8 Basic lsof Commands Every Sysadmin Needs to Know
lsof basics – list open files on Linux and Unix (expand for timestamps and details).
In this video I introduce the ‘lsof’ command, found on Linux and Unix systems. I’ll show you some practical examples and teach you how to explore what’s happening with the filesytem in a system or process.
1:00 Which files are open?
lsof
2:56 Which processes have this file open?
lsof /var/log/nginx-error.log
4:49 Which files does process X have open?
lsof -p 1
lsof -p `pgrep ABC`
7:08 Where is the binary for this process?
lsof -p ABC | grep bin
7:44 Which shared libraries is this program using? (manually upgrading software, i.e. openssl)
lsof -p PID | grep .so
8:03 Where is this thing logging to?
lsof -p ABC | grep log
8:40 Which processes still have this old library open?
lsof grep libname.so
9:45 Which files does user XYZ have open?
lsof -u XYZ
lsof -u XYZ -i # network only
10:25 Which process is listening on Port X (or using Protocol Y)?
lsof -i :80
lsof -i tcp
11:21 Super lsof Story Time!
14:03 Exercises
My step-by-step project-based Linux course for beginners: https://www.udemy.com/course/hands-on-linux-self-hosted-wordpress-for-linux-beginners/?referralCode=19C0A7DEE2FD53C9C09D
Free Linux Sysadmin Course Playlist: https://www.youtube.com/playlist?list=PLtK75qxsQaMLZSo7KL-PmiRarU7hrpnwK
DigitalOcean referral link: https://m.do.co/c/0380a1db56a6
Patreon: https://www.patreon.com/tutorialinux
Official Site & e-mail list: https://tutorialinux.com/
Twitter: https://twitter.com/tutorialinux
Facebook: https://www.facebook.com/tutorialinux
Podcast: http://kernelpanicpodcast.com
by tutoriaLinux
linux ftp command
This was so informative, thank you.
Very concise and insightful.
Very helpful, thanks Dave!
The Direct Path To SHELL SCRIPTING
https://www.youtube.com/playlist?list=PLwfkYWhsJ_LZd8oL4wAwLiRIkG4faXm60
The Direct Path To Linux Ubuntu
https://www.youtube.com/playlist?list=PLwfkYWhsJ_LbjGo92o3jIDGKaSHqgpdME
is this an application i have to download? I'm completely new to this so forgive me. I'm trying figure out why finder on my mac is generating random folders in my documents tabs.
I am a Doctor. I just opened this series out of curiosity and I am hooked and this is 40ish video or something
very good tutorial
DE: i3wm
Install it with:
'pkexec apt-get install i3 -y'
I liked that “sometimes wonderful, sometimes terrible” comment about UNIX-like systems using the “file” metaphor / construct for everything. 😂
Thanks 👍
great tool!
I've used this only a few times, but when you need it you really need it. (Of course, in Windows, you have a download a tool for this, from SysInternals I think.)
For that last part, as a sysadmin I've ran into the issue numerous times where a process is holding on to a file and space isn't freed up after it's deleted. In that case you can do 'lsof | grep deleted' to see files that have been deleted from the system, but still have processes holding on to them.
Thanks for the video! You should have escaped the dot symbol when grepping for used .so files like “.so$” for dot not to be treated like “any one symbol”, anchor to the end of line with “$” thus eliminating “sockets” from grep results
I know this video is old but I need an explanation; I'm playing around testing these commands on a CentOS machine and when I run lsof /var/log/gitlab/production.log (which is a log file Gitlab writes to) I can see that the COMMAND writting to this file is called "bundle", and the PID is for example 3210. When I run "ps 3210" to take a closer look at the PID, I see that the COMMAND in this output is instead "puma", which makes sense because that's the web server that runs on Gitlab.
Why am I getting two different values on the "COMMAND" column of these two commands with the same PID? Are they referring to different things?
This is so powerful and super useful thing to know. Thanks for what you are doing, you're the best!
clear and straight to the point. thanks c:
You are awesome ! 👍
Amazing, practical stuff. Thanks man.
Loved the way you explained , beautiful way of teaching…. Keep making such basic vdo's
If I lsof by a PID, is there a way to know which of the open files is creating a memory drain?
thanks im trying to build a talking robot friend im goint to name him george 🙂
Hey buddy, I'm just wondering if finding ghost files using | grep -i deleted , is the best option?
Thank you for sharing this!!! I hope this will finally help me why my MacOS Catalina blocks my external disks from ejecting. With Catalina, this has become a nightmare. Lot’s of greetings, Dennis 🇳🇱
I used this command to find processes connecting to a port. This is the reverse of the usual query of finding what process is listening on a port.
what colour scheme and font is that?
Thank you for taking the time to make this video. It has helped me a great bit on learning Linux
nice video
You told wrong brother….standard output file descriptor value is 1, standard error file descriptor value is 2 and standard input file descriptor value is 0. You told value of output wrong bro..thanks
10:20 – LOL Nice touch! Good humor on such a serious video, while still educating people. 🙂
Thank you so much for it!!!
Cool !
Nice job =)
Absolutely amazing. Thank you man 👍
Can you explain how to troubleshoot and fix the linux server load(both php fpm and mysql)?
Finally someone that I can understand when he speaks !
Excellent vid!
Very cool. Also very funny )
Thanks a lot.Very informative to me.👍👏👏💜
You have a realy nice tutorials for linux but I can't understand peaple who work's a lot at terminal and used windows as main system. In any case I don't have any confrontation about windows ( that's really useful OS at that cases where it needed). Just can't understand it.
Another great Linux vid. I know enough Linux to be dangerous, but trying to up my game a bit and your videos have been super helpful. Earned a sub for sure. Thanks
we are thirsty for good vids like this. keep it up.