How can i detect if a file is open and a file operation is being done on it by another process on linux by using c or c++? I know lsof lists all open files but i dont how it gets that information.
Thx
I'm not sure lsof is actually working like this, but a way to implement it could be this:
get your process' open files by looknig to /proc/$PID/fd/ files.
look to any any other process' /proc/$PID/fd/ in order to see who is reading your same files.
Why don't you look at the lsof source code? It's probably a bit intimidating, but I'm sure you can isolate the two or three interesting syscalls that give it all the relevant information.
lsof iterates over all /proc/*/fd/* this can be seen if you do strace of the lsof command.
Related
I want to run this command:
grep -r <some pattern> /proc
but since reading files in /proc may result in syscallsŲ as a precaution I want to be sure that reading (all of) them
does not have any (dangerous) side effects on kernel.
I have recently read this article about /proc and I think it is very useful and interesting: Making good use of the files in /proc.
As far as I know I can tell you that reading that files wouldn't cause any problem. They represents Linux/Unix statistics and processes.
I am intersted to know how many processes or any other entity whatsover, holds a specific file on the system.
I tried to find a way using lsof (I don't want to aggregate all the holders for effectiveness reasons), but couldn't find anything in the man page.
Please note that I don't mean the inode link count that is counting the hardlink count for this specific file on the fs.
Edit: I know now it is possible to use fuser (mentioned in one of the answers below) to get this information, but fuser uses procfs and therefore it is not very efficient. Does anyone knows of any other tool which doesn't iterate procfs?
Thanks.
Try using following command
fuser filename
You can also try
lslocks
I would like to be able to get a list of all of the file descriptors (now considering this question to pertain to actual files) that a process ever opened during the runtime of the process. The problem with polling /proc/(PID)/fd/ is that you only get a snapshot in time of what is currently open. Is there a way to force linux to keep this information around long enough to log it for the entire run of the process?
First, notice that a file descriptor which is open-ed then close-d by the application is recycled by the kernel (a future open could give the same file descriptor). See open(2) and close(2) and read Advanced Linux Programming.
Then, consider using strace(1); you'll be able to log all the syscalls (or perhaps just open, socket, close, accept, ... that is the syscalls changing the file descriptor table). Of course strace is using the ptrace(2) syscall (which you probably don't want to bother using directly).
The simplest way would be to run strace -o /tmp/mytrace.tr yourprog argments... and to look, e.g. with some pager like less, into the quite big /tmp/mytrace.tr file.
As Gearoid Murphy commented you could restrict the output of strace using e.g. -e trace=file.
BTW, to debug Makefile-s this is the wrong approach. Learn more about remake.
I want to monitor the current working directory of an arbitrary process with a given PID under Linux.
My idea is to use inotify on the procfs. Every process has its own directory under /proc/PID and there is a symlink pointing to the actual working directory /proc/PID/cwd
I want to get notified when this symlink changes, but if I put a watch on the symlink it will start watching the directory the symlink points to.
Any ideas?
You may as well use strace and watch it for making chdir() system calls - as those really are the only way to change the current working directory.
This is really a debugger-style requirement, and you're going to need to use debug interfaces to achieve it.
Are you looking for this? From man page:
The following further bits can be specified in mask when calling
inotify_add_watch(2):
IN_DONT_FOLLOW (since Linux 2.6.15)
Don't dereference pathname if it is a symbolic link.
I don't think that you can. procfs is not a real file system, it is only generated on demand when you read from it.
From time to time, a file that I'm interested in is modified by some process. I need to find out which process is modifying this file. Using lsof will not work, nor does kqueue. Is this possible under FreeBSD and Linux?
On Linux, there's a kernel patch floating around for inotify. However, some have said this is rarely useful and that it can be a security risk. In any case, here's the patch.
Apart from that, I'm not sure there's any way to get the PID, either with inotify or dnotify. You could investigate further (e.g. search for pid dnotify or pid inotify), but I believe it isn't likely.
On FreeBSD, perhaps it should be best if you check its auditing features.
Linux has an audit daemon http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
See also auditd homepage
You can see which processes opened a file just installing and using lsof (LiSt Open Files) command.