Suppose you are given a task to identify the processes that are using a particular file, and then kill them one by one – all this has to be done from the command line. What would you do? Well, if you are a command line newbie, I am sure you’d be clueless, asking around for help.
But command line pros will likely have an idea that there exists a command line utility in Linux that lets you identify processes based on the files (or directories, or sockets) they are accessing. Not only that, the tool also allows you to kill these processes, so you don’t have to use the kill or killall commands separately. The command line utility we’re talking about is fuser.
If you aren’t yet aware of this utility and want to understand how to use it, look no further, as in this article, we will discuss fuser in detail, through some easy to understand examples.
But before we move ahead, please keep in mind that all the examples, command, and instructions mentioned in this tutorial have been tested on Ubuntu 16.04 LTS, and the fuser command version that we’ve used is 22.21.
Linux fuser command
The fuser command – as I’ve already mentioned above – is primarily used to identify processes using files, directories, or sockets. The tool basically displays the PIDs of processes that are using the file whose name is passed as argument to the command.
Here’s the fuser command in action in its most basic form:
As clear from the screenshot above, we tried using fuser to know which processes are using the /home/himanshu directory, and the command – in its output – produced a list of process IDs. So far so good, but there are couple of problems here.
Firstly, what’s that ‘c’ appended to each PID? A quick look at the command’s man page reveals that in the default display mode, the fuser command not only displays the PIDs of processes accessing the file or directory, but displays the type of access as well.
Each type of access is denoted by a letter:
- c – current directory.
- e – executable being run.
- f – open file. f is omitted in default display mode.
- F – open file for writing. F is omitted in default display mode.
- r – root directory.
- m – mmap’ed file or shared library.
Now, coming back to the example we were discussing, the letter ‘c’ in the output indicates that all the process whose PIDs are listed in the output are accessing the /home/himanshu directory as their current directory.
Keep in mind that a process can have multiple type of accesses for a file or directory. For example, the following output shows that the root (/) directory is being accessed by many processes as their current as well as root directory.
Up until now, the fuser output we’re seeing contains only process IDs, and nothing more than that. Won’t it be better if the process names are also displayed? Well, for that you need to use the -v command line option. Following is an example:
Moving on, to append the user name of the process owner to each PID, use the -u command line option. Here’s an example for that:
Note: If the file or directory in question is located on a mounted file system or a block device, then use the -m command line option. “All processes accessing files on that file system are listed,” the man page says. “If a directory file is specified, it is automatically changed to NAME/. to use any file system that might be mounted on that directory.”
How to kill processes using fuser
Now that we’ve discussed the fuser basics, let’s come to the task I mentioned in the beginning – how to kill processes using fuser? Let’s take a simpler example for this case. What I’ll do is, I’ll run an executable and while it’s running, I’ll try killing the process using fuser.
So, here’s the executable that has been launched:
And here’s the fuser command that should ideally kill the process initiated by the test-fuser executable.
fuser -v -k test-fuser
Oh, before I go ahead and execute this command, let me tell you that the -k command line option tells fuser to kill the process (or processes) using the file or directory.
Here’s what happened when the above mentioned command was executed:
As clear from the screenshot above, using the -k command line option with fuser killed the test-fuser process. To make sure that the fuser command asks for user’s confirmation before killing a process, use the -i option. See example below:
Following are a couple of important fuser-related details that you should know while using the -k option:
- With -k, the fuser command sends the SIGKILL signal by default. But you can change this behaviour by using the -SIGNAL option.
- An fuser process never kills itself, but may kill other fuser processes.
fuser – other details
Aside from the information mentioned so far, there are several other details that are worth keeping in mind. All that information can be accessed by heading to the command’s man page. For example, following is the information that the fuser man page lists in the ‘Restrictions’ section:
Processes accessing the same file or file system several times in the same way are only shown once. If the same object is specified several times on the command line, some of those entries may be ignored. fuser may only be able to gather partial information unless run with privileges. As a consequence, files opened by processes belonging to other users may not be listed and executables may be classified as mapped only. Installing fuser SUID root will avoid problems associated with partial information, but may be undesirable for security and privacy reasons. udp and tcp name spaces, and UNIX domain sockets can't be searched with kernels older than 1.3.78. Accesses by the kernel are only shown with the -v option. The -k option only works on processes. If the user is the kernel, fuser will print an advice, but take no action beyond that.
As you would have understood by now, fuser is an extremely useful command line utility in Linux. The good thing is that the tool is neither hard to understand, nor to use, so even newbies can easily get started with it. One aspect we didn’t touch here is that the command allows you to identify and even kill processes running on particular ports, making it a hard-to-ignore tool for network admins as well.