Name

fuser - identify processes using files or sockets

Synopsis

fuser [-a|-s|-c] [-4|-6] [-n space ] [-k [-i] [-signal ] ] [-muvf] name
fuser -l
fuser -V

Description

fuser displays the PIDs of processes using the specified files or file systems. In the default display mode, each file name is followed by a letter denoting the type of access:

c

current directory.

e

executable being run.

f

open file. f is omitted in default display mode.

F

open file for writing. F is omitted in default display mode.

r

root directory.

m

mmap’ed file or shared library.

fuser returns a non-zero return code if none of the specified files is accessed or in case of a fatal error. If at least one access has been found, fuser returns zero.

In order to look up processes using TCP and UDP sockets, the corresponding name space has to be selected with the -n option. By default fuser will look in both IPv6 and IPv4 sockets. To change the default, behavior, use the -4 and -6 options. The socket(s) can be specified by the local and remote port, and the remote address. All fields are optional, but commas in front of missing fields must be present:

[lcl_port][,[rmt_host][,[rmt_port]]]

Either symbolic or numeric values can be used for IP addresses and port numbers.

fuser outputs only the PIDs to stdout, everything else is sent to stderr.

Options

-a

Show all files specified on the command line. By default, only files that are accessed by at least one process are shown.

-c

Same as -m option, used for POSIX compatibility.

-f

Silently ignored, used for POSIX compatibility.

-k

Kill processes accessing the file. Unless changed with -signal, SIGKILL is sent. An fuser process never kills itself, but may kill other fuser processes. The effective user ID of the process executing fuser is set to its real user ID before attempting to kill.

-i

Ask the user for confirmation before killing a process. This option is silently ignored if -k is not present too.

-l

List all known signal names.

-m

name specifies a file on a mounted file system or a block device that is mounted. All processes accessing files on that file system are listed. If a directory file is specified, it is automatically changed to name/. to use any file system that might be mounted on that directory.

-n space

Select a different name space. The name spaces file (file names, the default), udp (local UDP ports), and tcp (local TCP ports) are supported. For ports, either the port number or the symbolic name can be specified. If there is no ambiguity, the shortcut notation name/Ispace (e.g. 80/tcp ) can be used.

-s

Silent operation. -u and -v are ignored in this mode. -a must not be used with -s.

-signal

Use the specified signal instead of SIGKILL when killing processes. Signals can be specified either by name (e.g. -HUP) or by number (e.g. -1). This option is silently ignored if the -k option is not used.

-u

Append the user name of the process owner to each PID.

-v

Verbose mode. Processes are shown in a ps-like style. The fields PID, USER and COMMAND are similar to ps. ACCESS shows how the process accesses the file. If the access is by the kernel (e.g. in the case of a mount point, a swap file, etc.), kernel is shown instead of the PID.

-V

Display version information.

-4

Search only for IPv4 sockets. This option must not be used with the -6 option and only has an effect with the tcp and udp namespaces.

-6

Search only for IPv6 sockets. This option must not be used with the -4 option and only has an effect with the tcp and udp namespaces.

-

Reset all options and set the signal back to SIGKILL.

Files

/proc

location of the proc file system

Examples

fuser -km /home kills all processes accessing the file system /home in any way.

if fuser -s /dev/ttyS1; then :; else something; fi invokes something if no other process is using /dev/ttyS1.

fuser telnet/tcp shows all processes at the (local) TELNET port.

Restrictions

Processes accessing the same file or file system several times in the same way are only shown once.

If the same object is specified several times on the command line, some of those entries may be ignored.

fuser may only be able to gather partial information unless run with privileges. As a consequence, files opened by processes belonging to other users may not be listed and executables may be classified as mapped only.

Installing fuser SUID root will avoid problems associated with partial information, but may be undesirable for security and privacy reasons.

udp and tcp name spaces, and UNIX domain sockets can’t be searched with kernels older than 1.3.78.

udp and tcp currently work with IPv6 and IPv4, but the address fields can only be IPv4 addresses.

Accesses by the kernel are only shown with the -v option.

The -k option only works on processes. If the user is the kernel, fuser will print an advice, but take no action beyond that.

Bugs

fuser -m /dev/sgX will show (or kill with the -k flag) all processes, even if you don’t have that device configured. There may be other devices it does this for too.

fuser cannot report on any processes that it doesn’t have permission to look at the file descriptor table for. The most common time this problem occurs is when looking for TCP or UDP sockets when running fuser as a non-root user. In this case fuser will report no access

Authors

Werner Almesberger <werner@almesberger.net>

Craig Small <csmall@small.dropbear.id.au>

See Also

kill(1) , killall(1) , lsof(8) , ps(1) , kill(2) .

Table of Contents

• Name
• Synopsis
• Description
• Options
• Files
• Examples
• Restrictions
• Bugs
• Authors
• See Also