port 
Though you can do this with netstat command as well, you would be surprised to know that you can find all process using a particular TCP or UDP port using the lsof command. For example :

$ lsof -i :19500 

will find the process which is using TCP or UDP port 19500

You can even names defined in etc/services instead of port number e.g.

$ lsof -i :smtp

will print process using the SMTP port.

You can also combine TCP and UDP with a port to do more specific search e.g. to find all process in UNIX which are uses TCP port number 19600 you can do following :

$ lsof -i tcp:19600 

and to find all process which is using UDP port 17600 you can use

$ lsof -i udp:17600


Now that you have seen how to use lsof command to do different things, let's revise them so that you can remember whatever you have learned so far. Here is a nice summary of lsof command examples in Linux:

lsof command example to find all process listening on a port




That's all about 10 examples of lsof command in UNIX and Linux. As I said, it's incredibly useful to find the list of files opened by a particular processor to find all the process which holds a lock on a file. Since almost everything is a file in UNIX, you can use lsof to find out open socket, directory, symbolic link, internet socket and many others. You can also see the lsof man page for full documentation and more options.

Further Learning
Linux Command Line Basics
Linux Command Line Interface (CLI) Fundamentals
Learn Linux in 5 Days and Level Up Your Career
5 Free Linux Courses for Programmers
5 Courses to Learn Shell Scripting for Developers
10 Tips to improve your speed in Linux command lines

Thanks for reading this article so far. If you find these lsof commands useful then please share with your friends and colleagues. If you have any questions or feedback then please drop a note.

4 comments :

Unknown said...

Great

Javin Paul said...

Thanks you unknown, glad that you find these lsof command examples useful.

Biswajit Nayak said...

Great collection, thank you for sharing this.

Javin said...

Thanks you Biwajit, happy that you found these lsolf examples useful.

Post a Comment