lsof -c [program]In the previous section, you saw who was using /usr/sbin/sshd. The results you received, however, don't tell the whole story. Any particular program is actually comprised of calls to several (perhaps many) other processes, programs, sockets, and devices, all of which appear to Linux as more files. To find out the full universe of other files associated with a particular running program, follow lsof with the -c option, and then the name of a running (and therefore "open") program. For example, lsof /usr/sbin/sshd said that there were only two users and three open files associated with that exact file. But what about the entire sshd command? # lsof -c sshd COMMAND PID USER NAME sshd 10542 root /lib/ld-2.3.5.so sshd 10542 root /dev/null sshd 10542 root 192.168.0.170:ssh->192.168.0.100:4577 (ESTABLISHED) sshd 10548 scott /usr/sbin/sshdp sshd 10548 scott 192.168.0.170:ssh->192.168.0.100:4577 (ESTABLISHED) In the preceding code, you can see a few of the 94 lines (representing 94 open files) somehow connected with the sshd program. One is a .so file (shared object, akin to a DLL on Windows), and a few even show you that a network connection has occurred between this and another machine (actually, that another machine on this network has connected via SSH to this machine; for more on that process, see "Securely Log In to Another Computer" in Chapter 15, "Working on the Network"). You can find out a tremendous amount by applying lsof to various commands on your computer; at the least, you'll learn just how complicated modern programs are. Try it out with the software you use every day, and you might gain a fresh appreciation for the programmers who worked hard to make it available to you. Note The lsof command has an amazing number of options, and you're only going to look at a tiny subset. The source code for lsof includes a file named 00QUICKSTART (that's two zeroes at the beginning) that is a tutorial for some of the command's more powerful features. Search Google for that filename and start reading. |