Using the lsof command (with examples)

Using the lsof command (with examples)

The lsof command is a powerful tool for listing open files and the processes that have opened them. It provides valuable information about system resources and helps in troubleshooting various issues related to files and processes. In this article, we will explore different use cases of the lsof command with code examples and explanations.

1: Find the processes that have a given file open

lsof path/to/file

Motivation: This use case is useful when you want to identify which processes have a specific file open. It can help you understand why a file cannot be modified or deleted, as it could be held open by some process.

Explanation: The lsof command is used to list open files and related information. By providing the path to a file as an argument, lsof will display the processes that have the file open.

Example Output:

COMMAND   PID     USER   FD   TYPE DEVICE  SIZE/OFF   NODE NAME
nginx   12345    nginx  cwd    DIR    0,1       256 123456 /path/to/file

The example output shows that the process with PID 12345, which belongs to the nginx user, has the file open in the current working directory.

2: Find the process that opened a local internet port

lsof -i :port

Motivation: This use case is helpful when you want to identify the process that is bound to a specific local internet port. It allows you to determine which process is listening on a particular port.

Explanation: By using the -i option followed by the port number, you can retrieve information about the process that opened the specified port.

Example Output:

COMMAND    PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   123456    apache   1u  IPv4   1234      0t0  TCP *:80 (LISTEN)

The example output shows that the process with PID 123456, which belongs to the apache user, has opened port 80 and is listening for incoming connections.

3: Only output the process ID (PID)

lsof -t path/to/file

Motivation: This use case can be helpful when you only need the PID of the process that has a specific file open. It allows you to retrieve the PID without any additional information.

Explanation: The -t option instructs lsof to display only the process ID (PID) of the process that has the specified file open.

Example Output:

12345

The example output shows that the process with PID 12345 has the specified file open.

4: List files opened by the given user

lsof -u username

Motivation: This use case is useful when you want to find all the files opened by a specific user. It helps in monitoring and analyzing the resource usage of individual users.

Explanation: By using the -u option followed by the username, lsof will list all files opened by the specified user.

Example Output:

COMMAND   PID    USER   FD   TYPE DEVICE SIZE/OFF   NODE NAME
ngnix   12345   user1  cwd    DIR    0,1     4096 123456 /path/to/file1
httpd   23456   user1  cwd    DIR    0,1     4096 234567 /path/to/file2

The example output shows that both the nginx and httpd processes, belonging to user1, have files open in their current working directories.

5: List files opened by the given command or process

lsof -c process_or_command_name

Motivation: This use case is valuable when you want to identify all the files opened by a specific command or process. It helps in understanding the resource consumption of a particular process.

Explanation: The -c option followed by the process or command name allows you to list all files opened by the specified process or command.

Example Output:

COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   123456    apache  1u   IPv4   1234      0t0  TCP *:80 (LISTEN)
httpd   234567    apache  2u   IPv4   1234      0t0  TCP *:443 (LISTEN)

The example output shows that both instances of the httpd process have files open, corresponding to the ports 80 and 443.

6: List files opened by a specific process, given its PID

lsof -p PID

Motivation: This use case allows you to examine all the files opened by a particular process when you are aware of its PID. It helps in analyzing the resources utilized by a specific process.

Explanation: By using the -p option followed by the process ID (PID), lsof will display all files opened by the specified process.

Example Output:

COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   123456    apache  1u   IPv4   1234      0t0  TCP *:80 (LISTEN)
httpd   123456    apache  2u   IPv4   1234      0t0  TCP *:443 (LISTEN)

The example output shows that the process with PID 123456, which belongs to the apache user, has two files open, corresponding to ports 80 and 443.

7: List open files in a directory

lsof +D path/to/directory

Motivation: This use case is beneficial when you want to list all the files opened within a specific directory. It can help in identifying the processes that are accessing files in a particular directory.

Explanation: By using the +D option followed by the path to the directory, lsof will list all the files opened within that directory.

Example Output:

COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   12345    nginx  cwd    DIR    0,1     4096 123456 /path/to/directory
nginx   12345    nginx    1    r    REG    0,1    1024 123457 /path/to/directory/file1.txt

The example output shows that the process with PID 12345, which belongs to the nginx user, has the directory /path/to/directory open, along with a specific file within that directory.

8: Find the process that is listening on a local IPv6 TCP port and don’t convert network or port numbers

lsof -i6TCP:port -sTCP:LISTEN -n -P

Motivation: This use case is handy when you want to discover the process that is listening on a specific local IPv6 TCP port. It allows you to find the process without converting network or port numbers to their human-readable forms.

Explanation: By using the -i6TCP:port option, lsof will find the process that is listening on the specified IPv6 TCP port. The -sTCP:LISTEN filter ensures that only listening processes are displayed. The -n and -P options prevent lsof from converting network or port numbers to their human-readable forms.

Example Output:

COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   123456    apache   1u  IPv6   1234      0t0  TCP *:80 (LISTEN)

The example output shows that the process with PID 123456, which belongs to the apache user, is listening on port 80 in the IPv6 address format.

Conclusion

The lsof command is a versatile tool for listing open files and the corresponding processes. By understanding the different use cases of this command and utilizing the provided code examples, you can effectively troubleshoot file-related issues, monitor resource usage, and gain valuable insights into your system.

Related Posts

How to use the command pio boards (with examples)

How to use the command pio boards (with examples)

The “pio boards” command is used to list pre-configured embedded boards available in PlatformIO.

Read More
How to use the command 'woeusb' (with examples)

How to use the command 'woeusb' (with examples)

This article provides examples of how to use the ‘woeusb’ command, which is a Windows media creation tool.

Read More
Linting and Fixing JavaScript code with StandardJS (with examples)

Linting and Fixing JavaScript code with StandardJS (with examples)

Introduction: Linting is an essential part of the development process as it helps ensure that code adheres to coding conventions and best practices.

Read More