0
点赞
收藏
分享

微信扫一扫

使用lsof命令查看被占用打开的文件

陆公子521 2024-10-07 阅读 6
Linux运维

查看一个文件正在被哪个进程使用

[root@sre01 ~]# lsof /var/log/messages
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF     NODE NAME
abrt-watc  954 root    4r   REG  253,0     7591 34736172 /var/log/messages
rsyslogd  1511 root    7w   REG  253,0     7591 34736172 /var/log/messages

查看一个终端启动了哪些进程

[root@sre01 ~]# lsof /dev/pts/0
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
bash    20321 root    0u   CHR  136,0      0t0    3 /dev/pts/0
bash    20321 root    1u   CHR  136,0      0t0    3 /dev/pts/0
bash    20321 root    2u   CHR  136,0      0t0    3 /dev/pts/0
bash    20321 root  255u   CHR  136,0      0t0    3 /dev/pts/0
lsof    20376 root    0u   CHR  136,0      0t0    3 /dev/pts/0
lsof    20376 root    1u   CHR  136,0      0t0    3 /dev/pts/0
lsof    20376 root    2u   CHR  136,0      0t0    3 /dev/pts/0

-p查看指定PID的进程打开的文件

[root@sre01 ~]# lsof -p 951
COMMAND  PID USER   FD      TYPE             DEVICE  SIZE/OFF      NODE NAME
vmtoolsd 951 root  cwd       DIR              253,0       265        64 /
vmtoolsd 951 root  rtd       DIR              253,0       265        64 /
vmtoolsd 951 root  txt       REG              253,0     61368 101591511 /usr/bin/vmtoolsd
vmtoolsd 951 root  mem       REG              253,0     36712 102733708 /usr/lib64/open-vm-tools/plugins/vmsvc/libvmbackup.so

-c查看指定进程打开的文件

[root@sre01 ~]# lsof -c crond
COMMAND  PID USER   FD      TYPE             DEVICE  SIZE/OFF      NODE NAME
crond   1518 root  cwd       DIR              253,0       265        64 /
crond   1518 root  rtd       DIR              253,0       265        64 /
crond   1518 root  txt       REG              253,0     70128     17974 /usr/sbin/crond
crond   1518 root  mem       REG              253,0     61560     65582 /usr/lib64/libnss_files-2.17.so
crond   1518 root  mem       REG              253,0 106176928 100887827 /usr/lib/locale/locale-archive
crond   1518 root  mem       REG              253,0    142144     66944 /usr/lib64/libpthread-2.17.so
crond   1518 root  mem       REG              253,0     23968     97275 /usr/lib64/libcap-ng.so.0.0.0
crond   1518 root  mem       REG              253,0    402384     78299 /usr/lib64/libpcre.so.1.2.0
crond   1518 root  mem       REG              253,0   2156592     65564 /usr/lib64/libc-2.17.so
crond   1518 root  mem       REG              253,0    127184     97279 /usr/lib64/libaudit.so.1.0.0
crond   1518 root  mem       REG              253,0     19248     65570 /usr/lib64/libdl-2.17.so
crond   1518 root  mem       REG              253,0     61680     15223 /usr/lib64/libpam.so.0.83.1
crond   1518 root  mem       REG              253,0    155744     66967 /usr/lib64/libselinux.so.1
crond   1518 root  mem       REG              253,0    163312     65557 /usr/lib64/ld-2.17.so
crond   1518 root    0r      CHR                1,3       0t0      6513 /dev/null

-u查看指定用户打开的文件

[root@sre01 ~]# lsof -u root
COMMAND     PID USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
systemd       1 root  cwd       DIR              253,0       265         64 /
systemd       1 root  rtd       DIR              253,0       265         64 /
systemd       1 root  txt       REG              253,0   1632960   33622659 /usr/lib/systemd/systemd
systemd       1 root  mem       REG              253,0     20064      78255 /usr/lib64/libuuid.so.1.3.0
systemd       1 root  mem       REG              253,0    265576      15240 /usr/lib64/libblkid.so.1.1.
0
systemd       1 root  mem       REG              253,0     90160      78241 /usr/lib64/libz.so.1.2.7
systemd       1 root  mem       REG              253,0    157440      78243 /usr/lib64/liblzma.so.5.2.2
systemd       1 root  mem       REG              253,0     23968      97275 /usr/lib64/libcap-ng.so.0.0
.0
systemd       1 root  mem       REG              253,0     19896      97243 /usr/lib64/libattr.so.1.1.0
systemd       1 root  mem       REG              253,0     19248      65570 /usr/lib64/libdl-2.17.so
systemd       1 root  mem       REG              253,0    402384      78299 /usr/lib64/libpcre.so.1.2.0
systemd       1 root  mem       REG              253,0   2156592      65564 /usr/lib64/libc-2.17.so
systemd       1 root  mem       REG              253,0    142144      66944 /usr/lib64/libpthread-2.17.
so

-i查看指定ip或端口打开的文件

[root@sre01 ~]# lsof -i -n
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd     1508 root    3u  IPv4  23720      0t0  TCP *:ssh (LISTEN)
sshd     1508 root    4u  IPv6  23838      0t0  TCP *:ssh (LISTEN)
master   1689 root   13u  IPv4  24764      0t0  TCP 127.0.0.1:smtp (LISTEN)
master   1689 root   14u  IPv6  24765      0t0  TCP [::1]:smtp (LISTEN)
sshd    20317 root    3u  IPv4 180689      0t0  TCP 172.16.0.50:ssh->172.16.0.1:63751 (ESTABLISHED)

[root@sre01 ~]# lsof -i@127.0.0.1
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
master  1689 root   13u  IPv4  24764      0t0  TCP localhost:smtp (LISTEN)

[root@sre01 ~]# lsof -i:22 -n
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd     1508 root    3u  IPv4  23720      0t0  TCP *:ssh (LISTEN)
sshd     1508 root    4u  IPv6  23838      0t0  TCP *:ssh (LISTEN)
sshd    20317 root    3u  IPv4 180689      0t0  TCP 172.16.0.50:ssh->172.16.0.1:63751 (ESTABLISHED)

查看指定进程打开的网络连接

[root@sre01 ~]# lsof -i -n -a -p 20317
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd    20317 root    3u  IPv4 180689      0t0  TCP 172.16.0.50:ssh->172.16.0.1:63751 (ESTABLISHED)

查看制定状态的连接

[root@sre01 ~]# lsof -n -P -i TCP -s TCP:ESTABLISHED
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd    20317 root    3u  IPv4 180689      0t0  TCP 172.16.0.50:22->172.16.0.1:63751 (ESTABLISHED)
[root@sre01 ~]# 

-n:no host names, -P:no port names,-i TCP指定协议,-s指定协议状态通过多个参数可以清晰的查看网络连接情况、协议连接情况等














举报

相关推荐

0 条评论