Identify the Files Opened a Particular Process on Linux

How find out which process is using a file in Linux?

You can use the fuser command, like:

fuser file_name

You will receive a list of processes using the file.

You can use different flags with it, in order to receive a more detailed output.

You can find more info in the fuser's Wikipedia article, or in the man pages.

Counting open files per process

Have a look at the /proc/ file system:

ls /proc/$pid/fd/ | wc -l

To do this for all processes, use this:

cd /proc
for pid in [0-9]*
do
    echo "PID = $pid with $(ls /proc/$pid/fd/ | wc -l) file descriptors"
done

As a one-liner (filter by appending | grep -v "0 FDs"):

for pid in /proc/[0-9]*; do printf "PID %6d has %4d FDs\n" $(basename $pid) $(ls $pid/fd | wc -l); done

As a one-liner including the command name, sorted by file descriptor count in descending order (limit the results by appending | head -10):

for pid in /proc/[0-9]*; do p=$(basename $pid); printf "%4d FDs for PID %6d; command=%s\n" $(ls $pid/fd | wc -l) $p "$(ps -p $p -o comm=)"; done | sort -nr

Credit to @Boban for this addendum:

You can pipe the output of the script above into the following script to see the ten processes (and their names) which have the most file descriptors open:

  ...
done | sort -rn -k5 | head | while read -r _ _ pid _ fdcount _
do
  command=$(ps -o cmd -p "$pid" -hc)
  printf "pid = %5d with %4d fds: %s\n" "$pid" "$fdcount" "$command"
done

Here's another approach to list the top-ten processes with the most open fds, probably less readable, so I don't put it in front:

find /proc -maxdepth 1 -type d -name '[0-9]*' \
     -exec bash -c "ls {}/fd/ | wc -l | tr '\n' ' '" \; \
     -printf "fds (PID = %P), command: " \
     -exec bash -c "tr '\0' ' ' < {}/cmdline" \; \
     -exec echo \; | sort -rn | head

Linux - How to track all files accessed by a process?

lsof:

Try doing this as a starter :

lsof -p <PID>

this command will list all currently open files, fd, sockets for the process with the passed process ID.

For your special needs, see what I can offer as a solution to monitor a php script :

php foo.php & _pid=$!
lsof -r1 -p $_pid
kill %1 # if you want to kill php script

strace:

I recommend the use of strace. Unlike lsof, it stays running for as long as the process is running. It will print out which syscalls are being called when they are called. -e trace=file filters only for syscalls that access the filesystem:

sudo strace -f -t -e trace=file php foo.php

or for an already running process :

sudo strace -f -t -e trace=file -p <PID>

How does my Linux C process know how many files were opened on the command line?

There is no way to distinguish between redirections established on the command line and redirections which were already present in the execution environment.

For example, when utility util runs in the script

exec 4<file4
# ...
util 3<file3

it will see both fd 3 and fd 4 open for reading; it can't tell that only one was opened on the command line. If you care about that, which you probably should because there can be a number of these.

That aside, you can certainly figure out which fds are currently open, for example by cycling through all of them or examining the /proc/self/fd pseudo-directory. See this question for some example solutions to finding all the open file descriptors under Linux.

check if file is open with lsof

The lines that appear in the output of lsof are open files. If your file is not there it means it is not open. Among the columns are PID (the process id of the program that has the file open) and the FD (the file descriptor associated with the open file). No particular value for these indicates open/closed. If it appears at all it means it's open.

Check out http://linux.die.net/man/8/lsof and search for the text contains the first nine characters

How do I find the file handles that my process has opened in Linux?

If the libraries are opening files you don't know about, how do you know they don't need them after a fork? Unexported handles are an internal library detail, if the library wants them closed it will register an atfork() handler to close them. Walking around behind some piece of code closing its file handles behind its back will lead to subtle hard to debug problems since the library will error unexpectedly when it attempts to work with a handle it knows it opened correctly, but did not close.


Related Topics

Postgresql -Bash: Psql: Command Not Found

Why Do We Need a Swapper Task in Linux

How to Launch a New Process That Is Not a Child of the Original Process

Do (Statically Linked) Dlls Use a Different Heap Than the Main Program

Call a Kernel Module Function from Program at User Space

Performance Difference Between Ipc Shared Memory and Threads Memory

How Are Sbrk/Brk Implemented in Linux

Update-Alternatives: Warning: /Etc/Alternatives/Java Is Dangling

List Supported Ssl/Tls Versions for a Specific Openssl Build

Differencebetween Clock_Monotonic & Clock_Monotonic_Raw

Get MAC Address Using Shell Script

Create New File But Add Number If Filename Already Exists in Bash

Binary Grep on Linux

Ld: Using -Rpath,$Origin Inside a Shared Library (Recursive)

Convert Bash 'Ls' Output to JSON Array

Shell Script to Get the Process Id on Linux

Does Ldd Also Show Dependencies of Dependencies

How Is the Microsecond Time of Linux Gettimeofday() Obtained and What Is Its Accuracy


Leave a reply



Submit