How to find out with which access modes/flags a file was opened by an application?
Issue :
We want to find out that with which access modes/flags a file was opened by as application?
Platform :
Red Hat Enterprise Linux(RHEL) All versions and its Supportive like Fedora, Centos etc.
Resolution:
The command
lsof +f g can be used to see the access modes/flags of all open handles. The command lsof +f g can be used to see the access modes/flags of handles opened by a specific process id.
An example output:
COMMAND PID USER FD TYPE FILE-FLAG DEVICE SIZE/OFF NODE NAME
[...]
init 1 root 0u CHR RW,LG 1,3 0t0 3649 /dev/null
init 1 root 1u CHR RW,LG 1,3 0t0 3649 /dev/null
init 1 root 2u CHR RW,LG 1,3 0t0 3649 /dev/null
init 1 root 3r FIFO ND 0,8 0t0 6911 pipe
init 1 root 4w FIFO W,ND 0,8 0t0 6911 pipe
[...]
rsyslogd 1082 root 1w REG W,AP,LG,0x80000 252,3 360 11046 /var/log/messages
rsyslogd 1082 root 2w REG W,AP,LG,0x80000 252,3 2041 11018 /var/log/cron
rsyslogd 1082 root 3r REG LG,0x80000 0,3 0 4026532037 /proc/kmsg
rsyslogd 1082 root 4w REG W,AP,LG,0x80000 252,3 199 11066 /var/log/secure
[...]
auditd 1414 root 5w REG W,AP,NFLK,LG 252,3 76199 10526 /var/log/audit/audit.log
auditd 1414 root 6u unix RW 0xffff88003b728080 0t0 9906 socket
auditd 1414 root 8u REG RW 0,9 0 3647 anon_inode
[...]
The file flag abbreviations in column FILE-FLAG are explained in the manpage of
lsof, accessable via man lsof. An excerpt: AIO asynchronous I/O (e.g., FAIO)
AP append
ASYN asynchronous I/O (e.g., FASYNC)
[...]
CR create
[...]
EX open for exec
EXCL exclusive open
FSYN synchronous writes
[...]
NB non-blocking I/O
NBDR NBF n-buffering in effect
NC no cache
[...]
Root Cause
Files can be opened by applications with several access modes (i.e. O_WRONLY, or O_RDWR) and flags (i.e. O_CREAT, O_EXCL or O_NOCTTY).
No comments:
Post a Comment