Linux Command to open a file-lsof

Introduction:
Lsof can list all files opened by a process. Open files may be common files, directories, NFS files, block files, character files, shared libraries, common pipelines, clear pipes, symbolic links, socket streams, network sockets, UNIX socket, and more. Because almost everything in UNIX systems is a file, you can imagine how useful lsof is.

Lsof output:

FD and type columns have the most vague meanings. They provide more information about how to use files.

The FD column indicates the file descriptor and the ApplicationProgramIdentifies a file by using a file descriptor. The type column provides more descriptions about the file format.
Let's take a look at the file descriptor column. There are three different values above. The CWD value indicates the current working directory of the application, which is the directory started by the application unless it changes the directory. TXT files are programs.CodeSuch as the application binary file itself or shared library, and the INIT program displayed in the list in this example. Finally, the value indicates the file descriptor of the application. This is an integer returned when the file is opened. In the last line, you can see that the user is using Vim to edit/root/1.txt, and the file descriptor is 3. U indicates that the file is opened and in read/write mode, instead of read-only (r) or write-only (w) mode. It is not very important, but very helpful. When opening each application at first, there are three file descriptors, from 0 to 2, indicating the standard input, output, and error stream respectively. Because of this, most applications open files with FD starting from 3.

The type column is more intuitive than the FD column. Depending on the operating system, you will find that the files and directories are called Reg and Dir (Vreg and vdir in Solaris ). Other possible values are CHR and BLK, indicating characters and Block devices, or UNIX, FIFO, and IPv4, indicating Unix domain socket, FIFO, respectively) queue and Internet Protocol (IP) socket.

Usage:

 
List opened files: # losf to find out who is using the file # lsof/root /. bashrc recursively finds all open files in a directory # lsof + D/usr/lib with the + D parameter, lsof performs recursive search on the specified directory, note that this parameter is slower than grep # lsof | grep '/usr/lib' Because + D first searches for all files, then, the output lists the files opened by a user. # lsof-u root lists all files opened by all users except the root user. # lsof-u ^ root lists all files opened by a program. # lsof -C httpd can only write the first few letters of the Process # lsof-c ht this will list the files opened by the process starting with HT to list the files opened by the process corresponding to a pid # lsof -P 489 list all network connections # The-I option of lsof-ilsof can list all open network Sockets (TCP and UDP) all TCP network connections # lsof-I tcp process that finds a port # lsof-I: 25 process that finds a TCP port # lsof-I TCP: 80 find all network connections of a user # The lsof-a-u hacker-I-a parameter can change the combination conditions of multiple options from or to and, using-a to combine-U and-I options allows lsof to list all network behavior of a user and output process PID using certain resources # lsof-t-I-t option to output process PID, you can combine it with the-I option to output the PID of the process using a port. The following command will kill all processes using the network: # Kill-9 'lsof-T-I 'to list objects cyclically # The lsof-r 1-r option allows lsof to list objects cyclically until they are interrupted, parameter 1 indicates repeated printing every second. This option should be used in combination with a query with a smaller range, for example, to monitor network activity: # lsof-R 1-u John-I-
From: www.cszhi.com