pfiles for Linux

Problem

Someone asked if there is a Linux equivalent of the [http://www.scit.wlv.ac.uk/cgi-bin/mansec?1+pfiles Solaris pfiles] tool. pfiles is a Solaris proc utility that reports information of all open files by the process id. [http://sources.redhat.com/systemtap/wiki/EugeneTeo Eugene] decided to write a similar tool for Linux using SystemTap.

Scripts

The script is too long to be listed here. Please download the [attachment:pfiles script] (GPL) instead.

It is based on the example outputs in:

TODO:

I'm looking for volunteer developer to look into extending this script to report socket information (and maybe other information that are specific to Linux). Take a look at: http://kernelnewbies.org/KernelProjects/pfiles

Output

$ pfiles
usage:  pfiles pid ...
  (report open files of each process)
$ pfiles `pgrep firefox` | head -n21 
3914:  -firefox-bin
  Current rlimit: 256 file descriptors
   0: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4
      O_RDWR 
      /dev/pts/4 (deleted)
   1: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4
      O_RDWR 
      /dev/pts/4 (deleted)
   2: S_IFCHR mode:0620 dev:0,11 ino:6 uid:500 gid:500 rdev:136,4
      O_RDWR 
      /dev/pts/4 (deleted)
   3: S_IFSOCK mode:0777 dev:0,5 ino:18253 uid:500 gid:500 rdev:0,0
      O_RDWR|O_NONBLOCK|O_NDELAY FD_CLOEXEC
      socket:[18253]
   4: S_IFREG mode:0664 dev:253,0 ino:16253091 uid:500 gid:500 rdev:0,0
      O_WRONLY 
      advisory write lock set by process 3914
      /home/eteo/.mozilla/firefox/4b7rsevm.default/.parentlock
   5: S_IFIFO mode:0600 dev:0,6 ino:18260 uid:500 gid:500 rdev:0,0
      O_RDONLY|O_NONBLOCK|O_NDELAY 
      pipe:[18260]

To gather more information about sockets, you can use lsof with pfiles.

$ sudo /usr/sbin/lsof -i | grep `pgrep firefox`
firefox-b  3914    eteo   47u  IPv4 184119       TCP w.x.y.z:33445->blog3.rhb.hosted.redhat.com:http (ESTABLISHED)
firefox-b  3914    eteo   49u  IPv4 184209       TCP w.x.y.z:35936->mail.samba.org:http (ESTABLISHED)

Lessons

You can write very useful systems tools that are not available in Linux with SystemTap. [http://sources.redhat.com/systemtap/wiki/WSPfiles pfiles] and [http://sources.redhat.com/systemtap/wiki/WSPlimit plimit] are excellent examples.

Reference


WarStories