我的书签
添加书签
移除书签Lsof 命令
lsof, ls open files.
列举当前打开的文件, 文件也包括网络连接(socket 文件),设备文件, 以及目录文件.
lsof的输出包括了如下几列:
➤ lsof | headCOMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsystemd 1 root cwd unknown /proc/1/cwd (readlink: Permission denied)systemd 1 root rtd unknown /proc/1/root (readlink: Permission denied)systemd 1 root txt unknown /proc/1/exe (readlink: Permission denied)systemd 1 root NOFD /proc/1/fd (opendir: Permission denied)kthreadd 2 root cwd unknown /proc/2/cwd (readlink: Permission denied)kthreadd 2 root rtd unknown /proc/2/root (readlink: Permission denied)kthreadd 2 root txt unknown /proc/2/exe (readlink: Permission denied)kthreadd 2 root NOFD /proc/2/fd (opendir: Permission denied)ksoftirqd 3 root cwd unknown /proc/3/cwd (readlink: Permission denied)
说一下这几列都代表了什么:
COMMAND进程的命令PID进程IDUSER用户名FD文件描述符TYPE文件类型DEVICE设备编号SIZE文件大小NODE节点编号NAME文件的绝对路径名
显示系统打开的所有文件
➤ lsof | less
只是显示出来并没有太大的作用, 但是统计的话, 就另当别论了:
➤ lsof | wc -l73610
可以看到我一共打开了73610个文件.
查看特定用户打开的文件
-u参数:
# lsof –u rameshvi 7190 ramesh 475196 /bin/vi txt REG 8,1 474608sshd 7163 ramesh 3u IPv6 15088263 TCP dev-db:ssh->abc-12-12-12-12.socal.res.rr.com:2631 (ESTABLISHED)
查看特定程序打开的文件
lsof progream_name:
➤ lsof /usr/bin/viCOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEvi 12760 mr txt REG 252,1 2837384 1051186 /usr/bin/vim.gnome
其实还有一些好玩的, 还有参数介绍什么的, 我博客里有写.(没网啊, 不能贴具体的链接… 麻烦各位看官自己找找去… 里面还有个类似的软件 [fuser], 很是强大 http://wrfly.kfd.me )
