lsof is a command meaning “list open files”, which is used in many Unix-like systems to report a list of all open files and the processes that opened them.
Introduction to lsof
Simply typing lsof will provide a list of all open files belonging to all active processes.
# lsof COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME init 1 root cwd DIR 8,1 4096 2 / init 1 root txt REG 8,1 124704 917562 /sbin/init init 1 root 0u CHR 1,3 0t0 4369 /dev/null init 1 root 1u CHR 1,3 0t0 4369 /dev/null init 1 root 2u CHR 1,3 0t0 4369 /dev/null init 1 root 3r FIFO 0,8 0t0 6323 pipe ...
By default One file per line is displayed. Most of the columns are self explanatory. We will explain the details about couple of cryptic columns (FD and TYPE).
FD – Represents the file descriptor. Some of the values of FDs are,
- cwd – Current Working Directory
- txt – Text file
- mem – Memory mapped file
- mmap – Memory mapped device
- NUMBER – Represent the actual file descriptor. The character after the number i.e ’1u’, represents the mode in which the file is opened. r for read, w for write, u for read and write.
- TYPE – Specifies the type of the file. Some of the values of TYPEs are,
- REG – Regular File
- DIR – Directory
- FIFO – First In First Out
- CHR – Character special file
List processes which opened a specific file
You can list only the processes which opened a specific file, by providing the filename as arguments.
# lsof /var/log/syslog COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rsyslogd 488 syslog 1w REG 8,1 1151 268940 /var/log/syslog