转载自:http://blog.chinaunix.net/uid-20615025-id-29840.html
转载自:http://blog.chinaunix.net/uid-20587169-id-1919142.html
fuser命令学习
fuser:使用文件或者套节字来表示识别进程。我常用的他的两个功能:查看我需要的进程和我要杀死我查到的进程。
比如当你想umount光驱的时候,结果系统提示你设备正在使用或者正忙,可是你又找不到到底谁使用了他。这个时候fuser可派上用场了。
[root@lancy sbin]# eject
umount: /media/cdrom: device is busy
umount: /media/cdrom: device is busy
eject: unmount of `/media/cdrom' failed
[root@lancy sbin]# fuser /mnt/cdrom
/mnt/cdrom: 4561c 5382c
[root@lancy sbin]# ps -ef |egrep '(4561|5382)' |grep -v grep
root 4561 4227 0 20:13 pts/1 00:00:00 bash
root 5382 4561 0 21:42 pts/1 00:00:00 vim Autorun.inf
示例中,我想弹出光驱,系统告诉我设备忙着,于是采用fuser命令,参数是你文件或scoket,fuser将查出那些使用了他。
4561c,5382c表示目前用两个进程在占用着/mnt/cdrom,分别是4561,5382,进程ID后的字母表示占用资源的方式,有下面几种表示:
c 当前路径(current directory.)我的理解是表示这个资源的占用是以文件目录方式,也就是进进入了需要释放的资源的路径,这是最常用的资源占用方式。
e 正在运行可执行文件(executable being run.),比如运行了光盘上的某个程序
f 打开文件( open file),缺省模式下f忽略。所以上面的例子中,虽然是开打了光盘上的Autorun.inf文件,但是给出的标识是c,而不是f。
r root目录(root directory).没有明白什么意思,难道是说进入了/root这个特定目录?
m mmap文件或者共享库( mmap’ed file or shared library).这应该是说某个进程使用了你要释放的资源的某个共享文件。
其他字母见文章最后的表格
在查找的同时,你还可定指定一些参数,比如
-k 杀死这些正在访问这些文件的进程。除非使用-signal修改信号,否则将发送SIGKILL信号。
-i 交互模式
-l 列出所有已知的信号名称。
-n 空间,选择不同的名字空间,可是file,udp,tcp。默认是file,也就是文件。
-signal 指定发送的信号,而不是缺省的SIGKILL
-4 仅查询IPV4套接字
-6 仅查询IPV6套接字
- 重置所有的选项,将信息设回SIGKILL
再看下面的例子
[root@lancy sbin]# fuser -l
HUP INT QUIT ILL TRAP ABRT IOT BUS FPE KILL USR1 SEGV USR2 PIPE ALRM TERM
STKFLT CHLD CONT STOP TSTP TTIN TTOU URG XCPU XFSZ VTALRM PROF WINCH IO PWR SYS
UNUSED
现在我们试试fuser -k的威力:
[root@lancy sbin]# fuser -k /mnt/cdrom
/mnt/cdrom: 4561c 5382c
kill 5382: 没有那个进程
No automatic removal. Please use umount /media/cdrom
[root@lancy sbin]# eject
套节字方式的使用:
[root@lancy sbin]# fuser -4 -n tcp 3306
here: 3306
3306/tcp: 5595
[root@lancy sbin]# ps -ef |grep 5595 |grep -v grep
mysql 5595 5563 0 22:24 pts/0 00:00:00 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --socket=/var/lib/mysql/mysql.sock
[root@lancy sbin]# fuser -4 -n tcp 80
here: 80
80/tcp: 5685 5688 5689 5690 5691 5692 5693 5694 5695
List Open Files: lsof and fuser
The function of these commands is very similar. The goal is to determine what processes have certain files open. lsof is freeware and thus freely compilable under all Unixes. It is available by default under Linux only.
The main difference between lsof and fuser is that lsof takes both files/filesystems and PIDs as arguments whereas fuser only accepts files/filesystems.
lsof:
lsof stands for list open files. It lists information about files that are currently open by processes.
In the absence of any options, lsof lists all open files belonging to all active processes
To list all open files for login name ``abe'', or user ID 1234 you would use the -u option. To list files being used by process 456, process 123, or process 789, you would use the -p flag. Putting these criteria together, we would have a command that looks like this:
lsof -p 456,123,789 -u 1234,abe
The command to list all open files on device /dev/hd4, would look like this:
lsof /dev/hd4
To find the process that has /u/abe/foo open, use:
lsof /u/abe/foo
fuser:
fuser is more widely available (under AIX, HP-UX, IRIX, Linux, Solaris, Tru64 UNIX, and others) and can only be run as root. It displays the process ID numbers of processes using the specified files or file systems. In the default display mode, each file name is followed by a letter denoting the type of access (these codes differ from vendor to vendor):
a if the process is using the file as its trace file in /proc (IRIX)
c if the process is using the file as its current directory
e if the process is using the file as the executable being run
f if the process is using the file as an open file (Linux)
m if the process is using the file as a mmaped or shared lib (Linux)
o if the process is using the file as an open file (IRIX, Solaris, Tru64 UNIX))
p if the process is using the file as the parent of its current directory (Tru64 UNIX)
r if the process is using the file as root directory
s if the process is using the file as a shared lib (AIX)
t if the process is using the file as its text file (Solaris)
y if the process is using the file as its controlling terminal (IRIX)
Here is an example of fuser running under Linux:
linux# /usr/sbin/fuser /
/: 1r 1c 2r 2c 3r 3c 4r 4c
252r 252c 275r 275c 286r 286c 300r 314r 328r 328c 342r
342c 356r 356c 374r 374c 385r 385c 396r 396c 411r 411c
412r 412c 413r 413c 414r 414c 415r 415c 416r 416c 417r
417c 418r 418c 419r 419c 420r 420c 455r 470r 470c 485r
485c 500r 500c 538r 538c 539r 539c 540r 540c 541r 541c
542r 542c 543r 543c 544r 544c 546r 546c 548r 548c 551r
551c 556r 569r 591r 597r 610r 612r 614r 614c 618r 626r
628r 636r 646r 7090r 7090c 7092r 7243r 7288r 7288c 7290r 7303r
fuser 和 lsof 可以用于系统安全检查。
用fuser查看哪些用户和进程在某些地方作什么:
fuser -cu /root 简略显示
fuser -muv /mnt3 分列显示
root@steven ~]# fuser -muv !$
fuser -muv /root
用户 进程号 权限 命令
/root: root 1 .rce. (root)init
root 2 .rc.. (root)kthreadd
root 3 .rc.. (root)migration/0
root 4 .rc.. (root)ksoftirqd/0
root 5 .rc.. (root)stopper/0
root 6 .rc.. (root)watchdog/0
root 7 .rc.. (root)events/0
root 8 .rc.. (root)cgroup
root 9 .rc.. (root)khelper
root 10 .rc.. (root)netns
root 11 .rc.. (root)async/mgr
root 12 .rc.. (root)pm
root 13 .rc.. (root)sync_supers
root 14 .rc.. (root)bdi-default
root 15 .rc.. (root)kintegrityd/0
root 16 .rc.. (root)kblockd/0
root 17 .rc.. (root)kacpid
root 18 .rc.. (root)kacpi_notify
root 19 .rc.. (root)kacpi_hotplug
root 20 .rc.. (root)ata_aux
root 21 .rc.. (root)ata_sff/0
root 22 .rc.. (root)ksuspend_usbd
root 23 .rc.. (root)khubd
root 24 .rc.. (root)kseriod
root 25 .rc.. (root)md/0
root 26 .rc.. (root)md_misc/0
root 27 .rc.. (root)linkwatch
root 29 .rc.. (root)khungtaskd
root 30 .rc.. (root)kswapd0
root 31 .rc.. (root)ksmd
root 32 .rc.. (root)khugepaged
root 33 .rc.. (root)aio/0
root 34 .rc.. (root)crypto/0
root 42 .rc.. (root)kthrotld/0
root 43 .rc.. (root)pciehpd
root 45 .rc.. (root)kpsmoused
root 46 .rc.. (root)usbhid_resumer
root 47 .rc.. (root)deferwq
root 79 .rc.. (root)kdmremove
root 80 .rc.. (root)kstriped
root 155 .rc.. (root)scsi_eh_0
root 156 .rc.. (root)scsi_eh_1
root 164 .rc.. (root)mpt_poll_0
root 165 .rc.. (root)mpt/0
root 166 .rc.. (root)scsi_eh_2
root 329 .rc.. (root)kdmflush
root 331 .rc.. (root)kdmflush
root 352 .rc.. (root)jbd2/dm-0-8
root 353 .rc.. (root)ext4-dio-unwrit
root 437 .rce. (root)udevd
root 643 .rc.. (root)vmmemctl
root 748 .rce. (root)udevd
root 779 .rc.. (root)jbd2/sda1-8
root 780 .rc.. (root)ext4-dio-unwrit
root 820 .rc.. (root)kauditd
root 970 .rc.. (root)flush-253:0
root 1029 Frce. (root)auditd
root 1059 Frce. (root)rsyslogd
rpc 1110 frce. (rpc)rpcbind
rpcuser 1133 Frce. (rpcuser)rpc.statd
root 1170 .rc.. (root)rpciod/0
root 1176 .rce. (root)rpc.idmapd
dbus 1213 .rce. (dbus)dbus-daemon
root 1230 Frce. (root)cupsd
root 1261 .rce. (root)acpid
haldaemon 1271 .rce. (haldaemon)hald
root 1272 .rce. (root)hald-runner
root 1304 .rce. (root)hald-addon-inpu
haldaemon 1320 .rce. (haldaemon)hald-addon-acpi
root 1340 Frce. (root)automount
root 1357 Frce. (root)mcelog
root 1375 .rce. (root)sshd
root 1470 Frce. (root)master
postfix 1484 Frce. (postfix)pickup
postfix 1485 Frce. (postfix)qmgr
root 1507 Frce. (root)abrtd
root 1515 frce. (root)abrt-dump-oops
root 1528 Frce. (root)atd
root 1544 Frce. (root)certmonger
root 1587 Frce. (root)miniserv.pl
root 1595 .rce. (root)mingetty
root 1597 .rce. (root)mingetty
root 1599 .rce. (root)mingetty
root 1601 .rce. (root)mingetty
root 1603 .rce. (root)mingetty
root 1605 .rce. (root)mingetty
root 1640 .rce. (root)udevd
root 1665 .rce. (root)sshd
root 1670 .rce. (root)bash
root 1741 .rc.. (root)flush-8:32
root 1742 .rc.. (root)flush-8:16
root 1743 .rc.. (root)flush-8:0
lsof 拥有更多的功能
# lsof -i 看系统中有哪些开放的端口,哪些进程、用户在使用它们,比 netstat -lptu 的输出详细。
# lsof -i 4 查看IPv4类型的进程
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
exim4 2213 Debian-exim 4u IPv4 4844 TCP *:smtp (LISTEN)
dhclient3 2306 root 4u IPv4 4555 UDP *:bootpc
# lsof -i 6 查看IPv6类型的进程
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
exim4 2213 Debian-exim 3u IPv6 4820 TCP *:smtp (LISTEN)
# lsof -i @192.168.1.2 查看与某个具体的IP相关联的进程
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
amule 3620 root 16u IPv4 11925 TCP 192.168.1.2:42556->77.247.178.244:4242 (ESTABLISHED)
amule 3620 root 28u IPv4 11952 TCP 192.168.1.2:49915->118-166-47-24.dynamic.hinet.net:5140 (ESTABLISHED)
# lsof -p 5670 查看PID为5670的进程打开的文件。