lsof command in Linux
Do not miss this exclusive book on Binary Tree Problems. Get it now for free.
In this article, we have explored the lsof command in Linux systems in depth. It is used to find files that are opened or linked with running processes.
Table of contents:
- Introduction to lsof command
- Installation of lsof
- Applications / Use of lsof
Introduction to lsof command
The lsof
command, an acronymized form of "list open files", is a terminal-based command that allows the user to retrieve information regarding all open/in-use files and their associated users/processes.
The following categories display as column headers when lsof
is executed. They will be elaborated upon in later sections.
COMMAND | PID | USER | FD | TYPE | DEVICE | SIZE/OFF | NODE NAME |
---|---|---|---|---|---|---|---|
Installation of lsof
Note: Although the command is supported by default in most Linux distributions you may find that your system does not support it.
For Debian and Ubuntu-based systems:
$ sudo apt-get install lsof
For Redhat-derived systems:
$ sudo yum install lsof
- You should need to enter your password for this installation to proceed. In some cases, your password will not show when entered, this is completely normal.
For reference the remaining examples will be executed in Ubuntu.
Application / Use of lsof
The lsof
command provides a long list of all the open files accessed by their respective processes. The command has many uses; prominently, lsof
can be used to identify files that should not be in use but are.
For practical purposes it makes sense to appropriately filter files with modifiers, as lsof
output will be too long.
Additionally, if "permission denied" appears on any of the files when executing lsof
, type sudo lsof
to execute the command with root (admin) privileges.
Note: Files can be normal files, as well as directories, sockets, and more in Linux.
Syntax:
lsof [ -?abChlnNOPRtUvVX ] [ -A A ] [ -c c ] [ +c c ] [ +|-d d ]
[ +|-D D ] [ +|-e s ] [ +|-E ] [ +|-f [cfgGn] ] [ -F [f] ] [ -g
[s] ] [ -i [i] ] [ -k k ] [ -K k ] [ +|-L [l] ] [ +|-m m ] [ +|-M
] [ -o [o] ] [ -p s ] [ +|-r [t[m<fmt>]] ] [ -s [p:s] ] [ -S [t]
] [ -T [t] ] [ -u s ] [ +|-w ] [ -x [fl] ] [ -z [z] ] [ -Z [Z] ]
[ -- ] [names]
This syntax, output of lsof ?
, displays the possible commands that can be combined with lsof
. For the purpose of simplicity, we will only cover a couple of these commands, but feel free to test out some of these commands on your own.
Example Output
COMMAND
, PID
, USER
, FD
, TYPE
, DEVICE
, SIZE/OFF
, NODE NAME
, are the column headers from left to right. Lines were picked to form this output — this is only a small snapshot.
bash 1336 liubsi 255u CHR 136,0 0t0 3 /dev/pts/0
sudo 1555 root mem REG 8,5 18720 673569 /usr/lib/x86_64-linux-gnu/security/pam_env.so
sudo 1555 root mem REG 8,5 191472 268991 /usr/lib/x86_64-linux-gnu/ld-2.31.so
sudo 1555 root 0u CHR 136,0 0t0 3 /dev/pts/0
sudo 1555 root 1u CHR 136,0 0t0 3 /dev/pts/0
sudo 1555 root 2u CHR 136,0 0t0 3 /dev/pts/0
sudo 1555 root 3u netlink 0t0 41141 AUDIT
sudo 1555 root 4u unix 0xffff9f27259e8000 0t0 41145 type=DGRAM
sudo 1555 root 6r FIFO 0,12 0t0 41148 pipe
sudo 1555 root 7w FIFO 0,12 0t0 41148 pipe
lsof 1556 root cwd DIR 8,5 4096 933156 /home/liubsi
lsof 1556 root rtd DIR 8,5 4096 2 /
lsof 1556 root txt REG 8,5 175744 262830 /usr/bin/lsof
lsof 1556 root mem REG 8,5 16287648 268467 /usr/lib/locale/locale-archive
lsof 1556 root mem REG 8,5 157224 270212 /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
lsof 1556 root mem REG 8,5 18816 269398 /usr/lib/x86_64-linux-gnu/libdl-2.31.so
File Details
COMMAND
refers to the process which currently has the file open (e.g. If you have Google Chrome open you may seechrome
under the first section)PID
stands for Process ID, a unique number your OS uses to track processesUSER
displays the user who is running the process (e.g. "yourself" — in my case liubsi, root, etc.)FD
stands for file descriptor which can take on various values. For example:cwd
- current working directorytxt
- text filertd
- root directoryjtd
- jail directorymem
- memory-mapped file- A number - this number refers to the actual file descriptor (unique integer identifier)
- Adjacent character -
r
,w
,u
refer to read, write, and read and write respectively
- Adjacent character -
- Note: These are only some of the most common descriptors, there are many more
TYPE
refers to the type of fileDIR
- directoryREG
- regular fileCHR
- character special file (a file that provides access to an input/output device)FIFO
- file that reads data first-in-first-out (also known as a named pipe, it allows applications on a device to pass data between each other)UNIX
- Unix domain socket- Note: These are only some of the most common types, there are many more
DEVICE
- contains the device number, memory, address, and more depending on the fileSIZE/OFF
- simply lists the size of the file or file offset in bytes if availableNODE NAME
-NODE
refers to the node number, inode, internet protocol type (TCP), and more.NAME
refers to the file's location and mount point, but can reference other values as well
Some Useful Commands
In no particular order of usefulness, here are some useful and commonly-used commands incorporating lsof
.
$ lsof +d s
- This command searches for all directories and files that are currently open with s acting as the root directory. Importantly, this command does not descend beyond the root directory to search.
$ lsof -i
- This option selects all of files currently being used by network and Internet processes.
$ lsof -cc
- This command shows the processes that start with the letter c. The letter c can be substituted for any other letter.
$ lsof -c chrome
- This command shows the processes that are being used by chrome. However, chrome can be substituted by any other process (e.g. firefox) to show that process' files.
$ lsof -v
- Gives the version information for
lsof
as installed
$ lsof -p s
- Gives the file as identified by the PID (process ID)
s
.
Note: For negation the ^ modifier can be used. $ lsof -p ^25
excludes the file with a PID of 25.
For a more detailed description of lsof
enter man 8 lsof
in the terminal and use h
to navigate.
Question
What does lsof stand for?
With this article at OpenGenus, you must have the complete idea of using lsof command in Linux.
Sign up for FREE 3 months of Amazon Music. YOU MUST NOT MISS.