【基本介绍】
lsof - list open files
It is a command line utility which is used to list the information about the files that are opened by various processes. In unix, everything is a file, ( pipes, sockets, directories, devices, etc.). So by using lsof, you can get the information about any opened files.所有的东西都是文件,lsof用来查看打开文件的进程
【参数介绍】
[root@pandaVM ~]# lsof | head -10
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
init 1 root cwd DIR 8,2 4096 2 /
init 1 root rtd DIR 8,2 4096 2 /
init 1 root txt REG 8,2 150352 130349 /sbin/init
init 1 root mem REG 8,2 65928 260653 /lib64/libnss_files-2.12.so
init 1 root mem REG 8,2 1926800 264737 /lib64/libc-2.12.so
init 1 root mem REG 8,2 93320 264762 /lib64/libgcc_s-4.4.7-20120601.so.1
init 1 root mem REG 8,2 47064 264739 /lib64/librt-2.12.so
init 1 root mem REG 8,2 145896 260719 /lib64/libpthread-2.12.so
init 1 root mem REG 8,2 268232 264740 /lib64/libdbus-1.so.3.4.0
FD – Represents the file descriptor.(文件描述) Some of the values of FDs are,
cwd – Current Working Directory
txt – Text file
mem – Memory mapped file
mmap – Memory mapped device
NUMBER – Represent the actual file descriptor. The character after the number i.e ’1u’, represents the mode in which the file is opened. r for read, w for write, u for read and write.
TYPE – Specifies the type of the file.(文件类型) Some of the values of TYPEs are,
REG – Regular File
DIR – Directory
FIFO – First In First Out
CHR – Character special file
lsof filename 显示打开指定文件的所有进程
lsof -a 表示两个参数都必须满足时才显示结果
lsof -c string 显示COMMAND列中包含指定字符的进程所有打开的文件
lsof -u username 显示所属user进程打开的文件
lsof -g gid 显示归属gid的进程情况
lsof +d /DIR/ 显示目录下被进程打开的文件
lsof +D /DIR/ 同上,但是会搜索目录下的所有目录,时间相对较长
lsof -d FD 显示指定文件描述符的进程
lsof -n 不将IP转换为hostname,缺省是不加上-n参数
lsof -i :port 显示使用端口的进程
【常用例子】
List processes which opened a specific file(显示打开指定文件的进程)
# lsof /var/log/syslog
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsyslogd 488 syslog 1w REG 8,1 1151 268940 /var/log/syslog
List all open files by a specific process(显示指定进程IP)
# lsof -p 1753
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash 1753 lakshmanan cwd DIR 8,1 4096 393571 /home/lakshmanan/test.txt
bash 1753 lakshmanan rtd DIR 8,1 4096 2 /
bash 1753 lakshmanan 255u CHR 136,0 0t0 3 /dev/pts/0
List processes which are listening on a particular port(显示指定端口)
# lsof -i :25
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
exim4 2541 Debian-exim 3u IPv4 8677 TCP localhost:smtp (LISTEN)
List files opened by a specific user(显示指定用户的进程)
# lsof -u lakshmanan
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
update-no 1892 lakshmanan 20r FIFO 0,8 0t0 14536 pipe
update-no 1892 lakshmanan 21w FIFO 0,8 0t0 14536 pipe
bash 1995 lakshmanan cwd DIR 8,1 4096 393218 /home/lakshmanan
List opened files based on process names starting with(显示指定进程名)
# lsof -c ssh -c init
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
init 1 root txt REG 8,1 124704 917562 /sbin/init
init 1 root mem REG 8,1 1434180 1442625 /lib/i386-linux-gnu/libc-2.13.so
init 1 root mem REG 8,1 30684 1442694 /lib/i386-linux-gnu/librt-2.13.so
...
ssh-agent 1528 lakshmanan 1u CHR 1,3 0t0 4369 /dev/null
ssh-agent 1528 lakshmanan 2u CHR 1,3 0t0 4369 /dev/null
ssh-agent 1528 lakshmanan 3u unix 0xdf70e240 0t0 10464 /tmp/ssh-sUymKXxw
List opened files under a directory(显示目录下被打开的文件)
# lsof +D /var/log/
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsyslogd 488 syslog 1w REG 8,1 1151 268940 /var/log/syslog
rsyslogd 488 syslog 2w REG 8,1 2405 269616 /var/log/auth.log
console-k 144 root 9w REG 8,1 10871 269369 /var/log/ConsoleKit/history
【参考引用】
http://blog.csdn.net/guoguo1980/article/details/2324454
http://www.thegeekstuff.com/2012/08/lsof-command-examples/