Using the lsof command (with examples)
The lsof
command is a powerful tool for listing open files and the processes that have opened them. It provides valuable information about system resources and helps in troubleshooting various issues related to files and processes. In this article, we will explore different use cases of the lsof
command with code examples and explanations.
1: Find the processes that have a given file open
lsof path/to/file
Motivation: This use case is useful when you want to identify which processes have a specific file open. It can help you understand why a file cannot be modified or deleted, as it could be held open by some process.
Explanation: The lsof
command is used to list open files and related information. By providing the path to a file as an argument, lsof
will display the processes that have the file open.
Example Output:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 12345 nginx cwd DIR 0,1 256 123456 /path/to/file
The example output shows that the process with PID 12345, which belongs to the nginx
user, has the file open in the current working directory.
2: Find the process that opened a local internet port
lsof -i :port
Motivation: This use case is helpful when you want to identify the process that is bound to a specific local internet port. It allows you to determine which process is listening on a particular port.
Explanation: By using the -i
option followed by the port number, you can retrieve information about the process that opened the specified port.
Example Output:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 123456 apache 1u IPv4 1234 0t0 TCP *:80 (LISTEN)
The example output shows that the process with PID 123456, which belongs to the apache
user, has opened port 80 and is listening for incoming connections.
3: Only output the process ID (PID)
lsof -t path/to/file
Motivation: This use case can be helpful when you only need the PID of the process that has a specific file open. It allows you to retrieve the PID without any additional information.
Explanation: The -t
option instructs lsof
to display only the process ID (PID) of the process that has the specified file open.
Example Output:
12345
The example output shows that the process with PID 12345 has the specified file open.
4: List files opened by the given user
lsof -u username
Motivation: This use case is useful when you want to find all the files opened by a specific user. It helps in monitoring and analyzing the resource usage of individual users.
Explanation: By using the -u
option followed by the username, lsof
will list all files opened by the specified user.
Example Output:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ngnix 12345 user1 cwd DIR 0,1 4096 123456 /path/to/file1
httpd 23456 user1 cwd DIR 0,1 4096 234567 /path/to/file2
The example output shows that both the nginx
and httpd
processes, belonging to user1
, have files open in their current working directories.
5: List files opened by the given command or process
lsof -c process_or_command_name
Motivation: This use case is valuable when you want to identify all the files opened by a specific command or process. It helps in understanding the resource consumption of a particular process.
Explanation: The -c
option followed by the process or command name allows you to list all files opened by the specified process or command.
Example Output:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 123456 apache 1u IPv4 1234 0t0 TCP *:80 (LISTEN)
httpd 234567 apache 2u IPv4 1234 0t0 TCP *:443 (LISTEN)
The example output shows that both instances of the httpd
process have files open, corresponding to the ports 80 and 443.
6: List files opened by a specific process, given its PID
lsof -p PID
Motivation: This use case allows you to examine all the files opened by a particular process when you are aware of its PID. It helps in analyzing the resources utilized by a specific process.
Explanation: By using the -p
option followed by the process ID (PID), lsof
will display all files opened by the specified process.
Example Output:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 123456 apache 1u IPv4 1234 0t0 TCP *:80 (LISTEN)
httpd 123456 apache 2u IPv4 1234 0t0 TCP *:443 (LISTEN)
The example output shows that the process with PID 123456, which belongs to the apache
user, has two files open, corresponding to ports 80 and 443.
7: List open files in a directory
lsof +D path/to/directory
Motivation: This use case is beneficial when you want to list all the files opened within a specific directory. It can help in identifying the processes that are accessing files in a particular directory.
Explanation: By using the +D
option followed by the path to the directory, lsof
will list all the files opened within that directory.
Example Output:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 12345 nginx cwd DIR 0,1 4096 123456 /path/to/directory
nginx 12345 nginx 1 r REG 0,1 1024 123457 /path/to/directory/file1.txt
The example output shows that the process with PID 12345, which belongs to the nginx
user, has the directory /path/to/directory
open, along with a specific file within that directory.
8: Find the process that is listening on a local IPv6 TCP port and don’t convert network or port numbers
lsof -i6TCP:port -sTCP:LISTEN -n -P
Motivation: This use case is handy when you want to discover the process that is listening on a specific local IPv6 TCP port. It allows you to find the process without converting network or port numbers to their human-readable forms.
Explanation: By using the -i6TCP:port
option, lsof
will find the process that is listening on the specified IPv6 TCP port. The -sTCP:LISTEN
filter ensures that only listening processes are displayed. The -n
and -P
options prevent lsof
from converting network or port numbers to their human-readable forms.
Example Output:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 123456 apache 1u IPv6 1234 0t0 TCP *:80 (LISTEN)
The example output shows that the process with PID 123456, which belongs to the apache
user, is listening on port 80 in the IPv6 address format.
Conclusion
The lsof
command is a versatile tool for listing open files and the corresponding processes. By understanding the different use cases of this command and utilizing the provided code examples, you can effectively troubleshoot file-related issues, monitor resource usage, and gain valuable insights into your system.