Linux Tips I Wish I Knew Long Ago – Finding open files with the proc directory

Recently I ran into an issue with a very basic service where I needed to know which config file it was using but the “ps” command wasn’t showing it as a command line argument.

I knew there was a way to try and find the open files using strace or some of those slightly more obscure linux commands you don’t use to often. However much to my surprise, the /proc directory actually tells you what you want to know without any crazy commands.

Here’s how:
First find the process id of the process you want, for simplicity here we are using apache, though apache passes configs on the command line so lets try to find out about log files instead, those are in the config but not on the command line so work well:

$ps aux | grep httpd
apache   12989  0.0  6.5 459228 39772 ?        S     2013   0:36 /usr/sbin/httpd

So, 12989 is the process we want.

Now look in the /proc/12989/fd directory with a simple “ls -al” (so you can see where the links point to):

lr-x------ 1 root   root   64 Dec  4 00:48 0 -> /dev/null
l-wx------ 1 root   root   64 Dec  4 00:48 1 -> /dev/null
l-wx------ 1 root   root   64 Dec  4 00:48 10 -> /var/log/httpd/ssl_error_log
l-wx------ 1 root   root   64 Dec  4 00:48 11 -> /var/log/httpd/access_log
lrwx------ 1 root   root   64 Dec  4 00:48 12 -> anon_inode:[eventpoll]
l-wx------ 1 root   root   64 Dec  4 00:48 13 -> pipe:[9543070]
l-wx------ 1 root   root   64 Dec  4 00:48 15 -> pipe:[9543071]
l-wx------ 1 root   root   64 Dec  4 00:48 17 -> pipe:[9543072]
l-wx------ 1 root   root   64 Dec  4 00:48 19 -> pipe:[9543077]
l-wx------ 1 root   root   64 Dec  4 00:48 2 -> /var/log/httpd/error_log
l-wx------ 1 root   root   64 Dec  4 00:48 20 -> /var/log/httpd/ssl_access_log
l-wx------ 1 root   root   64 Dec  4 00:48 21 -> /var/log/httpd/ssl_request_log
lr-x------ 1 root   root   64 Dec  4 00:48 22 -> /dev/urandom
lrwx------ 1 root   root   64 Dec  4 00:48 3 -> socket:[7499]
lrwx------ 1 root   root   64 Dec  4 00:48 4 -> socket:[7500]
lrwx------ 1 root   root   64 Dec  4 00:48 5 -> socket:[7503]
lrwx------ 1 root   root   64 Dec  4 00:48 6 -> socket:[7504]
lr-x------ 1 root   root   64 Dec  4 00:48 7 -> pipe:[9543069]
l-wx------ 1 root   root   64 Dec  4 00:48 8 -> pipe:[9543069]
l-wx------ 1 root   root   64 Dec  4 00:48 9 -> /var/log/httpd/error_log

Success! We see exactly which log files are being used, without restarting processes or affecting the running server.

Leave a Reply

Your email address will not be published. Required fields are marked *