获取 OS X 中打开的文件（描述符）列表

Question

I would like to get a list of open files in a process on os x (10.9.1). In Linux I was able to get this from /proc/PID/fd . However I'm not sure how to get the same on OS X. I found that the procfs is not present on the OS X (by default. possible implementations present, but I do not want to go that way).

So how do I get (natively) the list of open files in a process on OS X. One way is lsof . is there any other support available? please let me know where I can get more info on this.

Thanks.

Answer 1

I had a hard time getting Activity Monitor to show open files for a process that was running as root (via sudo). The original question mentions lsof , and it does the trick exactly. If you know the process name or PID, it's super quick.

Find processes by name:

lsof -c processname

Find processes by PID:

lsof -p 123

(Prefix with sudo as needed, such as if you are not the owner of the process.)

Answer 2

At least on OSX 10.10 (Yosemite, didn't check on Mavericks), you can get the list of open files by process via the default activity monitor application. Just double click on the relevant process on the list and select "Open Files and Ports" tab on the popup.

Tip: cmd+f shortcut on that pane allows for searching and highlighting on the content.

Answer 3

This works for some things:

sudo fs_usage | grep dev

for /dev/ files or similar.

Answer 4

The clean and simple approach to inspect the current process ( ie the equivalent of /proc/self/fd on Linux) is to use ls /dev/fd/ :

eg

$ touch "file"
$ exec 3<>file

$ ls /dev/fd/    

0 1 2 3

Answer 5

列出 /Volumes/VolumeName 上的打开文件：

lsof | grep "/Volumes/VolumeName"

Answer 6

I use the What's Open application that is very handfull (with filters, disk selection, ...).

You can find it there : http://whatsopen.en.softonic.com/mac .

Answer 7

Since you asked "Is there any other support [than lsof] available?", try this:

Create a command line tool using the "proc_pidinfo" C API referenced in the selected answer to this question: How can I programmatically get the list of open file descriptors for a given PID on OS X?

You can use proc_pidinfo with the PROC_PIDLISTFDS option to enumerate the files used by a given process. You can then use proc_pidfdinfo on each file in turn with the PROC_PIDFDVNODEPATHINFO option to get its path.

Answer 8

"You can get the list of open files by process via the default activity monitor application. Just double click on the relevant process on the list and select "Open Files and Ports" tab on the popup." But "you had a hard time getting Activity Monitor to show open files for a process that was running as root (via sudo) or others user".

So just run Active Monitor by sudo, that`s it

sudo /Applications/Utilities/Activity\ Monitor.app/Contents/MacOS/Activity\ Monitor

Answer 9

lsof -c /^74016$/ -d^txt -FcfadDtns0

The -F instructs lsof to produce output suitable for consumption by another process, such as Perl or awk. In man lsof search for OUTPUT FOR OTHER PROGRAMS for details. The characters that come after -F represent a field you want to select for output. The output then puts each of these characters in front of the respective field. Example output:

p212^@cloginwindow^@
fcwd^@a ^@tDIR^@D0x1000004^@s704^@n/^@
f0^@ar^@tCHR^@D0xf218cacb^@n/dev/null^@
f1^@au^@tCHR^@D0xf218cacb^@n/dev/null^@
f2^@au^@tCHR^@D0xf218cacb^@n/dev/null^@
f3^@ar^@tREG^@D0x1000004^@s216424^@n/Library/Application Support/CrashReporter/SubmitDiagInfo.domains^@
f4^@ar^@tREG^@D0x1000004^@s77^@n/private/etc/security/audit_user^@
f5^@ar^@tREG^@D0x1000004^@s652^@n/private/etc/security/audit_class^@
f6^@ar^@tREG^@D0x1000004^@s358^@n/private/etc/security/audit_control^@
f7^@ar^@tREG^@D0x1000004^@s111033^@n/System/Library/Frameworks/CoreImage.framework/Versions/A/Resources/ci_stdlib.metallib^@
f8^@au^@tIPv4^@d0xc401abd77f1dd1d9^@n*:*^@
f9^@ar^@tREG^@D0x1000004^@s308316^@n/System/Library/Frameworks/CoreImage.framework/Versions/A/Resources/ci_filters.metallib^@
f10^@au^@tREG^@D0x1000004^@s1536^@n/private/var/folders/4g/3lkhwv6n7_76_1s8snscvhxc0000gp/C/com.apple.loginwindow/com.apple.metal/3902/libraries.maps^@
f11^@au^@tREG^@D0x1000004^@s65536^@n/private/var/folders/4g/3lkhwv6n7_76_1s8snscvhxc0000gp/C/com.apple.loginwindow/com.apple.metal/3902/libraries.data^@
f12^@au^@tREG^@D0x1000004^@s1536^@n/private/var/folders/4g/3lkhwv6n7_76_1s8snscvhxc0000gp/C/com.apple.loginwindow/com.apple.metal/Intel(R) HD Graphics 630/functions.maps^@
f13^@au^@tREG^@D0x1000004^@s131072^@n/private/var/folders/4g/3lkhwv6n7_76_1s8snscvhxc0000gp/C/com.apple.loginwindow/com.apple.metal/Intel(R) HD Graphics 630/functions.data^@
p421^@ccoreauthd^@
fcwd^@a ^@tDIR^@D0x1000004^@s704^@n/^@
f0^@ar^@tCHR^@D0xf218cacb^@n/dev/null^@
f1^@au^@tCHR^@D0xf218cacb^@n/dev/null^@
f2^@au^@tCHR^@D0xf218cacb^@n/dev/null^@
p537^@cUserEventAgent^@
fcwd^@a ^@tDIR^@D0x1000004^@s704^@n/^@
f0^@ar^@tCHR^@D0xf218cacb^@n/dev/null^@
f1^@au^@tCHR^@D0xf218cacb^@n/dev/null^@
f2^@au^@tCHR^@D0xf218cacb^@n/dev/null^@
f3^@au^@tunix^@d0xc401abd77b9c8579^@n->0xc401abd77b9c8709^@
f4^@au^@tunix^@d0xc401abd77b9c7129^@n->0xc401abd77b9c8899^@