List Open Files

 in

If you try to unmount a partition and get a message like this:

# umount /media/usbdisk/
umount: /media/usbdisk: device is busy

use the lsof command to find out what programs are using what files:

# lsof /media/usbdisk/
COMMAND  PID USER  FD TYPE DEVICE SIZE NODE NAME
bash    6925 root cwd  DIR   8,17 4096    1 /media/usbdisk/
xmms    6979 root cwd  DIR   8,17 4096    1 /media/usbdisk/

This shows that the programs bash and xmms are using the device. For an even clearer picture, use the device name rather than the mountpoint:

# lsof /dev/sdb1
COMMAND  PID USER  FD TYPE DEVICE    SIZE NODE NAME
bash    6925 root cwd  DIR   8,17    4096    1 /media/usbdisk
xmms    6979 root cwd  DIR   8,17    4096    1 /media/usbdisk
xmms    6979 root  8r  REG   8,17 2713101  377 /media/usbdisk/a.mp3

You either can wait until those processes exit or terminate them manually.

______________________

Jagadish Kavuturu

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

That's crazy! but what the hey, sometimes we're lazy :)

maskedfrog's picture

Thanx for the tip Anthony,
THAT will come in handy. The times I've waited for a cd to umount
and waited...and waited...and gave up and rebooted :-(
More apt to use in the examples shown though, waiting for a process to finish and don't want to forget to umount so just do it the "lazy" way.
Uptimes should shoot thru the roof now :-))

Slow

Hatta's picture

In my experience 'lsof' is extremely slow. So slow that I can log off and log back on before I'd expect lsof to finish. Are there any tricks to speed it up to the point that it's usable?

lsof is NOT slow at all.

VIKAS's picture

lsof is NOT slow at all.
I believe there would be other problems with your machine.

A very powerful command

SteveC's picture

The lsof command is far more powerful than the article implies. It's worth spending some time reading the documentation. My most common use is to locate connections with the -i option:

# all tcp connections
lsof -i tcp

# connections to mail server on 10.2.3.4
lsof -i 10.2.3.4:25

# What's connected to my PostgreSQL server via TCP/IP?
lsof -i :5432

# What is my browser connected to?
lsof -i :80

Killing with fuser

Anonymous's picture

If
    lsof +D [device]
shows nothing

you can use
    fuser -m [device]
to show processes that say that are using the device.

and you can use
    fuser -km [device]
to directly kill them all

Doesn't always work

Ivan V's picture

Unfortunately, many times, neither lsof nor fuser have worked for me (the device says busy but nothing comes up)...

The only solution in those cases is for me to logoff or try to find a possible culprit.

Thanks! That's a cool trick!

Durand's picture

Thanks! That's a cool trick!

Thanks, a much needed tip.

Anonymous's picture

Thanks, a much needed tip.

Nice tip

vinit's picture

Thanks for the gr8 tip.

Short and to the point

Anonymous's picture

Short and to the point Howto. Nice.

Don't forget fuser!

Devin's picture

You can also use fuser if you know which directory or file is open and you want to find the offending process.

fuser [file]

You can also use the "lazy

Anthony Lawrence's picture

You can also use the "lazy umount" - see http://aplawrence.com/Linux/lazy-unmount.html for examples.

White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers

Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.

Learn More

Sponsored by AMD

White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions