lsof介绍

Linux lsof是用来查看当前系统进程打开的文件。linux系统中，一切皆为文件，lsof可以查看的"文件"类型有：

目录
文件
字符设备
共享库
网络文件

lsof用法

-i 列出符合条件的进程
-p <PID> 列出进程号打开的文件
-u <user/uid> 列出用户打开的文件

实例

列出某进程号打开的文件

root@org-test:~# lsof -i :22
COMMAND     PID USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
sshd    1736249 root    3u  IPv4 138689076      0t0  TCP *:ssh (LISTEN)
sshd    2144094 root    4u  IPv4 305006763      0t0  TCP iZ0jl2enetrojliamsk0svZ:ssh->no-data:5395 (ESTABLISHED)
sshd    2156661 root    4u  IPv4 305077651      0t0  TCP iZ0jl2enetrojliamsk0svZ:ssh->no-data:3210 (ESTABLISHED)
sshd    2158159 root    4u  IPv4 305086947      0t0  TCP iZ0jl2enetrojliamsk0svZ:ssh->no-data:7568 (ESTABLISHED)

列出某进程号打开的文件

root@org-test:~# lsof -p 2516246 | head -n 10
COMMAND       PID USER   FD      TYPE             DEVICE SIZE/OFF      NODE NAME
php-fpm8. 2516246 root  cwd       DIR              252,1     4096         2 /
php-fpm8. 2516246 root  rtd       DIR              252,1     4096         2 /
php-fpm8. 2516246 root  txt       REG              252,1  5665352   1049711 /usr/sbin/php-fpm8.2
php-fpm8. 2516246 root  DEL       REG                0,1          264066768 /dev/zero
php-fpm8. 2516246 root  DEL       REG                0,1          264066766 /dev/zero
php-fpm8. 2516246 root  mem       REG              252,1  2855648   1318571 /usr/lib/php/20220829/swoole.so
php-fpm8. 2516246 root  mem       REG              252,1    74848   1051494 /usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4
php-fpm8. 2516246 root  mem       REG              252,1   118064   1074130 /usr/lib/x86_64-linux-gnu/libzip.so.4.0
php-fpm8. 2516246 root  mem       REG              252,1    96520   1312451 /usr/lib/php/20220829/zip.so

列出用户打开的文件

root@org-test:~# lsof -u root |head -n 10
COMMAND       PID USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
systemd         1 root  cwd       DIR              252,1      4096          2 /
systemd         1 root  rtd       DIR              252,1      4096          2 /
systemd         1 root  txt       REG              252,1   1620224    1064142 /usr/lib/systemd/systemd
systemd         1 root  mem       REG              252,1   1369384    1067047 /usr/lib/x86_64-linux-gnu/libm-2.31.so
systemd         1 root  mem       REG              252,1    178528    1051203 /usr/lib/x86_64-linux-gnu/libudev.so.1.6.17
systemd         1 root  mem       REG              252,1   1575112    1051696 /usr/lib/x86_64-linux-gnu/libunistring.so.2.1.0
systemd         1 root  mem       REG              252,1    137584    1051560 /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.28.0
systemd         1 root  mem       REG              252,1     67912    1051125 /usr/lib/x86_64-linux-gnu/libjson-c.so.4.0.0
systemd         1 root  mem       REG              252,1     35024    1049695 /usr/lib/x86_64-linux-gnu/libargon2.so.1

列出所有网络连接

root@org-test:~# lsof -i | head -n 10
COMMAND       PID            USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
chronyd       542         _chrony    5u  IPv4     18124      0t0  UDP localhost:323 
chronyd       542         _chrony    6u  IPv6     18125      0t0  UDP localhost:323 
redis-ser  111739           redis    6u  IPv4    878391      0t0  TCP localhost:6379 (LISTEN)
redis-ser  111739           redis    7u  IPv6    878392      0t0  TCP localhost:6379 (LISTEN)
redis-ser  111739           redis    8u  IPv4 177893460      0t0  TCP localhost:6379->localhost:41322 (ESTABLISHED)
redis-ser  111739           redis   10u  IPv4  81797838      0t0  TCP localhost:6379->localhost:52672 (ESTABLISHED)
php       1531094            root    5u  IPv4 177893314      0t0  TCP localhost:41322->localhost:6379 (ESTABLISHED)
systemd-n 1718822 systemd-network   20u  IPv4 138615124      0t0  UDP iZ0jl2enetrojliamsk0svZ:bootpc 
systemd-r 1718857 systemd-resolve   12u  IPv4 138614491      0t0  UDP localhost:domain