Sometimes, we want to know what files are currently open on a system, what process lock a file etc. We can use an application named
lsof which is short from list open files. If we have root level privileges we can see all files currently open in a system but as normal users can only read what files that we open and will get error “permission denied” for files that we have no privileges on
For example, we can run
/usr/sbin/lsof as root, most of the time
/usr/sbin/ already on root user path so you can just type
[root@clarisa ~]# lsof | more COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME init 1 root cwd DIR 253,0 4096 2 / init 1 root rtd DIR 253,0 4096 2 / init 1 root txt REG 253,0 38652 1212600 /sbin/init init 1 root mem REG 253,0 125736 854064 /lib/ld-2.5.so init 1 root mem REG 253,0 1611564 854334 /lib/libc-2.5.so init 1 root mem REG 253,0 16428 854335 /lib/libdl-2.5.so init 1 root mem REG 253,0 93508 854353 /lib/libselinux.so.1 init 1 root mem REG 253,0 245376ti 854352 /lib/libsepol.so.1 ...
I trim the output above because there are lots of file opened on the system.
If we run
/usr/sbin/lsof as normal user, we will get some error message permission denied :
[sumodirjo@clarisa ~]$ /usr/sbin/lsof | more COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME init 1 root cwd unknown /proc/1/cwd (readlink: Permission denied) init 1 root rtd unknown /proc/1/root (readlink: Permission denied) init 1 root txt unknown /proc/1/exe (readlink: Permission denied) init 1 root NOFD /proc/1/fd (opendir: Permission denied) ...
To check what files a user currently open, we can use
lsof and grep the output, e.g.:
[root@clarisa ~]# lsof | grep sumodirjo