导读:
一、用事实说话
二、关于LSOF命令的其它用法:
三、参考文档:
正文:
lsof:Finding open files with lsof
作用:查看文件被哪些进程打开
一、用事实说话
【实验】Linux下文件删除、句柄与空间释放问题
窗口1:创建test文件,并用less命令打开它
[root@monitor monitor]# echo "zhengBin is Bkeep" >> test
[root@monitor monitor]# ls –sortk
8 -rw-r--r—1 root 1 Dec 9 16:02 error.txt
120 -rw-r--r—1 root 112 Dec 10 16:38 test
[root@monitor monitor]# less test
zhengBin is Bkeep
(END)
窗口2:使用lsof命令排查问题
[root@monitor monitor]# rm –rf test
[root@monitor monitor]# lsof |grep test //注意,这里test文件已被标记为 “deleted”,但仍然被less进程锁定(pid:23253)
less 23253 root 4r REG 253,0 18 2850936 /usr/monitor/test (deleted)
[root@monitor ~]# ps -ef |grep 23253 //查看less进程的系统用户,为root!
root 23253 23042 0 17:16 pts/1 00:00:00 less test
root 23291 23256 0 17:17 pts/0 00:00:00 grep 23253
[root@monitor ~]# kill -9 23253 //杀掉该进程,系统才会释放test占用的磁盘空间。(重启系统或服务也行)
[root@monitor ~]# lsof |grep test
没有了,说明空间已被释放!
二、关于lsof命令的其它用法:
1,查看目录和文件正在被那些进程使用。
[root@monitor monitor]# umount /
umount: /: device is busy
umount: /: device is busy
[root@monitor monitor]# lsof /
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
init 1 root cwd DIR 253,0 4096 2 /
init 1 root rtd DIR 253,0 4096 2 /
init 1 root txt REG 253,0 38620 9306178 /sbin/init
init 1 root mem REG 253,0 125736 6686192 /lib/ld-2.5.so
init 1 root mem REG 253,0 1602128 6686193 /lib/libc-2.5.so
init 1 root mem REG 253,0 16428 6686196 /lib/libdl-2.5.so
init 1 root mem REG 253,0 93508 6686210 /lib/libselinux.so.1
init 1 root mem REG 253,0 242880 6686209 /lib/libsepol.so.1
migration 2 root cwd DIR 253,0 4096 2 /
migration 2 root rtd DIR 253,0 4096 2 /
ksoftirqd 3 root cwd DIR 253,0 4096 2 /
ksoftirqd 3 root rtd DIR 253,0 4096 2 /
2,查看远程ip调用了系统那些进程
[root@monitor monitor]# netstat -natp
tcp 0 1008 ::ffff:192.168.254.51:22 ::ffff:192.168.254.149:1066 ESTABLISHED 22779/0
[root@monitor monitor]# lsof -i @192.168.254.149
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 22779 root 3u IPv6 98877 TCP 192.168.254.51:ssh->192.168.254.149:fpo-fns (ESTABLISHED)
3,根据端口号查看服务名
[root@monitor monitor]# lsof -i :25
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sendmail 4653 root 4u IPv4 9307 TCP monitor:smtp (LISTEN)
4,谁在打开sendmail.pid文件?
[root@monitor run]# lsof /var/run/sendmail.pid
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sendmail 4653 root 5wW REG 253,0 33 9667079 /var/run/sendmail.pid
5,【重要】查看某个进程号所打开的所有系统文件
参数说明:
-a,所有参数都必须持有真实的文件显示
-p,进程号
-d,txt记录将被过滤掉;^ 排除的意思 (the carat [^] means exclude).
[root@monitor run]# lsof -a -p 4653 -d ^txt //【重要】
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sendmail 4653 root cwd DIR 253,0 4096 9666678 /var/spool/mqueue
sendmail 4653 root rtd DIR 253,0 4096 2 /
sendmail 4653 root mem REG 253,0 6684758 /lib/libdb-4.3.so (path inode=6684892)
sendmail 4653 root DEL REG 253,0 2107155 /usr/lib/liblber-2.3.so.0.2.15.#prelink#.1kBcGu
sendmail 4653 root DEL REG 253,0 2107070 /usr/lib/libgssapi_krb5.so.2.2.#prelink#.Y8RNd8
sendmail 4653 root mem REG 253,0 2101464 /usr/lib/libz.so.1.2.3 (path inode=2117529)
sendmail 4653 root mem REG 253,0 46680 6684713 /lib/libnss_files-2.5.so
sendmail 4653 root mem REG 253,0 14596 2162994 /usr/lib/sasl2/libanonymous.so.2.0.22
sendmail 4653 root mem REG 253,0 905200 2164220 /usr/lib/sasl2/libsasldb.so.2.0.22
sendmail 4653 root mem REG 253,0 6684723 /lib/libresolv-2.5.so (path inode=6686208)
sendmail 4653 root mem REG 253,0 6684701 /lib/libcrypt-2.5.so (path inode=6686216)
sendmail 4653 root mem REG 253,0 6684759 /lib/libkeyutils-1.2.so (path inode=6686207)
sendmail 4653 root 2w CHR 1,3 1449 /dev/null
sendmail 4653 root 3u unix 0xd45eb740 9306 socket
sendmail 4653 root 4u IPv4 9307 TCP monitor:smtp (LISTEN)
sendmail 4653 root 5wW REG 253,0 33 9667079 /var/run/sendmail.pid
6,ls命令参数解释
[root@monitor monitor]# ls –sortk
8 -rw-r--r—1 root 1 Dec 9 16:02 error.txt
120 -rw-r--r—1 root 112 Dec 10 16:38 test
参数说明:
s:第一列显示的块大小(个);o:类似l 但不显示group; S:按文件大小排序
r:倒序; t:按时间排序 k:字节数按KB来显示