How to interpret this output of lsof command?

COMMAND     PID     USER   FD   TYPE DEVICE SIZE/OFF     NODE NAME
webalizer 32342 ctxmortg    5uW  REG   8,17    12288 32890954 /home2/ctxmortg/tmp/webalizer/eyebestdatedotcomauph.ctxmortgagemortgagerefi.com/dns_cache.db

FD - File Descriptor

If you are looking for file being written, look for following flag

# - The number in front of flag(s) is the file descriptor number of used by the process to associated with the file
u - File open with Read and Write permission
r - File open with Read permission
w - File open with Write permission
W - File open with Write permission and with Write Lock on entire file
mem - Memory mapped file, usually for share library

So 3r means webalizer has a descriptor number 3 associated with ...dns_cache.db, with read permission.

TYPE - File Type

In Linux, almost everything are files, but with different type.

REG - REGgular file, file that show up in directory
DIR - Directory

NODE

inode number in filesystem

You can find complete details in the man page.


Information on the meanings of the columns can be found in the lsof(8) manpage. I will address the ones you are asking about specifically.

cwd => current working directory
3r  => file descriptor 3 opened for reading
DIR => directory
REG => regular file

In order to unmount the drive, you will likely need to stop your webserver, and kill the webalizer process (since it's usually a batch job ran from cron).


In this scenario I usually use lsof in combination with ps to find out who is holding the device busy.

Let's take a example with a usb stick that was mounted as /media/disk-1

$> sudo umount /media/disk-1 
[sudo] password for cj: 
umount: /media/disk-1: device is busy.
        (In some cases useful info about processes that use
         the device is found by lsof(8) or fuser(1))

So I then try to find out who is holding the device with lsof.

$> lsof | grep disk-1
bash       7822         cj  cwd       DIR       8,33      16384          1 /media/disk-1

And since column 2 is the pid holding we can get the name of that process with ps.

$> ps -A | grep 7822
7822 pts/1    00:00:00 bash

Now that bash comes from a terminal that was open in a dir on the device, so at this point I could either close or kill that terminal so the device would be free again.

Update I don't think I answered the question, but maybe it could be helpful for someone else so I leave it anyway.

Tags:

Lsof

Recent Posts