How find out which process is using a file in Linux?
You can use the fuser
command, like:
fuser file_name
You will receive a list of processes using the file.
You can use different flags with it, in order to receive a more detailed output.
You can find more info in the fuser's Wikipedia article, or in the man
pages.
Counting open files per process
Have a look at the /proc/
file system:
ls /proc/$pid/fd/ | wc -l
To do this for all processes, use this:
cd /proc
for pid in [0-9]*
do
echo "PID = $pid with $(ls /proc/$pid/fd/ | wc -l) file descriptors"
done
As a one-liner (filter by appending | grep -v "0 FDs"
):
for pid in /proc/[0-9]*; do printf "PID %6d has %4d FDs\n" $(basename $pid) $(ls $pid/fd | wc -l); done
As a one-liner including the command name, sorted by file descriptor count in descending order (limit the results by appending | head -10
):
for pid in /proc/[0-9]*; do p=$(basename $pid); printf "%4d FDs for PID %6d; command=%s\n" $(ls $pid/fd | wc -l) $p "$(ps -p $p -o comm=)"; done | sort -nr
Credit to @Boban for this addendum:
You can pipe the output of the script above into the following script to see the ten processes (and their names) which have the most file descriptors open:
...
done | sort -rn -k5 | head | while read -r _ _ pid _ fdcount _
do
command=$(ps -o cmd -p "$pid" -hc)
printf "pid = %5d with %4d fds: %s\n" "$pid" "$fdcount" "$command"
done
Here's another approach to list the top-ten processes with the most open fds, probably less readable, so I don't put it in front:
find /proc -maxdepth 1 -type d -name '[0-9]*' \
-exec bash -c "ls {}/fd/ | wc -l | tr '\n' ' '" \; \
-printf "fds (PID = %P), command: " \
-exec bash -c "tr '\0' ' ' < {}/cmdline" \; \
-exec echo \; | sort -rn | head
Linux - How to track all files accessed by a process?
lsof
:
Try doing this as a starter :
lsof -p <PID>
this command will list all currently open files, fd, sockets for the process with the passed process ID.
For your special needs, see what I can offer as a solution to monitor a php script :
php foo.php & _pid=$!
lsof -r1 -p $_pid
kill %1 # if you want to kill php script
strace
:
I recommend the use of strace
. Unlike lsof
, it stays running for as long as the process is running. It will print out which syscalls are being called when they are called. -e trace=file
filters only for syscalls that access the filesystem:
sudo strace -f -t -e trace=file php foo.php
or for an already running process :
sudo strace -f -t -e trace=file -p <PID>
How does my Linux C process know how many files were opened on the command line?
There is no way to distinguish between redirections established on the command line and redirections which were already present in the execution environment.
For example, when utility util
runs in the script
exec 4<file4
# ...
util 3<file3
it will see both fd 3 and fd 4 open for reading; it can't tell that only one was opened on the command line. If you care about that, which you probably should because there can be a number of these.
That aside, you can certainly figure out which fds are currently open, for example by cycling through all of them or examining the /proc/self/fd
pseudo-directory. See this question for some example solutions to finding all the open file descriptors under Linux.
check if file is open with lsof
The lines that appear in the output of lsof
are open files. If your file is not there it means it is not open. Among the columns are PID (the process id of the program that has the file open) and the FD (the file descriptor associated with the open file). No particular value for these indicates open/closed. If it appears at all it means it's open.
Check out http://linux.die.net/man/8/lsof and search for the text contains the first nine characters
How do I find the file handles that my process has opened in Linux?
If the libraries are opening files you don't know about, how do you know they don't need them after a fork? Unexported handles are an internal library detail, if the library wants them closed it will register an atfork() handler to close them. Walking around behind some piece of code closing its file handles behind its back will lead to subtle hard to debug problems since the library will error unexpectedly when it attempts to work with a handle it knows it opened correctly, but did not close.
Related Topics
Postgresql -Bash: Psql: Command Not Found
Why Do We Need a Swapper Task in Linux
How to Launch a New Process That Is Not a Child of the Original Process
Do (Statically Linked) Dlls Use a Different Heap Than the Main Program
Call a Kernel Module Function from Program at User Space
Performance Difference Between Ipc Shared Memory and Threads Memory
How Are Sbrk/Brk Implemented in Linux
Update-Alternatives: Warning: /Etc/Alternatives/Java Is Dangling
List Supported Ssl/Tls Versions for a Specific Openssl Build
Differencebetween Clock_Monotonic & Clock_Monotonic_Raw
Get MAC Address Using Shell Script
Create New File But Add Number If Filename Already Exists in Bash
Ld: Using -Rpath,$Origin Inside a Shared Library (Recursive)
Convert Bash 'Ls' Output to JSON Array
Shell Script to Get the Process Id on Linux
Does Ldd Also Show Dependencies of Dependencies
How Is the Microsecond Time of Linux Gettimeofday() Obtained and What Is Its Accuracy