转载自：http://blog.chinaunix.net/uid-20615025-id-29840.html

转载自：http://blog.chinaunix.net/uid-20587169-id-1919142.html

fuser命令学习

fuser：使用文件或者套节字来表示识别进程。我常用的他的两个功能：查看我需要的进程和我要杀死我查到的进程。

比如当你想umount光驱的时候，结果系统提示你设备正在使用或者正忙，可是你又找不到到底谁使用了他。这个时候fuser可派上用场了。

[root@lancy sbin]# eject

umount: /media/cdrom: device is busy

umount: /media/cdrom: device is busy

eject: unmount of `/media/cdrom' failed

[root@lancy sbin]# fuser /mnt/cdrom

/mnt/cdrom: 4561c 5382c

[root@lancy sbin]# ps -ef |egrep '(4561|5382)' |grep -v grep

root 4561 4227 0 20:13 pts/1 00:00:00 bash

root 5382 4561 0 21:42 pts/1 00:00:00 vim Autorun.inf

示例中，我想弹出光驱，系统告诉我设备忙着，于是采用fuser命令，参数是你文件或scoket，fuser将查出那些使用了他。

4561c,5382c表示目前用两个进程在占用着/mnt/cdrom，分别是4561,5382,进程ID后的字母表示占用资源的方式，有下面几种表示：

c 当前路径(current directory.)我的理解是表示这个资源的占用是以文件目录方式，也就是进进入了需要释放的资源的路径，这是最常用的资源占用方式。

e 正在运行可执行文件(executable being run.)，比如运行了光盘上的某个程序

f 打开文件( open file)，缺省模式下f忽略。所以上面的例子中，虽然是开打了光盘上的Autorun.inf文件，但是给出的标识是c，而不是f。

r root目录(root directory).没有明白什么意思，难道是说进入了/root这个特定目录？

m mmap文件或者共享库( mmap’ed file or shared library).这应该是说某个进程使用了你要释放的资源的某个共享文件。

其他字母见文章最后的表格

在查找的同时，你还可定指定一些参数，比如

-k 杀死这些正在访问这些文件的进程。除非使用-signal修改信号，否则将发送SIGKILL信号。

-i 交互模式

-l 列出所有已知的信号名称。

-n 空间，选择不同的名字空间，可是file,udp,tcp。默认是file，也就是文件。

-signal 指定发送的信号，而不是缺省的SIGKILL

-4 仅查询IPV4套接字

-6 仅查询IPV6套接字

- 重置所有的选项，将信息设回SIGKILL

再看下面的例子

[root@lancy sbin]# fuser -l

HUP INT QUIT ILL TRAP ABRT IOT BUS FPE KILL USR1 SEGV USR2 PIPE ALRM TERM

STKFLT CHLD CONT STOP TSTP TTIN TTOU URG XCPU XFSZ VTALRM PROF WINCH IO PWR SYS

UNUSED

现在我们试试fuser -k的威力：

[root@lancy sbin]# fuser -k /mnt/cdrom

/mnt/cdrom: 4561c 5382c

kill 5382: 没有那个进程

No automatic removal. Please use umount /media/cdrom

[root@lancy sbin]# eject

套节字方式的使用：

[root@lancy sbin]# fuser -4 -n tcp 3306

here: 3306

3306/tcp: 5595

[root@lancy sbin]# ps -ef |grep 5595 |grep -v grep

mysql 5595 5563 0 22:24 pts/0 00:00:00 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --socket=/var/lib/mysql/mysql.sock

[root@lancy sbin]# fuser -4 -n tcp 80

here: 80

80/tcp: 5685 5688 5689 5690 5691 5692 5693 5694 5695

List Open Files: lsof and fuser

The function of these commands is very similar. The goal is to determine what processes have certain files open. lsof is freeware and thus freely compilable under all Unixes. It is available by default under Linux only.

The main difference between lsof and fuser is that lsof takes both files/filesystems and PIDs as arguments whereas fuser only accepts files/filesystems.

lsof:

lsof stands for list open files. It lists information about files that are currently open by processes.

In the absence of any options, lsof lists all open files belonging to all active processes

To list all open files for login name ``abe'', or user ID 1234 you would use the -u option. To list files being used by process 456, process 123, or process 789, you would use the -p flag. Putting these criteria together, we would have a command that looks like this:

lsof -p 456,123,789 -u 1234,abe

The command to list all open files on device /dev/hd4, would look like this:

lsof /dev/hd4

To find the process that has /u/abe/foo open, use:

lsof /u/abe/foo

fuser:

fuser is more widely available (under AIX, HP-UX, IRIX, Linux, Solaris, Tru64 UNIX, and others) and can only be run as root. It displays the process ID numbers of processes using the specified files or file systems. In the default display mode, each file name is followed by a letter denoting the type of access (these codes differ from vendor to vendor):

aif the process is using the file as its trace file in /proc (IRIX)

cif the process is using the file as its current directory

eif the process is using the file as the executable being run

fif the process is using the file as an open file (Linux)

mif the process is using the file as a mmaped or shared lib (Linux)

oif the process is using the file as an open file (IRIX, Solaris, Tru64 UNIX))

pif the process is using the file as the parent of its current directory (Tru64 UNIX)

rif the process is using the file as root directory

sif the process is using the file as a shared lib (AIX)

tif the process is using the file as its text file (Solaris)

yif the process is using the file as its controlling terminal (IRIX)

Here is an example of fuser running under Linux:

linux# /usr/sbin/fuser /

/: 1r 1c 2r 2c 3r 3c 4r 4c

252r 252c 275r 275c 286r 286c 300r 314r 328r 328c 342r

342c 356r 356c 374r 374c 385r 385c 396r 396c 411r 411c

412r 412c 413r 413c 414r 414c 415r 415c 416r 416c 417r

417c 418r 418c 419r 419c 420r 420c 455r 470r 470c 485r

485c 500r 500c 538r 538c 539r 539c 540r 540c 541r 541c

542r 542c 543r 543c 544r 544c 546r 546c 548r 548c 551r

551c 556r 569r 591r 597r 610r 612r 614r 614c 618r 626r

628r 636r 646r 7090r 7090c 7092r 7243r 7288r 7288c 7290r 7303r

fuser 和 lsof 可以用于系统安全检查。

用fuser查看哪些用户和进程在某些地方作什么：

fuser -cu /root 简略显示

fuser -muv /mnt3 分列显示

root@steven ~]# fuser -muv !$

fuser -muv /root

用户     进程号 权限   命令

/root:               root          1 .rce. (root)init

root          2 .rc.. (root)kthreadd

root          3 .rc.. (root)migration/0

root          4 .rc.. (root)ksoftirqd/0

root          5 .rc.. (root)stopper/0

root          6 .rc.. (root)watchdog/0

root          7 .rc.. (root)events/0

root          8 .rc.. (root)cgroup

root          9 .rc.. (root)khelper

root         10 .rc.. (root)netns

root         11 .rc.. (root)async/mgr

root         12 .rc.. (root)pm

root         13 .rc.. (root)sync_supers

root         14 .rc.. (root)bdi-default

root         15 .rc.. (root)kintegrityd/0

root         16 .rc.. (root)kblockd/0

root         17 .rc.. (root)kacpid

root         18 .rc.. (root)kacpi_notify

root         19 .rc.. (root)kacpi_hotplug

root         20 .rc.. (root)ata_aux

root         21 .rc.. (root)ata_sff/0

root         22 .rc.. (root)ksuspend_usbd

root         23 .rc.. (root)khubd

root         24 .rc.. (root)kseriod

root         25 .rc.. (root)md/0

root         26 .rc.. (root)md_misc/0

root         27 .rc.. (root)linkwatch

root         29 .rc.. (root)khungtaskd

root         30 .rc.. (root)kswapd0

root         31 .rc.. (root)ksmd

root         32 .rc.. (root)khugepaged

root         33 .rc.. (root)aio/0

root         34 .rc.. (root)crypto/0

root         42 .rc.. (root)kthrotld/0

root         43 .rc.. (root)pciehpd

root         45 .rc.. (root)kpsmoused

root         46 .rc.. (root)usbhid_resumer

root         47 .rc.. (root)deferwq

root         79 .rc.. (root)kdmremove

root         80 .rc.. (root)kstriped

root        155 .rc.. (root)scsi_eh_0

root        156 .rc.. (root)scsi_eh_1

root        164 .rc.. (root)mpt_poll_0

root        165 .rc.. (root)mpt/0

root        166 .rc.. (root)scsi_eh_2

root        329 .rc.. (root)kdmflush

root        331 .rc.. (root)kdmflush

root        352 .rc.. (root)jbd2/dm-0-8

root        353 .rc.. (root)ext4-dio-unwrit

root        437 .rce. (root)udevd

root        643 .rc.. (root)vmmemctl

root        748 .rce. (root)udevd

root        779 .rc.. (root)jbd2/sda1-8

root        780 .rc.. (root)ext4-dio-unwrit

root        820 .rc.. (root)kauditd

root        970 .rc.. (root)flush-253:0

root       1029 Frce. (root)auditd

root       1059 Frce. (root)rsyslogd

rpc        1110 frce. (rpc)rpcbind

rpcuser    1133 Frce. (rpcuser)rpc.statd

root       1170 .rc.. (root)rpciod/0

root       1176 .rce. (root)rpc.idmapd

dbus       1213 .rce. (dbus)dbus-daemon

root       1230 Frce. (root)cupsd

root       1261 .rce. (root)acpid

haldaemon   1271 .rce. (haldaemon)hald

root       1272 .rce. (root)hald-runner

root       1304 .rce. (root)hald-addon-inpu

haldaemon   1320 .rce. (haldaemon)hald-addon-acpi

root       1340 Frce. (root)automount

root       1357 Frce. (root)mcelog

root       1375 .rce. (root)sshd

root       1470 Frce. (root)master

postfix    1484 Frce. (postfix)pickup

postfix    1485 Frce. (postfix)qmgr

root       1507 Frce. (root)abrtd

root       1515 frce. (root)abrt-dump-oops

root       1528 Frce. (root)atd

root       1544 Frce. (root)certmonger

root       1587 Frce. (root)miniserv.pl

root       1595 .rce. (root)mingetty

root       1597 .rce. (root)mingetty

root       1599 .rce. (root)mingetty

root       1601 .rce. (root)mingetty

root       1603 .rce. (root)mingetty

root       1605 .rce. (root)mingetty

root       1640 .rce. (root)udevd

root       1665 .rce. (root)sshd

root       1670 .rce. (root)bash

root       1741 .rc.. (root)flush-8:32

root       1742 .rc.. (root)flush-8:16

root       1743 .rc.. (root)flush-8:0

lsof 拥有更多的功能

# lsof -i 看系统中有哪些开放的端口，哪些进程、用户在使用它们，比 netstat -lptu 的输出详细。

# lsof -i 4  查看IPv4类型的进程

COMMAND    PID        USER   FD   TYPE DEVICE SIZE NODE NAME

exim4     2213 Debian-exim    4u  IPv4   4844       TCP *:smtp (LISTEN)

dhclient3 2306        root    4u  IPv4   4555       UDP *:bootpc

# lsof -i 6  查看IPv6类型的进程

COMMAND  PID        USER   FD   TYPE DEVICE SIZE NODE NAME

exim4   2213 Debian-exim    3u  IPv6   4820       TCP *:smtp (LISTEN)

# lsof -i @192.168.1.2  查看与某个具体的IP相关联的进程

COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME

amule   3620 root   16u  IPv4  11925       TCP 192.168.1.2:42556->77.247.178.244:4242 (ESTABLISHED)

amule   3620 root   28u  IPv4  11952       TCP 192.168.1.2:49915->118-166-47-24.dynamic.hinet.net:5140 (ESTABLISHED)

# lsof -p 5670 查看PID为5670的进程打开的文件。

阅读(3088) | 评论(0) | 转发(0) |