Tuesday, May 31, 2011

Linux command line to find all open files...

Useful for restoring deleted files that might be held in memory by a running process:

find /proc -type l -wholename "/proc/*/fd/*" -exec ls -l {} \; | egrep -v '.*->.*:.*'
Have you ever accidentally deleted an active apache log file while investigating an issue? Backups are useless since the last one was the night before. You may be in luck, though! If there is a running process holding that file in memory, you can get the in-memory copy of the file from /proc on Linux. Run the above command to list files currently held in memory by processes. To restore, copy the "symlink" back to its original location. This will get you the file in the state that the particular process has in memory. The
egrep
strips out sockets, devices, etc.