How to check the files in linux

5 Commands to View the Content of a File in Linux Command Line

If you are new to Linux and you are confined to a terminal, you might wonder how to view a file in the command line.

Reading a file in Linux terminal is not the same as opening file in Notepad. Since you are in the command line mode, you should use commands to read file in Linux.

Don’t worry. It’s not at all complicated to display a file in Linux. It’s easy as well essential that you learn how to read files in the line.

Here are five commands that let you view the content of a file in Linux terminal.

5 commands to view files in Linux

Before you how to view a file in Unix like systems, let me clarify that when I am referring to text files here. There are different tools and commands if you want to read binary files.

1. Cat

This is the simplest and perhaps the most popular command to view a file in Linux.

Cat simply prints the content of the file to standard display i.e. your screen. It cannot be simpler than this, can it?

cat displays the content of the file on the screen

Cat becomes a powerful command when used with its options. I recommend reading this detailed tutorial on using cat command.

The problem with cat command is that it displays the text on the screen. Imagine if you use cat command with a file that has 2000 lines. Your entire screen will be flooded with the 200 lines and that’s not the ideal situation.

So, what do you do in such a case? Use less command in Linux (explained later).

The nl command is almost like the cat command. The only difference is that it prepends line numbers while displaying the text in the terminal.

nl command displays text with line numbers

There are a few options with nl command that allows you to control the numbering. You can check its man page for more details.

3. Less

Less command views the file one page at a time. The best thing is that you exit less (by pressing q), there are no lines displayed on the screen. Your terminal remains clean and pristine.

I strongly recommend learning a few options of the Less command so that you can use it more effectively.

There is also more command which was used in olden days but less command has more friendly features. This is why you might come across the humorous term ‘less is more’.

4. Head

Head command is another way of viewing text file but with a slight difference. The head command displays the first 10 lines of a text file by default.

You can change this behavior by using options with head command but the fundamental principle remains the same: head command starts operating from the head (beginning) of the file.

5. Tail

Tail command in Linux is similar and yet opposite to the head command. While head command displays file from the beginning, the tail command displays file from the end.

By default, tail command displays the last 10 lines of a file.

Head and Tail commands can be combined to display selected lines from a file. You can also use tail command to see the changes made to a file in real time.

Bonus: Strings command

Okay! I promised to show only the commands for viewing text file. And this one deals with both text and binary files.

Strings command displays the readable text from a binary file.

No, it doesn’t convert binary files into text files. If the binary file consists of actual readable text, strings command displays those text on your screen. You can use the file command to find the type of a file in Linux.

Conclusion

Some Linux users use Vim to view the text file but I think that’s overkill. My favorite command to open a file in Linux is the less command. It leaves the screen clear and has several options that makes viewing text file a lot easier.

Since you now know ways to view files, maybe you would be interested in knowing how to edit text files in Linux. Cut and Paste are two such commands that you can use for editing text in Linux terminal. You may also read about creating files in Linux command line.

Источник

Linux command to check new files in file system

We have linux machine we would like to check what new files have been added between a certain date range.

I only have SSH access to this box and it’s openSUSE 11.1

Is there some sort of command that can give me a list of files that have been added to the filesystem between say 04/05/2011 and 05/05/2011

4 Answers 4

There are bunch of ways for doing that.

First one:

find /you/path -type f -name ‘*you*pattern*’ -newer start ! -newer end -exec ls -s <> \;

Second one: find files modified between 20 and 21 days ago:

find -ctime +20 -ctime -21

finds files modified between 2500 and 2800 minutes ago:

find -cmin +2500 -cmin -2800

Well, you could use find to get a list of all the files that were last-modified in a certain time window, but that isn’t quite what you want. I don’t think you can tell just from a file’s metadata when it came into existence.

Edit: To list the files along with their modification dates, you can pipe the output of find through xargs to run ls -l on all the files, which will show the modification time.

I misunderstood your question. Depending on what filesystem you are using, it may or may not store creation time.

My understanding is that ext2/3/4 do not store creation time, but modified, changed (status, which is slightly different), and access times are.

Fat32 on the other hand does contain creation timestamps IIRC.

If you are using an ext filesystem, you have two options it seems:

1.Settle for finding all of the files that were modified between two dates (which will include created files, but also files that were just edited). You could do this using find.

2.Create a script/cronjob that will document the contents of your filesystem at some interval, e.g.

and then run diffs to see what has been added. This, of course, would prevent you from looking backwards to time before you started making these logs.

Источник

How to check if a file is opened in Linux?

The thing is, I want to track if a user tries to open a file on a shared account. I’m looking for any record/technique that helps me know if the concerned file is opened, at run time.

I want to create a script which monitors if the file is open, and if it is, I want it to send an alert to a particular email address. The file I’m thinking of is a regular file.

I tried using lsof | grep filename for checking if a file is open in gedit, but the command doesn’t return anything.

Actually, I’m trying this for a pet project, and thus the question.

4 Answers 4

The command lsof -t filename shows the IDs of all processes that have the particular file opened. lsof -t filename | wc -w gives you the number of processes currently accessing the file.

The fact that a file has been read into an editor like gedit does not mean that the file is still open. The editor most likely opens the file, reads its contents and then closes the file. After you have edited the file you have the choice to overwrite the existing file or save as another file.

You could (in addition of other answers) use the Linux-specific inotify(7) facilities.

I am understanding that you want to track one (or a few) particular given file, with a fixed file path (actually a given i-node). E.g. you would want to track when /var/run/foobar is accessed or modified, and do something when that happens

In particular, you might want to install and use incrond(8) and configure it thru incrontab(5)

If you want to run a script when some given file (on a native local, e.g. Ext4, BTRS, . but not NFS file system) is accessed or modified, use inotify incrond is exactly done for that purpose.

PS. AFAIK, inotify don’t work well for remote network files, e.g. NFS filesystems (in particular when another NFS client machine is modifying a file).

If the files you are fond of are somehow source files, you might be interested by revision control systems (like git) or builder systems (like GNU make); in a certain way these tools are related to file modification.

You could also have the particular file system sits in some FUSE filesystem, and write your own FUSE daemon.

If you can restrict and modify the programs accessing the file, you might want to use advisory locking, e.g. flock(2), lockf(3).

Perhaps the data sitting in the file should be in some database (e.g. sqlite or a real DBMS like PostGreSQL ou MongoDB). ACID properties are important .

Notice that the filesystem and the mount options may matter a lot.

You might want to use the stat(1) command.

It is difficult to help more without understanding the real use case and the motivation. You should avoid some XY problem

Probably, the workflow is wrong (having a shared file between several users able to write it), and you should approach the overall issue in some other way. For a pet project I would at least recommend using some advisory lock, and access & modify the information only thru your own programs (perhaps setuid) using flock (this excludes ordinary editors like gedit or commands like cat . ). However, your implicit use case seems to be well suited for a DBMS approach (a database does not have to contain a lot of data, it might be tiny), or some index locked file like GDBM library is handling.

Remember that on POSIX systems and Linux, several processes can access (and even modify) the same file simultaneously (unless you use some locking or synchronization).

Reading the Advanced Linux Programming book (freely available) would give you a broader picture (but it does not mention inotify which appeared aften the book was written).

Источник

How to Check Open Files in Linux

You may have come across the saying, “Everything is a file in Linux.” Although this is not entirely true, it does hold a set of truths to it.

In Linux and Unix-like systems, everything is like a file. That means the resources in the Unix system get assigned a file descriptor, including storage devices, network sockets, processes, etc.

A file descriptor is a unique number that identifies a file and other input/output devices. It describes resources and how the kernel accesses them. Think of it as a gateway to the Kernel abstraction hardware resources.

Unfortunately, the concept of file descriptors is beyond the scope of this tutorial; consider the link provided below to get started on learning more:

That means that Unix and Unix-like systems such as Linux use such files heavily. As a Linux power user, seeing the open files and the process and users using them is incredibly useful.

This tutorial will focus on ways to view the files open and which process or user is responsible.

Pre-Requisites

Before we begin, ensure that you have:

• A Linux system
• User with root or sudo privileges

If you have these, let us get started:

LSOF Utility

Created by Victor A Abell, List open files, or lsof for short, is a command-line utility that allows us to view the open files and the processes or users who opened them.

The lsof utility is available in major Linux distributions; however, you may find it not installed and thus may need to install manually.

How to Install lsof on Debian/Ubuntu

To install it on Debian, use the command:

sudo apt-get update

sudo apt-get install lsof -y

How to Install on REHL/CentOS

To install on REHL and CentOS, use the command:

sudo dnf update

sudo dnf install lsof

How to Install on Arch

On Arch, call the package manager using the command:

sudo pacman -S lsof

How to Install on Fedora

On Fedora, use the command:

Once you have the lsof utility installed and updated, we can begin using it.

Basic lsof Usage

To use the lsof tool, enter the command:

Once you execute the above command, lsof will dump a lot of information as shown below:

The above output shows all the files opened by the processes. The output has various columns, each representing specific information about the file.

• The COMMAND column – shows the name of the process that is using the file.
• PID – shows the Process Identifier of the process using the file.
• The TID – Shows the task ID (threads) of the process.
• TASKCMD – Represent the name of the task command.
• USER – The owner of the process.
• FD – Shows the file descriptor number. This is how processes use the file; the options available in this column output include:
• cwd – current working directory.
• mem – memory-mapped file
• pd – parent directory
• jld – jail directory
• ltx – shared library text
• rtd – root directory.
• txt – program code and data
• tr – kernel trace file.
• err – File descriptor information error
• mmp – Memory-mapped device.
• TYPE – Shows the type of node associated with the file, such as:
• Unix – for Unix domain socket.
• DIR – represents the directory
• REG – representing the regular file
• CHR – represents the special character file.
• LINK – symbolic link file
• BLK – Block special file
• INET – Internet domain socket
• FIFO – a named pipe (First In First Out file)
• PIPE – for pipes

• DEVICES – Shows the device numbers separated by commas in the order of special character file, block special, regular, directory, and NFS file.
• SIZE/OFF – shows the size of the file pr file offset in bytes.
• NODE – shows the node number of the local file, type for internet protocol type, etc.
• NAME – shows the name of the mount point and fs on which the file is located.

Note: Please Refer to the lsof Manual for detailed information on the columns.

How to Show Processes that Opened a File

Lsof provides us with options that help us filter the output to show only the processes that opened a specific file.

For example, to see the file that opened the file /bin/bash, use the command as:

This will give you an output as shown below:

COMMAND PID USER FD TYPE DEVICE SIZE / OFF NODE NAME

ksmtuned 1025 root txt REG 253 , 0 1150704 428303 / usr / bin / bash

bash 2968 centos txt REG 253 , 0 1150704 428303 / usr / bin / bash

bash 3075 centos txt REG 253 , 0 1150704 428303 / usr / bin / bash

How Show files Opened by a Specific User

We can also filter the output to show the files opened by a specific user. We do this by using the -u flag followed by the username as:

This will give you an output as shown below:

How to Show Files Opened by a Specific Process

Suppose we want to view all the files opened by a specific process? For this, we can use the PID of the process to filter the output.

For example, the below command shows the files opened by bash.

This will give you only the files opened by systemd as shown:

How to Show Files Opened in a Directory

To get the files opened in a specific directory, we can pass the +D option followed by the directory path.

For example, list open files in the /etc directory.

Below is the output for this:

How to Show Network Connection

Since everything in Linux is a file, we can get the network files such as TCP files or connections.

We can use the command:

This will give you the TCP connections in the system.

You can also filter by the specific port using the command shown below:

This will give you the output as shown below:

How to Continuously Show Files

Lsof provides us with a mode to loop the output every few seconds. This allows you to monitor the files opened by a process or user continuously.

This option, however, requires you to terminate the process manually.

For example, the command below continuously monitors the files opened on port 22:

As you can see, in the third loop, lsof catches the established connection to the server on SSH.

Conclusion

Lsof is an incredibly useful utility. It allows you to monitor for critical files as well as monitor users and processes opening files. This can be incredibly useful when troubleshooting or looking for malicious attempts to the system.

As shown in this tutorial, using various examples and methods, you can combine the functionality provided by the lsof tool for custom monitoring.

Thank you for reading and sharing! I hope you learned something new!

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list

Источник