lsof command tutorial in linux/unix with examples and use cases
July 1, 2020
linux lsof command – list open files
In the Linux system, everything is a file. Files can access not only regular data, but also network connections and hardware. Therefore, the lsof command can not only view the files and directories opened by the process, but also view the socket information such as the port that the process listens to.
This article will introduce the basic usage of the lsof command. The demo environment of this article is ubuntu 19.04.
-a indicates the AND relationship between other options
-c output the file opened by the specified process
-d list processes occupying the file number
+d output directory and the files and directories opened under the directory (not recursive)
+D recursive output and opened files and directories under the directory
-i output files related to the network that meet the conditions
-n don’t resolve hostname
-p output the file opened by the process with the specified PID
-P does not parse the port number
-t only output PID
-u output files opened by the specified user
-U print open UNIX domain socket file
COMMAND : the name of the program
PID : process identifier
USER : process owner
FD : file descriptor, the application identifies the file through the file descriptor
TYPE : file type, such as DIR, REG, etc.
DEVICE : Separate device numbers with commas
SIZE : file size (bytes)
NODE : inode (the identification of the file on the disk)
NAME : the exact name of the file opened
Here are some common types in FD column and TYPE column.
Common types in the FD column are cwd, rtd, txt, mem, some numbers, and so on.
cwd – the current working directory;
rtd – the root directory;
txt – the executable file of the program;
mem – a memory-mapped file:
The common REG and DIR in the TYPE column represent ordinary files and directories, respectively.
View which processes have the specified file opened
In the following example, we will use the lsof command to see which processes are opening the specified file, such as querying the process that opens the /bin/zsh file: