pfiles for Linux
Someone asked if there is a Linux equivalent of the [http://www.scit.wlv.ac.uk/cgi-bin/mansec?1+pfiles Solaris pfiles] tool. pfiles is a Solaris proc utility that reports information of all open files by the process id. [http://sources.redhat.com/systemtap/wiki/EugeneTeo Eugene] decided to write a similar tool for Linux using SystemTap.
The script is too long to be listed here. Please download the [attachment:pfiles script] (GPL) instead.
It is based on the example outputs in:
report locked open files [completed 14/10/07]
report pathname information [completed 13/10/07]
report socket information [use lsof for now]
I'm looking for volunteer developer to look into extending this script to report socket information (and maybe other information that are specific to Linux). Take a look at: http://kernelnewbies.org/KernelProjects/pfiles
$ pfiles usage: pfiles pid ... (report open files of each process) $ pfiles `pgrep firefox` | head -n21 3914: -firefox-bin Current rlimit: 256 file descriptors 0: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4 O_RDWR /dev/pts/4 (deleted) 1: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4 O_RDWR /dev/pts/4 (deleted) 2: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4 O_RDWR /dev/pts/4 (deleted) 3: S_IFSOCK mode:0777 dev:0,5 ino:18253 uid:500 gid:500 rdev:0,0 O_RDWR|O_NONBLOCK|O_NDELAY FD_CLOEXEC socket: 4: S_IFREG mode:0664 dev:253,0 ino:16253091 uid:500 gid:500 rdev:0,0 O_WRONLY advisory write lock set by process 3914 /home/eteo/.mozilla/firefox/4b7rsevm.default/.parentlock 5: S_IFIFO mode:0600 dev:0,6 ino:18260 uid:500 gid:500 rdev:0,0 O_RDONLY|O_NONBLOCK|O_NDELAY pipe:
To gather more information about sockets, you can use lsof with pfiles.
$ sudo /usr/sbin/lsof -i | grep `pgrep firefox` firefox-b 3914 eteo 47u IPv4 184119 TCP w.x.y.z:33445->blog3.rhb.hosted.redhat.com:http (ESTABLISHED) firefox-b 3914 eteo 49u IPv4 184209 TCP w.x.y.z:35936->mail.samba.org:http (ESTABLISHED)
You can write very useful systems tools that are not available in Linux with SystemTap. [http://sources.redhat.com/systemtap/wiki/WSPfiles pfiles] and [http://sources.redhat.com/systemtap/wiki/WSPlimit plimit] are excellent examples.
[http://www.cs.ui.ac.id/WebKuliah/IKI10100/resources/contest/OnlineJudge/gnudoc/libc/Descriptor_Flags.html The GNU C Library - Descriptor Flags]
- Macro int FD_CLOEXEC
- This flag specifies that the file descriptor should be closed when an exec function is invoked; see Executing a File. When a file descriptor is allocated (as with open or dup), this bit is initially cleared on the new file descriptor, meaning that descriptor will survive into the new program after exec .
- Macro int FD_CLOEXEC
[http://www.ecst.csuchico.edu/~beej/guide/ipc/flock.html File Locking]
- If you want to only check to see if there is a lock, but don't want to set one, you can use this command. It looks through all the file locks until it finds one that conflicts with the lock you specified in the struct flock. It then copies the conflicting lock's information into the struct and returns it to you. If it can't find a conflicting lock, fcntl() returns the struct as you passed it, except it sets the l_type field to F_UNLCK.
[http://samba.org/ftp/unpacked/junkcode/locktst.c locktst.c test] - Andrew's junkcode rocks!