The lsof command in Unix-based operating systems stands for “List Open Files.” As the name suggests, it is used to list all open files and the processes that opened them. It provides valuable insights into which files are being accessed by which programs, making it an essential tool for system administrators, developers, and anyone interested in monitoring system resources and troubleshooting.
In Unix and Linux systems, everything is considered a file — not just text files, but also directories, devices, sockets, and even pipes. The lsof command is a powerful tool for displaying information about these files and the processes that are interacting with them.
Key Features of lsof
The lsof command stands for “List Open Files” in Linux and Unix-like operating systems. It is a powerful utility used by system administrators and developers to display information about files that are currently open by running processes. As everything in Linux is considered a file—whether it’s a regular file, a directory, a device, or a network connection—the lsof command provides an essential tool for troubleshooting, performance monitoring, and security auditing.
- Displays Open Files: It lists files opened by processes, which could include regular files, directories, libraries, network connections, and more.
- Process Details: It provides detailed information about the processes that opened the files, such as process IDs (PIDs), user IDs (UIDs), and file descriptors.
- Resource Management: By identifying which processes are holding onto resources like ports or files, lsof can assist in identifying resource hogs or unwanted processes.
- Security: It can help in identifying potential security issues, such as unauthorized processes accessing files or network ports.
Basic Syntax
The basic syntax of the lsof command is:
lsof [options] [file]- options: Various flags that allow customization of the output (discussed below).
- file: Specifies a file or directory for filtering open files related to it.
Examples of lsof Command Usage
1.List all the processes which are using specific tcp & udp port
lsof -i TCP:8000
lsof -i UDP:8000
# range of ports
lsof -i TCP:1-10242. Listing open files for a specific user:
lsof -u <user>
# List all files which are opened by everyone except a specific user:
lsof -u ^<user>3. Find processes running on specific port
lsof -i :<port>
#Range of ports
lsof -i :<portStart-portEnd>
# example
# If you want to check which processes are using a specific port (e.g., port 80),
lsof -i :80
lsof -i :1-80004. Viewing files opened by a specific process
To list all open files by a process with a specific PID (e.g., 1234), use:
lsof -p <pid>
# eveything except specific pid
lsof -p ^<pid>
5. Listing open files by a specific command
lsof -c <command/app name>
# example
lsof -c brave6. Finding files opened in a directory
lsof +D <dirpath>
# example
lsof +D /home/bt/8. Listing network connections: To find all open network connections, you can use:
lsof -i
### Ipv4 and Ipv6 variants
sudo lsof -i 4
sudo lsof -i 69. Lists IDs of processes that have accessed a particular file.
lsof -t <file-name> 10. lists all open files related to the specific directory
sudo lsof /proc
# list Multiple dir
sudo lsof / sys/
#lists all the open files associated with the terminal devices
sudo lsof /dev/tty*11. kill all processes of specific user
kill -9 $(lsof -t -u lilly)
# $(lsof -t -u lilly) gives you the PIDs of all processes owned by and uses it as input for the kill command.12 . List all network connections of a user
This command will show all open network connections (TCP, UDP, etc.) that are used by processes owned by the user [username]. The information includes details like the process ID (PID), the command that’s using the connection, the protocol (TCP/UDP), the local and remote IP addresses, and the port numbers
sudo lsof -i -u <username> -a
#The -a option is a logical AND that combines the conditions. It ensures that both the conditions specified by the options are met at the same time.
#This means that only processes that are owned by the user [username] and are related to network connections will be shown.
sudo lsof -i -u <username>Use Cases for lsof
- Troubleshooting File Locks: If a file is locked and cannot be accessed, you can use lsof to identify which process has locked it. Once identified, you can investigate or terminate the process holding the lock.
- Identifying Resource Leaks: By monitoring open files over time, you can detect memory or file descriptor leaks in your application. Processes that hold files open unnecessarily can be identified, which can lead to optimization.
- Network Analysis: By using lsof -i, you can analyze which processes are listening on network ports or are actively connected to other machines. This is useful for debugging network issues or securing your server.
- Security Auditing: lsof can be used to ensure that no unauthorized processes are accessing sensitive files or using privileged network ports.
- Process Management: For system administrators, lsof helps in managing processes, especially in situations where files need to be deleted or modified but are currently in use.
Conclusion
The lsof command is an indispensable tool for anyone managing Linux or Unix-based systems. Whether you are a system administrator monitoring file usage or a developer debugging application behavior, lsof provides invaluable insights into the processes interacting with system resources. By mastering its various options, you can streamline system administration, enhance security, and optimize performance across your systems.
