Question
This document describes a few methods that can be used to find files opened by a process. This information can be useful when debugging processes that open too many files, or have a file leak.
Answer
Introduction
A system administrator might find it necessary to obtain information about all files that are currently opened by a process. A process might have a defect that causes it to continuously create files without closing them, or it might open files, read and write to those files, but fail to close the files afterwards. In such cases it is useful to obtain as much information as possible about the files that have been opened by a process to help pinpoint the cause of the problem. AIX has a virtual file system mounted at /proc that provides information about running processes, including the files opened by those processes. AIX also includes a number of commands that can be used to obtain information about files opened by processes. Open Source commands such as lsof can also be used.
/proc File System
The /proc file system is a virtual file system, meaning it does not contain actual files residing on a disk or in RAM. But the /proc file system contains virtual files that can be manipulated just like real files. These virtual files provide information about processes currently running on a system, using standard UNIX commands and methods for accessing files. Under /proc there are virtual directories named with the process IDs (PIDs) of all processes currently running on the system. Inside of each of these directories are more subdirectories. These subdirectories organize all of the available information about running processes. One of the subdirectories is named fd, an abbreviation for file descriptor. Inside fd is a list of virtual files with numbers for file names. These numbers are the file descriptor numbers assigned by the operating system to the real files that have been opened by the process. In the following example, we find that the process with PID 184422 has only one opened file with file descriptor 4.
# cd /proc/184422/fd
# ls -l total 16 -r--r--r-- 1 root system 4811 Jul 12 2004 4
procfiles Command
The AIX procfiles command lists all files opened by a process. For each file the command also provides the inode number for the file, and additional information such as the file size, and uid and gid. Here is an example of procfiles output for the same process with PID 184422 that we found in the /proc file system above.
# procfiles 184422
184422 : /usr/sbin/hostmibd
Current rlimit: 2147483647 file descriptors
4: S_IFREG mode:0444 dev:10,5 ino:13407 uid:0 gid:0 rdev:0,0
O_RDONLY size:4811
Again we see that process 184422 has one opened file with file descriptor 4. File descriptor 4 has major,minor numbers of 10,5 and an inode number of 13407. We can use the following procedure to find the device where the file is located.
# cd /dev
# ls -l | grep "10, *5"
brw-rw---- 1 root system 10, 5 Oct 10 2005 hd2
crw-rw---- 1 root system 10, 5 Oct 10 2005 rhd2
So the device or logical volume that contains the file system in this example is /dev/hd2.
# lsfs | grep hd2
/dev/hd2 -- /usr jfs2 3801088 yes no
This filesystem is mounted at /usr.
We can use the following command to obtain information about the file with file descriptor 4 and inode 13407.
# istat 13407 /usr
Inode 13407 on device 10/5
File Protection: rw-r--r--
Owner: 2(bin) Group: 2(bin)
Link count: 1 Length 4811 bytes
Last updated: Tue Aug 24 16:14:48 CDT 2004
Last modified: Mon Jul 12 11:33:31 CDT 2004
Last accessed: Wed Aug 9 09:16:28 CDT 2006
Block pointers (hexadecimal): 1892c
We can use find command to find all file names in the filesystem /usr with an inode of 13407.
# cd /usr
# find . -inum 13407 -exec ls -l {} \;
-rw-r--r-- 1 bin bin 4811 Jul 12 2004
./lib/nls/msg/en_US/hostmibd.cat
Notice the 1 just before the first bin. This indicates that there is only 1 hard link, meaning the file name hostmibd.cat is the only file name associated with this inode.
pstat Command
The AIX pstat command can be used to list all files opened by a process. Here is an example that finds all files currently opened by the cron process.
# ps -ef | grep cron
root 323762 1 0 Oct 06 - 0:07 /usr/sbin/cron
The PID for cron is 323762, which is 0x4F0B2 in hex.
# pstat -a | grep -i 4F0B2
SLT ST PID PPID PGRP UID EUID TCNT NAME
79 a 4f0b2 1 4f0b2 0 0 1 cron
We can use the slot number to display the file system state info and the file descriptor table. In this example we see that cron has 13 opened files, numbered from 0 to 12.
# pstat -u 79 | grep FILE
FILE SYSTEM STATE
FILE DESCRIPTOR TABLE
# pstat -u 79 | grep -p "FILE DESCRIPTOR TABLE"
FILE DESCRIPTOR TABLE
*ufd: 0xf00000002ff49e20
fd 0: fp = 0xf1000714500080e0 flags = 0x0080 count = 0x0000
fd 1: fp = 0xf100071450007fa0 flags = 0x0080 count = 0x0000
fd 2: fp = 0xf100071450007fa0 flags = 0x0080 count = 0x0000
fd 3: fp = 0xf100071450007780 flags = 0x0080 count = 0x0000
fd 4: fp = 0xf100071450007af0 flags = 0x0080 count = 0x0000
fd 5: fp = 0xf1000714500079b0 flags = 0x0080 count = 0x0000
fd 6: fp = 0xf1000714500066a0 flags = 0x0080 count = 0x0000
fd 7: fp = 0xf100071450008270 flags = 0x0080 count = 0x0000
fd 8: fp = 0xf1000714500081d0 flags = 0x0080 count = 0x0000
fd 9: fp = 0xf100071450008220 flags = 0x0080 count = 0x0000
fd 10: fp = 0xf100071450008180 flags = 0x0080 count = 0x0000
fd 11: fp = 0xf1000714500082c0 flags = 0x0080 count = 0x0001
fd 12: fp = 0xf100071450008130 flags = 0x0081 count = 0x0000
lsof Command
The lsof command is an open source command available for free on the internet. lsof is a very powerful command with many options so we only list a few uses for lsof in this document.
# lsof -u account | wc -l
Displays the total number of open file handles in the specified account.
# lsof -u account | grep pid | wc -l
or
# lsof -p pid
Displays the total number of open files in the specified account name for the specified pid.
lsof indicates if the file descriptor is associated with an open socket or an open file.
Conclusion
The /proc virtual file system and the AIX commands procfiles and pstat can be used to list information about files that are currently opened by a process. This information can be used to investigate processes that are having certain types of problems with files. The open source lsof command is also useful for providing information about files opened by processes, and files opened under specific user accounts.
'*nix' 카테고리의 다른 글
/dev/raw* devices are not visible after upgrading the system to SLES 15 SP4 (0) | 2024.07.27 |
---|---|
wget vs curl (0) | 2017.02.28 |
변수에 입력한 명령결과 출력시 개행문자가 표시되지 않는 경우 (0) | 2017.02.06 |
Updating to a new Technology Level or Service Pack (0) | 2014.09.02 |
Tape Device Names for Specific UNIX Platforms (0) | 2013.12.23 |