How to find out who is using a file in Linux
4 mins read

How to find out who is using a file in Linux

0

Description

We can use the lsof command to know if someone is using a file, and if they are, who.

It reads kernel memory in its search for open files and helps you list all open files.

In this case, an open file may be a regular file, a directory, a block special file, a character special file, a stream, a network file and many others – because in Linux everything is a file.

Lsof is used on a file system to identify who is using any files on that file system.

You can run lsof command on Linux filesystem and the output identifies the owner and process information for processes using the file as shown in the following output. 

$ lsof /dev/null

List of All Opened Files in Linux 

COMMAND    PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd   1480 jaipur    0r   CHR    1,3      0t0    6 /dev/null
sh        1501 jaipur    0r   CHR    1,3      0t0    6 /dev/null
sh        1501 jaipur    1w   CHR    1,3      0t0    6 /dev/null
dbus-daem 1530 jaipur    0u   CHR    1,3      0t0    6 /dev/null
xfce4-ses 1603 jaipur    0r   CHR    1,3      0t0    6 /dev/null
xfce4-ses 1603 jaipur    1w   CHR    1,3      0t0    6 /dev/null
at-spi-bu 1604 jaipur    0r   CHR    1,3      0t0    6 /dev/null
dbus-daem 1609 jaipur    0u   CHR    1,3      0t0    6 /dev/null
at-spi2-r 1611 jaipur    0u   CHR    1,3      0t0    6 /dev/null
xfconfd   1615 jaipur    0u   CHR    1,3      0t0    6 /dev/null
xfwm4     1624 jaipur    0r   CHR    1,3      0t0    6 /dev/null
xfwm4     1624 jaipur    1w   CHR    1,3      0t0    6 /dev/null
xfce4-pan 1628 jaipur    0r   CHR    1,3      0t0    6 /dev/null
xfce4-pan 1628 jaipur    1w   CHR    1,3      0t0    6 /dev/null
Thunar    1630 jaipur    0r   CHR    1,3      0t0    6 /dev/null
Thunar    1630 jaipur    1w   CHR    1,3      0t0    6 /dev/null
xfdesktop 1632 jaipur    0r   CHR    1,3      0t0    6 /dev/null
xfdesktop 1632 jaipur    1w   CHR    1,3      0t0    6 /dev/null
....

To list user specific opened files, run the following command replace jaipur with the actual user name. 

$ lsof -u jaipur

List of Files Opened by User 

COMMAND    PID    USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
systemd   1480 jaipur  cwd       DIR                8,3      4096          2 /
systemd   1480 jaipur  rtd       DIR                8,3      4096          2 /
systemd   1480 jaipur  txt       REG                8,3   1595792    3147496 /lib/systemd/systemd
systemd   1480 jaipur  mem       REG                8,3   1700792    3150525 /lib/x86_64-linux-gnu/libm-2.27.so
systemd   1480 jaipur  mem       REG                8,3    121016    3146329 /lib/x86_64-linux-gnu/libudev.so.1.6.9
systemd   1480 jaipur  mem       REG                8,3     84032    3150503 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0
systemd   1480 jaipur  mem       REG                8,3     43304    3150514 /lib/x86_64-linux-gnu/libjson-c.so.3.0.1
systemd   1480 jaipur  mem       REG                8,3     34872    2497970 /usr/lib/x86_64-linux-gnu/libargon2.so.0
systemd   1480 jaipur  mem       REG                8,3    432640    3150484 /lib/x86_64-linux-gnu/libdevmapper.so.1.02.1
systemd   1480 jaipur  mem       REG                8,3     18680    3150450 /lib/x86_64-linux-gnu/libattr.so.1.1.0
systemd   1480 jaipur  mem       REG                8,3     18712    3150465 /lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
systemd   1480 jaipur  mem       REG                8,3     27112    3150489 /lib/x86_64-linux-gnu/libuuid.so.1.3.0
systemd   1480 jaipur  mem       REG                8,3     14560    3150485 /lib/x86_64-linux-gnu/libdl-2.27.so
...

Another important use of lsof is to find out the process listening on a specific port.

For example identify the process listening on port 80 using the following command. 

$ sudo lsof -i TCP:80

Find Out Process Listening Port 

COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd    903   root    4u  IPv6  20222      0t0  TCP *:http (LISTEN)
httpd   1320 apache    4u  IPv6  20222      0t0  TCP *:http (LISTEN)
httpd   1481 apache    4u  IPv6  20222      0t0  TCP *:http (LISTEN)
httpd   1482 apache    4u  IPv6  20222      0t0  TCP *:http (LISTEN)
httpd   1493 apache    4u  IPv6  20222      0t0  TCP *:http (LISTEN)
httpd   1763 apache    4u  IPv6  20222      0t0  TCP *:http (LISTEN)
httpd   2027 apache    4u  IPv6  20222      0t0  TCP *:http (LISTEN)
httpd   2029 apache    4u  IPv6  20222      0t0  TCP *:http (LISTEN)
httpd   2044 apache    4u  IPv6  20222      0t0  TCP *:http (LISTEN)
httpd   3199 apache    4u  IPv6  20222      0t0  TCP *:http (LISTEN)
httpd   3201 apache    4u  IPv6  20222      0t0  TCP *:http (LISTEN)

Note: Since lsof reads kernel memory in its search for open files, rapid changes in kernel memory may result into unpredictable outputs. This is one of the major downsides of using lsof command.

For more information, look at the lsof man page:

$ man lsof

We have explained how to know who is using a particular file in Linux.

We have shown how to identify the owner and process information for processes using an open file.

We hope you’ve found this useful!

Leave a Reply

Your email address will not be published. Required fields are marked *

Website http://jaipurhosting.com/blog/

Related Posts