Important uses of LSOF Command - lsof is a Linux utility which lists the information about files opened by processes.LSOF is one of the powerful tool available for troubleshooting problems. Below listed important uses of LSOF Command
Listing Files Open by a Specific user.
This can be find by using -u option with lsof command
#lsof -u
This will list all files opened by that particular user.
Finding Uses of a Specific Open File
Sometimes you are interested in knowing who is using what in your server.If you want to know which process and which user accessing a particular,then you can easily find it using lsof command
#lsof /var/log/messages
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME syslogd 3726 root 1w REG 8,2 238614 491588 /var/log/messages tail 8921 root 3r REG 8,2 238614 491588 /var/log/messages
So this will explains that this particular file is accessing two process syslogd and tail command.
Finding Open Files Filling a File System
lsof command could be used monitor a particular filesystem usage.This will give you a clear picture of filesystem usage
#lsof /|more
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME init 1 root cwd DIR 8,2 4096 2 / init 1 root rtd DIR 8,2 4096 2 / init 1 root txt REG 8,2 38652 355488 /sbin/init init 1 root mem REG 8,2 125736 132892 /lib/ld-2.5.so init 1 root mem REG 8,2 1611564 132893 /lib/libc-2.5.so init 1 root mem REG 8,2 16428 132898 /lib/libdl-2.5.so init 1 root mem REG 8,2 245376 132905 /lib/libsepol.so.1
Finding Processes Blocking Umount
This is one of the common scenario most of the Linux admin faced.When you are trying to umount a file system with umount command,it may throw device busy error.So in this case you can use lsof command to figure out which process is holding the lock for that filesystem.
# umount /home
umount: /home: device is busy umount: /home: device is busy
# lsof /home
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME bash 8886 root cwd DIR 8,5 4096 2 /home/
Finding Files Open by a command or process
eg: If you want to find out the list of files opened by httpd service,So for that findout the PID of the process and input that PID to lsof command
#lsof -p
This will list all files opened by httpd process.
Listing Open NFS Files
lsof command is used to findout all open files on remote filesystem owned by NFS server.You can run lsof -N command on NFS client and it will list files open by process on client that are on remote NFS filesystem.
#lsof -N
Finding Listening Sockets
lsof command with -i option will give you all the open network sockets in your server Or you can filter your result with specific criteria like address,protocol name or port number.
eg:
#lsof -i TCP
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME cupsd 3115 root 4u IPv4 9065 TCP localhost.localdomain:ipp (LISTEN) portmap 3848 rpc 4u IPv4 10530 TCP *:sunrpc (LISTEN) rpc.statd 3880 root 7u IPv4 10700 TCP *:vacdsm-sws (LISTEN) ccsd 3956 root 5u IPv6 10935 TCP localhost6.localdomain6:50006 (LISTEN) ccsd 3956 root 8u IPv4 10939 TCP *:50008 (LISTEN) sshd 4252 root 3u IPv6 13374 TCP *:ssh (LISTEN) sendmail 4334 root 4u IPv4 13531 TCP localhost.localdomain:smtp
These are some important uses of LSOF command,but there are plenty.LSOF one of the important tool for a system admin.