Original author(s) | Victor A. Abell |
---|---|
Initial release | 1991[1] |
Stable release | 4.99 [2] / 10 November 2023 |
Repository | github |
Written in | C |
Operating system | Linux, FreeBSD, macOS, Solaris, NetBSD and OpenBSD |
Platform | Cross-platform |
License | BSD license-compatible [3] |
Website | lsof |
lsof is a command meaning "list open files", which is used in many Unix-like systems to report a list of all open files and the processes that opened them. This open source utility was developed and supported by Victor A. Abell, the retired Associate Director of the Purdue University Computing Center. It works in and supports several Unix flavors. [4]
A replacement for Linux, lsfd
, is included in util-linux. [5]
In 1985, Cliff Spencer publishes the ofiles
command. Its man page says: "ofiles – who has a file open [...] displays the owner and id of any process accessing a specified device". Spencer compiled it for 4.2BSD and ULTRIX. [6] Moreover, in the newsgroup net.unix-wizards, he further remarks: [7]
With all the chatter about dismounting active file systems, I have posted my program to indicate who is using a particular filesystem, "ofiles" to net.sources.
In 1988, the command fstat
("file status") appears as part of the 4.3BSD-Tahoe release. Its man page says: [8]
fstat identifies open files. A file is considered open if a process has it open, if it is the working directory for a process, or if it is an active pure text file. If no options are specified, fstat reports on all open files.
In 1989, in comp.sources.unix, Vic Abell publishes ports of the ofiles and fstat commands from 4.3BSD-Tahoe to "DYNIX 3.0.1[24] for Sequent Symmetry and Balance, SunOS 4.0 and ULTRIX 2.2". [9] [10] Various people had evolved and ported ofiles over the years. Abell contrasted the commands as follows: [10]
Fstat is similar to the ofiles program which I recently submitted. Like ofiles, fstat identifies open files. It's orientation differs slightly from that of ofiles: ofiles starts with a file name and paws through the proc and user structures to identify the file; fstat reads all the proc and user structures, displaying information in all files, optionally applying a few filters to the output (including a single file name filter.)
In combination with netstat -aA and grep, fstat will identify the process associated with a network connection, just as will ofiles.
In 1991, Vic Abell publishes lsof version 1.0 to comp.sources.unix. He notes: [1]
Lsof (for LiSt Open Files) lists files opened by processes on selected Unix systems. It is my answer to those who regularly ask me when I am going to make fstat (comp.sources.unix volume 18, number 107) or ofiles (volume 18, number 57) available on SunOS 4.1.1 or the like.
Lsof is a complete redesign of the fstat/ofiles series, based on the SunOS vnode model. Thus, it has been tested on AIX 3.1.[357], HP-UX [78].x, NeXTStep 2.[01], Sequent Dynix 3.0.12 and 3.1.2, and Sunos 4.1 and 4.1.1. Using available kernel access methods, such as nlist() and kvm_read(), lsof reads process table entries, user areas and file pointers to reach the underlying structures that describe files opened by processes.
In 2018, Vic Abbell publishes lsof version 4.92. The same year, he initiates the transfer of responsibility. He writes: [11]
I will reach 80 years of age later this year and I think it's time for me to end my work on general lsof revision releases.
The lsof code is put on Github and maintenance is transferred. [11] [12]
Open files in the system include disk files, named pipes, network sockets and devices opened by all processes. One use for this command is when a disk cannot be unmounted because (unspecified) files are in use. The listing of open files can be consulted (suitably filtered if necessary) to identify the process that is using the files.
# lsof/var COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsyslogd 350 root 5w VREG 222,5 0 440818 /var/adm/messagessyslogd 350 root 6w VREG 222,5 339098 6248 /var/log/syslogcron 353 root cwd VDIR 222,5 512 254550 /var -- atjobs
To view the port associated with a daemon:
# lsof-i-n-P|grepsendmail sendmail 31649 root 4u IPv4 521738 TCP *:25 (LISTEN)
From the above one can see that "sendmail" is listening on its standard port of "25".
One can also list Unix Sockets by using lsof -U
.
The lsof output describes:
For a complete list of options, see the Lsof(8) Linux manual page. [13]
In computing, traceroute
and tracert
are computer network diagnostic commands for displaying possible routes (paths) and measuring transit delays of packets across an Internet Protocol (IP) network. The history of the route is recorded as the round-trip times of the packets received from each successive host in the route (path); the sum of the mean times in each hop is a measure of the total time spent to establish the connection. Traceroute proceeds unless all sent packets are lost more than twice; then the connection is lost and the route cannot be evaluated. Ping, on the other hand, only computes the final round-trip times from the destination point.
Berkeley sockets is an application programming interface (API) for Internet sockets and Unix domain sockets, used for inter-process communication (IPC). It is commonly implemented as a library of linkable modules. It originated with the 4.2BSD Unix operating system, which was released in 1983.
Ultrix is the brand name of Digital Equipment Corporation's (DEC) discontinued native Unix operating systems for the PDP-11, VAX, MicroVAX and DECstations.
Unix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices.
Unix System V is one of the first commercial versions of the Unix operating system. It was originally developed by AT&T and first released in 1983. Four major versions of System V were released, numbered 1, 2, 3, and 4. System V Release 4 (SVR4) was commercially the most successful version, being the result of an effort, marketed as Unix System Unification, which solicited the collaboration of the major Unix vendors. It was the source of several common commercial Unix features. System V is sometimes abbreviated to SysV.
The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network. The r-commands were developed in 1982 by the Computer Systems Research Group at the University of California, Berkeley, based on an early implementation of TCP/IP.
In computing, netstat
is a command-line network utility that displays network connections for Transmission Control Protocol, routing tables, and a number of network interface and network protocol statistics. It is available on Unix, Plan 9, Inferno, and Unix-like operating systems including macOS, Linux, Solaris and BSD. It is also available on IBM OS/2 and on Microsoft Windows NT-based operating systems including Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10.
The seven standard Unix file types are regular, directory, symbolic link, FIFO special, block special, character special, and socket as defined by POSIX. Different OS-specific implementations allow more types than what POSIX requires. A file's type can be identified by the ls -l
command, which displays the type in the first character of the file-system permissions field.
rm
is a basic command on Unix and Unix-like operating systems used to remove objects such as computer files, directories and symbolic links from file systems and also special files such as device nodes, pipes and sockets, similar to the del
command in MS-DOS, OS/2, and Microsoft Windows. The command is also available in the EFI shell.
In Unix-based computer operating systems, init is the first process started during booting of the operating system. Init is a daemon process that continues running until the system is shut down. It is the direct or indirect ancestor of all other processes and automatically adopts all orphaned processes. Init is started by the kernel during the booting process; a kernel panic will occur if the kernel is unable to start it, or it should die for any reason. Init is typically assigned process identifier 1.
inetd is a super-server daemon on many Unix systems that provides Internet services. For each configured service, it listens for requests from connecting clients. Requests are served by spawning a process which runs the appropriate executable, but simple services such as echo are served by inetd itself. External executables, which are run on request, can be single- or multi-threaded. First appearing in 4.3BSD, it is generally located at /usr/sbin/inetd
. inetd is based on the (service) activator pattern
In computer networking, xinetd is an open-source super-server daemon which runs on many Unix-like systems, and manages Internet-based connectivity.
The history of Unix dates back to the mid-1960s, when the Massachusetts Institute of Technology, AT&T Bell Labs, and General Electric were jointly developing an experimental time-sharing operating system called Multics for the GE-645 mainframe. Multics introduced many innovations, but also had many problems. Bell Labs, frustrated by the size and complexity of Multics but not its aims, slowly pulled out of the project. Their last researchers to leave Multics – among them Ken Thompson, Dennis Ritchie, Doug McIlroy, and Joe Ossanna – decided to redo the work, but on a much smaller scale.
A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming interface (API) for the networking architecture. Sockets are created only during the lifetime of a process of an application running in the node.
The Unix command fuser
is used to show which processes are using a specified computer file, file system, or Unix socket.
The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berkeley. The term "BSD" commonly refers to its open-source descendants, including FreeBSD, OpenBSD, NetBSD, and DragonFly BSD.
The program ttcp is a utility for measuring network throughput, popular on Unix systems. It measures the network throughput between two systems using the TCP or optionally UDP protocols. It was written by Mike Muuss and Terry Slattery at BRL sometime before December 1984, to compare the performance of TCP stacks by the Computer Systems Research Group (CSRG) of the University of California, Berkeley and Bolt, Beranek and Newman (BBN) to help DARPA decide which version to place in 4.3BSD.
In Unix and operating systems inspired by it, the file system is considered a central component of the operating system. It was also one of the first parts of the system to be designed and implemented by Ken Thompson in the first experimental version of Unix, dated 1969.
The History of the Berkeley Software Distribution begins in the 1970s.