View files opened by processes and processes that opened files under linu

In many cases, we need to check which files are opened by a process. In turn, we also want to know which processes are reading and writing a file. There are many useful tools in Linux to help us complete these two tasks. The following describes these two tools: lsof and fuser.

Fuser find files or sockets 'user

Format: Fuser [Option] fname

-K if the process to open the file is found, it will send sigkill to kill the process. The-I option can be used to provide interactive selection for users.

-The signal user can specify the signal used to kill the process. If the-k parameter is specified, this parameter is ignored.

-M if a file is specified, all processes that access the file system where the file is located will be listed

-N type specifies different file types. The default type is file. In addition, TCP and UDP types are supported. In this case, you can simply write port/tcp

-U: displays the process owner

-V: displays detailed process and file opening information

-4/-6: Only IPv4/IPv6 socket search

For example, we want to check which process opens the port TCP port 9000 Fuser-v-u 9000/tcp

View which processes are accessing/home and mount the partition Fuser-mV/home.

 

Lsof list open file

Format: lsof [Option] [names]

Execute lsof separately to output all open files in the system. We can use grep to filter out the content we care about. However, lsof provides corresponding parameters to help us find the files accurately.

Lsof name will output all processes using the file name

-P pid: list all files opened by the process PID.

-D fd_pattern: list all open FD files whose values are fd_pattern. The FD values include integers, txt, mem, and so on.

-After a lsof, you can add multiple matching conditions. The default value is "or". This parameter converts multiple conditions into the and relationship.

-I [46] [proto] [@ hostname | IP] [: Service | Port] is used to select the process that occupies a port.

+ D/+ D dir non-recursive or recursive display of processes that open files under DIR

-C string: displays the files opened by the process whose command contains the string.

-U Username: displays the files opened by the user's process.

-G GID

These parameters are enough. The above two tools read data from the/proc file system for work. It is mentioned on the Internet that the lsof search function can be used to restore a deleted file, provided that the process that occupies the file is not closed yet. Find the corresponding process and FD-num in the process through the deleted file, and then restore the deleted file through CAT/proc/process-num/FD-num.