- How to Find Out Who is Using a File in Linux
- If You Appreciate What We Do Here On TecMint, You Should Consider:
- Find Which Linux Process is Using Your Files or Ports
- Use Fuser to Find Which Processes are Using a Filesystem
- Using LSOF (List Open Files)
- Find and Killing Processes Using Fuser
- Use Fuser to Find Which Processes / Daemons are Listening on a Port
- Kill Whatever Process is Listening on a Port
- Specifying the Signal Fuser Will Use as it Kills a Process
- Other Resources
- Linux / UNIX List Open Files for Process
- UNIX List Open Files For Process
- FreeBSD list open files per process
- Linux List Open Files For Process
- Using lsof to display the processes using the most file handles
- Conclusion
- Linux Find Out Which Process Is Listening Upon a Port
- Linux Find Out Which Process Is Listening Upon a Port
- Linux netstat command find out which process is listing upon a port
- A note about ss command
- Video demo
- fuser command
- Find Out Current Working Directory Of a Process
- Find Out Owner Of a Process on Linux
- lsof Command Example
- Help: I Discover an Open Port Which I Don’t Recognize At All
- Check For rootkit
- Keep an Eye On Your Bandwidth Graphs
- Conlcusion
How to Find Out Who is Using a File in Linux
In this article, we will explain how to find out who is using a particular file in Linux. This will help you know the system user or process that is using an open file.
We can use the lsof command to know if someone is using a file, and if they are, who. It reads kernel memory in its search for open files and helps you list all open files. In this case, an open file may be a regular file, a directory, a block special file, a character special file, a stream, a network file and many others – because in Linux everything is a file.
Lsof is used on a file system to identify who is using any files on that file system. You can run lsof command on Linux filesystem and the output identifies the owner and process information for processes using the file as shown in the following output.
To list user specific opened files, run the following command replace tecmint with the actual user name.
Another important use of lsof is to find out the process listening on a specific port. For example identify the process listening on port 80 using the following command.
Note: Since lsof reads kernel memory in its search for open files, rapid changes in kernel memory may result into unpredictable outputs. This is one of the major downsides of using lsof command.
For more information, look at the lsof man page:
That’s all! In this article, we have explained how to know who is using a particular file in Linux. We have shown how to identify the owner and process information for processes using an open file. Use the feedback form below to reach us for any questions or comments.
If You Appreciate What We Do Here On TecMint, You Should Consider:
TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.
If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.
We are thankful for your never ending support.
Источник
Find Which Linux Process is Using Your Files or Ports
Find Which Linux Process is Using Your Files or Ports
If you have ever tried to unmount a filesystem, USB stick, cdrom, etc… but found that it was busy and therefore could not be unmounted, you will like the fuser command. Fuser’s man page tells us that fuser will “Show which processes use the named files, sockets, or filesystems.” But you can do more than that! You can also use fuser to send signals to your processes telling them to shutdown, terminate, pause, etc…
Use Fuser to Find Which Processes are Using a Filesystem
One of the things that used to annoy me the most was when I would try to unmount a filesystem and I would find that a process was using it and I would get the “device is busy” message.
Now, when I get that message, I simply use fuser to find which processes are using files in that filesystem.
Example: Show linux processes using /myfilesystem
As we look at the output from the fuser command above, we see that both the root user and the mary user have processes in the filesystem. We can review the columns and get lots of information. The USER, PID, and COMMAND columns are similar to the columns from the ps command and are self-explanatory. The USER column tells us the user id for the process. The PID column tells us the process id of that process. The COMMAND column tells us the command the process is running as well as the userid again in parenthesis. The ACCESS column tells us how the process is using the file. The ACCESS column may include he following letters referencing these access types:
| ACCESS Column Code | Code’s Definition |
|---|---|
| F | file is open for writing. |
| f,o | The process has an open file. |
| r | The process’ root or home directory is on this filesystem (chroot). |
| c | The process’ current directory is on this filesystem. |
| e,t | The process is executing a file. |
| m,s | The process has a mapped file or is using a shared library. |
Using LSOF (List Open Files)
We can also use the “lsof” (list open files) command to show a similar report.
Example: Using lsof to find processes using a specified filesystem.
Find and Killing Processes Using Fuser
For the more confident system administrators, fuser has a kill option (-k) that can be used to kill whatever processes are found using a file or filesystem.
Example: Find whatever processes are using the /myfilesystem and shut them down!
Interestingly, in the above example, we found that our very process was using the /myfilesystem filesystem. We ran the fuser command with the kill option (-k) telling it to kill the processes. As ours was amongst them, it killed our process.
Use Fuser to Find Which Processes / Daemons are Listening on a Port
Fuser has additional uses. Sometimes, we want to find out what process and userid are utilizing a port on our system. We can specify the IP version with -v4 for IPv4 or -v6 for IPv6.
Example: Find out what process is handling our http traffic on port 80
We were able to find out that varnishd is handling our http traffic on port 80/tcp.
Kill Whatever Process is Listening on a Port
Let’s imagine that you need to shutdown whatever is running on port 8001/tcp for some reason. Perhaps, you have a process that normally runs on that port, but something else has taken it while you have been performing some maintenance. We can use fuser to find and kill the process in one command by using the fuser command with the -k option.
Example: Find and kill whatever process is listening on port 8001/tcp
Specifying the Signal Fuser Will Use as it Kills a Process
You can change the signal used when killing a process using fuser by simply listing it as an option to your fuser command. You can list the available signals using “fuser -l”.
and then use withever signal you want it to use:
Other Resources
Fuser is a powerful tool that can help you find which linux process is using your files or ports. Here are a few other resources that can give you additional information on fuser.
Источник
Linux / UNIX List Open Files for Process
H ow do I list all open files for a Linux or UNIX process using command line options? How can I show open files per process under Linux?
Both Linux and Unix-like operating systems come with various utilities to find out open files associated with the process.
| Tutorial details | |
|---|---|
| Difficulty level | Easy |
| Root privileges | Yes |
| Requirements | None |
| Est. reading time | 3 minutes |
UNIX List Open Files For Process
First use the ps command command to get PID of process, enter:
$ ps -aef | grep
Next pass this PID to pfiles command under Solaris Unix:
$ pfiles
$ pfiles 3533
See pfiles command documentation> for more information or type the following man command:
% man pfiles
FreeBSD list open files per process
On FreeBSD use the fstat command along with the ps command:
# ps aux | grep -i openvpn # filter outputs using the grep command #
# fstat -p
# fstat -p 1219
We can count open files count for openvpn process as follows using the wc command:
# fstat -p 1219 | grep -v ^USER | wc -l
The -p option passed to the fstat to report all files open by the specified process.
FreeBSD pstat command in action
Linux List Open Files For Process
First you need to find out PID of process. Simply use any one of the following command to obtain process id:
# ps aux | grep
$ ps -C
For example, find out PID of firefox web-browser, enter:
$ ps -C firefox -o pid=
Output:
To list opne files for firefox process, enter:
$ ls -l /proc/7857/fd
Sample output:
- No ads and tracking
- In-depth guides for developers and sysadmins at Opensourceflare✨
- Join my Patreon to support independent content creators and start reading latest guides:
- How to set up Redis sentinel cluster on Ubuntu or Debian Linux
- How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
- How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
- A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
- How to protect Linux against rogue USB devices using USBGuard
Join Patreon ➔
For privileged process use the sudo command and to count open files use the wc command on Linux as follows:
# Get process pid
sudo ps -C Xorg -o pid
sudo ls -l /proc/$
# Say pid is 9497 for Xorg, then
sudo ls -l /proc/9497/fd | wc -l
We can use bash for loop as follows too:
Listing Open Files on Linux
Using lsof to display the processes using the most file handles
The lsof command list open files under all Linux distributions or UNIX-like operating system. Type the following command to list open file for process ID 351:
$ lsof -p 351
In this example display and count all open files for top 10 processes on Linux operating systems or server:
# lsof | awk ‘
## force numeric sort by passing the ‘-n’ option to the sort ##
# lsof | awk ‘
- lsof – Run the lsof to display all open files and send output to the awk
- awk ‘
‘ – Display first field i.e. process name only - uniq -c – Omit duplicate lines while prefix lines by the number of occurrences
- sort -r – Reverse sort
- head – Display top 10 process along with open files count
Conclusion
Now you know how to find open files per process on Linux, FreeBSD, and Unix-like systems using various command-line options. See how to increase the system-wide/user-wide number of available (open) file handles on Linux for more information.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via
Источник
Linux Find Out Which Process Is Listening Upon a Port
Linux Find Out Which Process Is Listening Upon a Port
You can the following programs to find out about port numbers and its associated process:
- netstat command or ss command – a command-line tool that displays network connections, routing tables, and a number of network interface statistics.
- fuser command – a command line tool to identify processes using files or sockets.
- lsof command – a command line tool to list open files under Linux / UNIX to report a list of all open files and the processes that opened them.
- /proc/$pid/ file system – Under Linux /proc includes a directory for each running process (including kernel processes) at /proc/PID, containing information about that process, notably including the processes name that opened port.
You must run above command(s) as the root user.
Linux netstat command find out which process is listing upon a port
Type the following command:
# netstat -tulpn
Sample outputs:
TCP port 3306 was opened by mysqld process having PID # 1138. You can verify this using /proc, enter:
# ls -l /proc/1138/exe
Sample outputs:
You can use grep command or egrep command to filter out information:
# netstat -tulpn | grep :80
Sample outputs:
A note about ss command
Some Linux distro considered the nestat command as deprecated and therefore should be phased out in favor of more modern replacements such as ss command. The syntax is:
$ sudo ss -tulpn
$ sudo ss -tulpn | grep :3306
Click to enlarge image
Video demo
fuser command
Find out the processes PID that opened tcp port 7000, enter:
# fuser 7000/tcp
Sample outputs:
Finally, find out process name associated with PID # 3813, enter:
# ls -l /proc/3813/exe
Sample outputs:
/usr/bin/transmission is a bittorrent client, enter:
# man transmission
OR
# whatis transmission
Sample outputs:
Find Out Current Working Directory Of a Process
To find out current working directory of a process called bittorrent or pid 3813, enter:
# ls -l /proc/3813/cwd
Sample outputs:
OR use pwdx command, enter:
# pwdx 3813
Sample outputs:
- No ads and tracking
- In-depth guides for developers and sysadmins at Opensourceflare✨
- Join my Patreon to support independent content creators and start reading latest guides:
- How to set up Redis sentinel cluster on Ubuntu or Debian Linux
- How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
- How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
- A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
- How to protect Linux against rogue USB devices using USBGuard
Join Patreon ➔
Find Out Owner Of a Process on Linux
Use the following command to find out the owner of a process PID called 3813:
# ps aux | grep 3813
OR
# ps aux | grep ‘[3]813’
Sample outputs:
OR try the following ps command:
# ps -eo pid,user,group,args,etime,lstart | grep ‘[3]813’
Sample outputs:
Another option is /proc/$PID/environ, enter:
# cat /proc/3813/environ
OR
# grep —color -w -a USER /proc/3813/environ
Sample outputs (note –colour option):
Fig.01: grep output
lsof Command Example
Type the command as follows:
Now, you get more information about pid # 1607 or 1616 and so on:
# ps aux | grep ‘[1]616’
Sample outputs:
www-data 1616 0.0 0.0 35816 3880 ? S 10:20 0:00 /usr/sbin/apache2 -k start
I recommend the following command to grab info about pid # 1616:
# ps -eo pid,user,group,args,etime,lstart | grep ‘[1]616’
Sample outputs:
- 1616 : PID
- www-date : User name (owner – EUID)
- www-date : Group name (group – EGID)
- /usr/sbin/apache2 -k start : The command name and its args
- 03:16:22 : Elapsed time since the process was started, in the form [[dd-]hh:]mm:ss.
- Fri Oct 29 10:20:17 2010 : Time the command started.
Help: I Discover an Open Port Which I Don’t Recognize At All
The file /etc/services is used to map port numbers and protocols to service names. Try matching port numbers:
$ grep port /etc/services
$ grep 443 /etc/services
Sample outputs:
Check For rootkit
I strongly recommend that you find out which processes are really running, especially servers connected to the high speed Internet access. You can look for rootkit which is a program designed to take fundamental control (in Linux / UNIX terms “root” access, in Windows terms “Administrator” access) of a computer system, without authorization by the system’s owners and legitimate managers. See how to detecting / checking rootkits under Linux.
Keep an Eye On Your Bandwidth Graphs
Usually, rooted servers are used to send a large number of spam or malware or DoS style attacks on other computers.
Conlcusion
You learned various Linux commands to find information about running process and their ports. See the following man pages for more information:
$ man ps
$ man grep
$ man lsof
$ man netstat
$ man fuser
🐧 Get the latest tutorials on Linux, Open Source & DevOps via
Источник
