---lsof of Linux commands

Lsof Introduction

Lsof use

Lsof output message Meaning

command PID USER FD TYPE DEVICE size  NODE nameinit 1 root cwd DIR 3,3 1024x768 2/init 1 root RTD DIR 3,3 1024x768 2/init 1 root txt REG 3,3 38432 176         3452/sbin/initinit 1 root mem REG 3,3 106114 1091620/lib/libdl-2.6.soinit 1       Root mem reg 3,3 7560696 1091614/lib/libc-2.6.soinit 1 root mem reg 3,3 79460 1091669/lib/libselinux.so.1init 1 root mem REG 3,3 223280 10       91668/lib/libsepol.so.1init 1 root mem REG 3,3 564136 1091607/lib/ld-2.6.soinit 1 root 10u FIFO 0,15 1309/dev/initctl  

COMMAND: Name of the process PID: Process identifier User: Process owner FD: File descriptor, the application recognizes the file through a file descriptor. such as CWD, TXT, etc. type: file type, such as Dir, Reg, and other device: Specify the name of the disk size: size of File Node: Index node (identity of file on disk) name: The exact name of the open file

Where the file descriptor CWD value in the FD column represents the current working directory of the application, which is the directory that the application launches, unless it makes changes to the directory itself.

TXT types of files are program code, such as the application binaries themselves or shared libraries, as shown in the list above in the/sbin/init program. The second value indicates the application

The file descriptor for the program, which is an integer that is returned when the file is opened. As on the last line of file/dev/initctl, its file descriptor is 10. U indicates that the

The file is open and in read/write mode, not read-only? or write-only (w) mode. Also, a capital W indicates that the application has a write to the entire file

Lock. This file descriptor is used to ensure that only one instance of the application can be opened at a time. When you initially open each application, you have three file descriptors, from 0 to 2,

The Type column is more intuitive than the FD column. Files and directories are called REG and Dir, respectively. and CHR and BLK, respectively, denote character and block device;

Lsof Common parameters

Lsof common usage is to find the name and number of files opened by the application. Can be used to find out where a particular application logs the log data, or to track an issue.

For example, Linux restricts the number of files that a process can open. Usually this is a large number, so there is no problem, and when needed, the application can request a larger value (until a

lsof [options] FileName

lsof  filename Displays all open files for all processes that open the specified file lsof-a indicates that two parameters must be met when the result lsof-c string   displays the command column that contains the specified characters lsof-u Username  Displays the files that belong to the user process open Lsof-g GID shows the process of attribution to GID lsof +d/dir/display directory is opened by the process file Lsof +d/dir/, but will search all directories under the directory, A relatively long time lsof-d FD Displays the process that specifies the file descriptor Lsof-n does not convert the IP to hostname, by default, without the-n parameter lsof-i to show the conditions of the process lsof-i[46] [protocol][@hostname | Hostaddr][:service|port]            IPv4 or IPV6 protocol-to-            TCP or UDP            hostname-Internet host name< C7/>HOSTADDR--IPV4 address service----            /etc/service in service name (can be more than one)            Port--and port number (can be more than one)

# lsof-i: 22COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE namesshd    1409 root    3u  IPv6   5678       TCP *:ssh (LISTEN)

# lsof-a-u root-d txtcommand PID USER FD TYPE DEVI CE SIZE NODE nameinit 1 root txt REG 3,3 38432 1763452/sbin/initmingetty 1632 root txt R EG 3,3 14366 1763337/sbin/mingettymingetty 1633 root txt REG 3,3 14366 1763337/sbin/mingettymingetty 1 634 Root txt reg 3,3 14366 1763337/sbin/mingettymingetty 1635 root txt reg 3,3 14366 1763337/sbin   /mingettymingetty 1636 root txt reg 3,3 14366 1763337/sbin/mingettymingetty 1637 root txt reg 3,3 14366 1763337/SBIN/MINGETTYKDM 1638 root txt REG 3,3 132548 1428194/usr/bin/kdmx 1670 root tx T reg 3,3 1716396 1428336/usr/bin/xorgkdm 1671 root txt REG 3,3 132548 1428194/usr/bin/kdmstar Tkde 2427 root txt REG 3,3 645408 1544195/bin/bash ...  

Lsof Use Instances

First, find who is using the file system

# lsof  /gtes11/command  PID USER   FD   TYPE DEVICE SIZE NODE namebash    4208 root  cwd    DIR    3,1 4096    2/gtes11/vim     4230 root  cwd    DIR    3,1 4096    2/gtes11/

Ii. Recovery of deleted files

# lsof |grep/var/log/messagessyslogd   1283      root    2w      REG        3,3  5381017    1773647/var/log/ Messages (Deleted)

# head-n 10/proc/1283/fd/2aug 4 13:50:15 holmes86 Syslogd 1.4.1:restart. 4 13:50:15 holmes86 kernel:klogd 1.4.1, log Source =/proc/kmsg started. 4 13:50:15 holmes86 kernel:linux version 2.6.22.1-8 ([email protected]) (gcc version 4.2.0) #1 SMP Wed Jul 18 1 1:18:32 EDT 2007Aug 4 13:50:15 holmes86 kernel:bios-provided physical RAM Map:aug 4 13:50:15 holmes86 kernel:bios-e82 0:0000000000000000-000000000009f000 (usable) 4 13:50:15 holmes86 kernel:bios-e820:000000000009f000-00000000000 a0000 (Reserved) 4 13:50:15 holmes86 kernel:bios-e820:0000000000100000-000000001f7d3800 (usable) 4 13:50:15 H Olmes86 kernel:bios-e820:000000001f7d3800-0000000020000000 (Reserved) 4 13:50:15 holmes86 kernel:bios-e820:000 00000e0000000-00000000f0007000 (Reserved) 4 13:50:15 holmes86 kernel:bios-e820:00000000f0008000-00000000f000c00 0 (Reserved)  

This method of recovering deleted files is useful for many applications, especially log files and databases.

---lsof of Linux commands