Introduction to lsof

Introduction to lsof

Overview

LiSt Open Files is a useful and powerful tool that will show you opened files. In Unix everything is a file: pipes are files, IP sockets are files, unix sockets are files, directories are files, devices are files, inodes are files...

Useful Examples

So in this tangle of files lsof listst files opened by processes running on your system.

When lsof is called without parameters, it will show all the files opened by any processes.

lsof | nl

Let us know who is using the apache executable file, /etc/passwd, what files are opened on device /dev/hda6 or who's accessing /dev/cdrom:

lsof `which apache2`
lsof /etc/passwd
lsof /dev/hda6
lsof /dev/cdrom

Now show us what process IDs are using the apache binary, and only the PID:

lsof -t `which apache2`

Show us what files are opened by processes whose names starts by "k" (klogd, kswapd...) and bash. Show us what files are opened by init:

lsof -c k
lsof -c bash
lsof -c init

Show us what files are opened by processes whose names starts by "courier", but exclude those whose owner is the user "zahn":

lsof -c courier -u ^zahn

Show us the processes opened by user apache and user zahn:

lsof -u apache,zahn

Show us what files are using the process whose PID is 30297:

lsof +p 30297

Search for all opened instances of directory /tmp and all the files and directories it contains:

lsof +D /tmp

List all opened internet sockets and sockets related to port 80:

lsof -i
lsof -i :80

List all opened Internet and UNIX domain files:

lsof -i -U

Show us what process(es) has an UDP connection opened to or from the host www.test.com at port 123 (ntp):

lsof -iUDP@www.test.com:123

lsof provides many more options and could be an unvaluable foresinc tool if your system get compromised or as daily basis check tool..

How to Mounting an USB External Hardrive on Linux Machine

Here are few tips to mounting your external or USB hardrive:

after you plug your usb drive just type in your console

[code] [root@austin]# dmesg [/code]

then look at this following message



usb hd plugin

at this picture the device is detected as sdb1
then you should now that the device you need to mount is on /dev/sdb1

now create the directory that will be linked to the drive
[code] mkdir /mnt/usbdrive [/code]

now mount your drive to the directory that just created before:

[code] mount -t (your partition type) /dev/sdb1 /mnt/usbdrive [/code]

remember, you should know your partition type corectly before mounting

you can try to check with this command:

[code][root@austin]#fdisk -l
Disk /dev/hda: 240 heads, 63 sectors, 1940 cylinders
Units = cylinders of 15120 * 512 bytes

Device Boot Start End Blocks Id System
/dev/hda 1 286 2162128+ c Win95 FAT32 (LBA)
/dev/hda2 * 288 1940 12496680 5 Extended
/dev/hda5 288 289 15088+ 83 Linux
/dev/hda6 290 844 4195768+ 83 Linux
/dev/hda7 845 983 1050808+ 82 Linux swap
/dev/hda8 984 1816 6297448+ 83 Linux
/dev/hda9 1817 1940 937408+ 83 Linux
/dev/sdb1 1 2010 156301488+ 83 Linux [/code]

Various filesystem types like xiafs, ext2, ext3, reiserfs is using id 83
Some systems mistakenly assume that 83 must mean ext2.

example on linux partition:

[code] mount -t ext2 /dev/sdb1 /mnt/usbdrive [/code]


if you see some error you can try other types of partition id 83

[code] mount -t ext3 /dev/sdb1 /mnt/usbdrive [/code]

if you see this kind message.



that's mean you have succesfully mounting your external hardrive!
now you can move your file through your new mounting directiory /mnt/usbdrive



FYI: the name of windows partition in linux is Vfat aka FAT file system or ntfs
the name of usb flash disk partition is usbfs

How To Format Harddrive in Linux/Unix Console

Here is a simple steps how to formatting a new harddrive in linux/unix console :

First, we need to take a look all partition in your server

[code]$fdisk -l
.....
.....
Disk /dev/hdd: 320.0 GB, 320072933376 bytes
255 heads, 63 sectors/track, 38913 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System[/code]

You will see a result above that tell /dev/hdd is have 320GB but don't have any partition on it.

We need to create a new partition for /dev/hdd with these steps below :

[code]$fdisk /dev/hdd
Command : n
Command Action : p
Partition Number : 1
First Cylinder : Enter
Last Cylinder : Enter
Command : p

Disk /dev/hdd: 320.0 GB, 320072933376 bytes
255 heads, 63 sectors/track, 38913 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/hdd1 1 38913 312568641 83 Linux

Command : w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.[/code]

You will see that /dev/hdd1 is ready to format
We need to verify all devices again before do a format

[code]$fdisk -l

......
Disk /dev/hdd: 320.0 GB, 320072933376 bytes
255 heads, 63 sectors/track, 38913 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/hdd1 1 38913 312568641 83 Linux


$ls -al /dev/hdd1
brw-r----- 1 root disk 22, 65 Sep 9 21:00 /dev/hdd1[/code]

Next, we will start formatting the harddrive partition file system with this command below

[code]$mkfs.ext3 /dev/hdd1
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
39075840 inodes, 78142160 blocks
3907108 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
2385 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616

Writing inode tables: 1996/2385
.....

Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information:
done

This filesystem will be automatically checked every 24 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.[/code]

Finally, We just need to mount the partition and your new harddrive is ready to use