lft

lsof [options] [names]

-a
    AND options. Combines the results of multiple options logically.

-c string
    Lists files opened by commands starting with string.

-d fds
    Lists files opened using the specified file descriptors fds. fds can be a single number, a list of numbers separated by commas, or a range specified by two numbers separated by a hyphen.

-i [i]
    Lists open files related to network connections. The optional argument i specifies the network protocol (e.g., TCP, UDP) and/or port number.

-l
    Display user IDs rather than user names.

-n
    Inhibit network number to host name conversion. Saves time by avoiding DNS lookups.

-p s
    Lists files opened by processes with the specified PIDs s. s is a comma separated list of Process ID's

-u s
    Lists files opened by the specified user(s). s is a comma separated list of User ID's or User Names

-t
    Terse listing. Only process IDs are printed.

+D directory
    Select files that are located on a directory

The lsof command is a powerful utility in Linux used to list all open files for a given process, user, or the entire system. "Open files" encompasses a wide range of resources, including disk files, network sockets, pipes, devices, and directories. It provides valuable insight into how processes are using system resources, aiding in debugging, security analysis, and performance tuning. By default, lsof displays information about all open files on the system, but its numerous options allow for refined queries based on criteria such as process ID (PID), user ID (UID), file descriptor, file name, network protocol, and more.

The output typically includes information like the command name, PID, user, file descriptor, file type, device, size/offset, node, and the name of the file or network address. Understanding lsof's output allows administrators and developers to quickly identify processes that are holding onto specific files, occupying network ports, or consuming other critical resources. It is an indispensable tool for system administrators and developers alike.

lsof requires root privileges to list all open files on the system. Without root privileges, it will only display information about the files opened by the current user.

Because lsof can reveal sensitive information about system processes and open files, access to this command should be carefully controlled, especially in shared environments. Incorrect usage or interpretation of lsof output can lead to security vulnerabilities or unintentional disclosure of information.

Running lsof can be resource-intensive, especially on systems with a large number of processes and open files. Using specific options to narrow the scope of the search can significantly improve performance.

lsof was originally developed by Vic Abell. The command has been available on UNIX-like systems for many years. It's actively maintained and updated to support new kernel features and hardware architectures.

ps(1), fuser(1), netstat(1)